Text 17819, 130 rader
Skriven 2007-05-08 14:17:36 av Glenn Meadows (1:379/45)
  Kommentar till text 17793 av Joe Hunt (1:379/45)
Ärende: Re: T-Mobile plans phones that can use Wi-Fi
====================================================
From: "Glenn Meadows" <gmeadow@comcast.net>

Read this poor ladies plight to see what bad shit you can get into with ID
Theft..

http://redtape.msnbc.com/2007/05/id_thief_bounce.html#posts

--

Glenn M.
"Joe Hunt" <jhunt@dslextreme.com> wrote in message
news:spgt33d0mcsck9pps6qarlb3ju7rfn3e60@4ax.com...
> Perhaps it will take a class action lawsuit against a company such as
> TJX.  I'm not a fan of class actions, but this is a case where it
> might be necessary.  As of now, the banks and credit card companies
> are responsible for losses.
>
> I know that the WSJ  is a subscriber-only site, and I don't usually
> post large segments of its copyrighted articles, but I'm not sure how
> widely circulated this story is.
>
> Joe
>
> --------
>
> http://online.wsj.com/article/SB117824446226991797-search.html?KEYWORDS=TJX+s
t.+paul&COLLECTION=wsjie/6month
>
> BREAKING THE CODE
> How Credit-Card Data
> Went Out Wireless Door
> Biggest Known Theft
> Came from Retailer
> With Old, Weak Security
> By JOSEPH PEREIRA
> May 4, 2007; Page A1
>
> The biggest known theft of credit-card numbers in history began two
> summers ago outside a Marshalls discount clothing store near St. Paul,
> Minn.
>
> There, investigators now believe, hackers pointed a telescope-shaped
> antenna toward the store and used a laptop computer to decode data
> streaming through the air between hand-held price-checking devices,
> cash registers and the store's computers. That helped them hack into
> the central database of Marshalls' parent, TJX Cos. in Framingham,
> Mass., to repeatedly purloin information about customers.
>
> The $17.4-billion retailer's wireless network had less security than
> many people have on their home networks, and for 18 months the company
> -- which also owns T.J. Maxx, Home Goods and A.J. Wright -- had no
> idea what was going on. The hackers, who have not been found,
> downloaded at least 45.7 million credit- and debit-card numbers from
> about a year's worth of records, the company says. A person familiar
> with the firm's internal investigation says they may have grabbed as
> many as 200 million card numbers all told from four years' records.
>
> <snip>
>
> When wireless data networks exploded in popularity starting around
> 2000, the data was largely shielded by a flawed encoding system called
> Wired Equivalent Privacy, or WEP, that was quickly pierced. The danger
> became evident as soon as 2001, when security experts issued warnings
> that they were able to crack the encryption systems of several major
> retailers.
>
> By 2003, the wireless industry was offering a more secure system
> called Wi-Fi Protected Access or WPA, with more complex encryption.
> Many merchants beefed up their security, but others including TJX were
> slower to make the change. An auditor later found the company also
> failed to install firewalls and data encryption on many of its
> computers using the wireless network, and didn't properly install
> another layer of security software it had bought. The company declined
> to comment on its security measures.
>
> The hackers in Minnesota took advantage starting in July 2005. Though
> their identities aren't known, their operation has the hallmarks of
> gangs made up of Romanian hackers and members of Russian organized
> crime groups that also are suspected in at least two other U.S. cases
> over the past two years, security experts say. Investigators say these
> gangs are known for scoping out the least secure targets and being
> methodical in their intrusions, in contrast with hacker groups known
> in the trade as "Bonnie and Clydes" who often enter and exit quickly
> and clumsily, sometimes strewing clues behind them.
>
> The TJX hackers did leave some electronic footprints that show most of
> their break-ins were done during peak sales periods to capture lots of
> data, according to investigators. They first tapped into data
> transmitted by hand-held equipment that stores use to communicate
> price markdowns and to manage inventory. "It was as easy as breaking
> into a house through a side window that was wide open," according to
> one person familiar with TJX's internal probe. The devices communicate
> with computers in store cash registers as well as routers that
> transmit certain housekeeping data.
>
> After they used that data to crack the encryption code the hackers
> digitally eavesdropped on employees logging into TJX's central
> database in Framingham and stole one or more user names and passwords,
> investigators believe. With that information, they set up their own
> accounts in the TJX system and collected transaction data including
> credit-card numbers into about 100 large files for their own access.
> They were able to go into the TJX system remotely from any computer on
> the Internet, probers say.
>
> <snip>
>
> On Sun, 6 May 2007 23:20:49 -0400, "Geo." <georger@nls.net> wrote:
>
>>"mike" <mike@barkto.com> wrote in message
>>news:misr33l1ng9iccul18t9kbrurr1tttbtsq@4ax.com...
>>
>>> service.  The SSID is the Verizon account number of the DSL subscriber,
>>> and no security is set up to reduce support calls.....
>>
>>I run my wireless wide open so that it's less trouble getting additional
>>devices connected, it doesn't do wpa/2 so why bother?
>>
>>But I think the question of why these devices allow wide open at all is
>>something that should be asked.  Why don't wireless routers come without
>>the
>>option to not use encryption? For that matter, why doesn't every cisco
>>router (1700 series on up) and every dns server come preconfigured to
>>block
>>passing RFC1918 space?
>>
>>Geo.
>

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)