Welcome to the SecAware blog

I spy with my beady eye ...

17 Dec 2011

419s still dribbling in

Fresh from my inbox:
"Dear Sir/Madam

We regret to inform that your Visa/Mastercard secure has been set off because to many attendings, and we beleive that others were ussing your details.

Please download the attach  to reactivate the account."
Yeah, right.

To many attendings, eh?  Others ussing my details?  Unbeleivable.

I'm still troubled by the memory of a printed sign I saw in the lobby of a hotel in Sierra Leone, along the lines of "419ers are not permitted here".  Actually I wish I had photographed it for posterity.  Ho hum.

Gary (Gary@isect.com)

10 Dec 2011

Outsourcing POS IT

From Wired
"Four Romanian nationals have been charged with hacking card-processing systems at more than 150 Subway restaurants and 50 other unnamed retailers, according to an indictment unsealed Thursday ... The hackers allegedly scanned the internet to identify vulnerable POS systems with certain remote desktop software applications installed on them, and then used the applications to log into the targeted POS system, either by guessing the passwords or using password-cracking software programs."
Which begs the obvious question: why would anyone put their Point Of Sale systems on the Internet, with remote desktop software to boot?  The answer presumably involves the millions of retail outlets that don't have an in-house IT function but rely on external 'point of sale IT specialists' to install, manage and maintain their card readers and often the electronic tills, accounting and stock management systems.

I wonder if the mom-n-pop retailers are sufficiently aware of information security to even be concerned about the implications of outsourcing their IT in this way?

I wonder if the Subway group offers IT support to its franchisees, or recommends/uses local POS IT people?

The POS IT specialists, meanwhile, presumably have the expertise either to do their jobs well and protect their customers (and their customers) or to pull the wool over their customers' eyes.  I wonder how many manage to slip right under the PCI-DSS radar?


1 Dec 2011

Sign of the times: M$ hard-up

Wow!  Lucky me!  I've won a prize from the MSN Foundation!

I guess Microsoft must have fallen on hard times.

[Endless junk like this leaches bandwidth from the network, wastes processing cycles, consumes bytes on disk and exercises my grey matter (admittedly, not a lot).  I guess the cretins sending it have nothing better to do except annoy the rest of us.]

Gary (Gary@isect.com)