Hannaford Breach Followup: Malware on All of Their Servers

By PatB
Contributing Writer, [GAS]

“All your groceries are belong to us.”

According to a ComputerWorld article, the Hannaford Breach was not just a single keylogger installed at a critical point in the enterprise. Malware was installed on each and every server that handled the credit card processing at their stores in New England, Florida and New York. That’s a lot of breaches.

From CW here:

Hannaford Bros. Co. disclosed this week that the intruders who stole up to 4.2 million credit and debit card numbers from the grocer’s systems did so by planting malware programs on servers at each of its stores in New England, New York and Florida.

The malicious software was used to intercept the payment card data as the information was being transmitted from Hannaford’s point-of-sale systems to authorize transactions. The malware then forwarded the stolen card numbers as well as their expiration dates to an overseas destination.

The discovery of the mass malware installation prompted a wholesale replacement of Hannaford’s store servers. In addition to disclosing that the malware had been installed on all of Hannaford’s store servers it was designed to intercept the so-called Track 2 data that is stored in the magnetic stripe on the back of payment cards. The malware then batched the card numbers and expiration dates and “periodically transmitted the data to an offshore ISP.

The article goes on to note that Hannaford is still not sure how someone broke into the system, and laughably, they even think maybe an insider was to blame. But a network so poorly protected to allow hundreds of servers to be breached without notice and to allow data to be exfiltrated for months points more readily to poor design, poor management, and poor security.

The most likely scenario was a simple breach of a workstation by a trojan horse program installed by an unwitting employee. The operator of the trojan then simply scanned the internal network and realized that there were no safeguards in place and proceeded to backdoor each server.

At least Hannaford is proceeding with recovery in accordance with best practices. They are replacing the breached servers with new fully patched systems to avoid any lingering malware that may reside on a system that was simply “cleaned.” The old hard drives are likely in the hands of the FBI and Secret Service for forensic analysis.

10 Must-Read Books for Geeks – Part I

By Patrick Biz
Contributing Writer, [GAS]

In this two-post series, I will share my thoughts and recommendations on what I consider to be great books for the geek nation. I have paid attention to cover a wide variety of topics that fall into one large common category: technology. These must-read books can all be purchased online from Amazon.

Continue reading



Stuck for an April Fool’s joke? Let Microsoft help you out

By Mark O’Neill

I am not normally a big April Fools person but when I saw this joke this morning, I couldn’t resist trying it out – and it comes from Microsoft ironically enough.

It’s the Blue Screen of Death screensaver and when your hapless victim has their back turned, just install it on their computer, activate it and then say “oh look, your computer has that funny blue screen thingie”.

I tried it on my girlfriend and before I could say “let’s buy an Apple Mac”, she was dialling the electronics store to complain that the computer was breaking down after only buying it from them 4 months ago. When she discovered it was only a screensaver, I had to run for my life.

So it really is true – Germans really don’t have a sense of humour!

11 year old takes over as school computer network manager

By Mark O’Neill

If you’re a network manager, I think your job might be under threat when your boss sees this kid. Jon Penn is only 11 years old and he’s Victory Baptist School‘s computer network manager. At 11, shouldn’t he be playing with his Nintendo Wii or something?

According to the article on Network World, his mother is the school librarian and when the IT support person suddenly quit, she found the IT job added to her already heavy workload. Enter her 11 year old son to save the day who says his favourite reading material is computer magazines.

He looked at what the school needed, looked at the budget and then started to build a network. Pretty amazing work for a kid his age.

Do you agree with what he did? Or would you have done things differently?

Leaked: Images of the Eee Desktop

You wouldn’t be able to tell by the 50 pound behemoth perched atop my desk, but I love small-footprint computers. Machines like the Mac Mini and gPC Mini have limitless potential and can be used in numerous ways: servers, firewalls, media centers, etc. As of late however, our favorite has got to be the tiny Eee PC. This tot of a laptop became an instant sensation before it was even released; its small price and size made it a must have.

Seeing how successful their first foray into tiny computing was, Asus has promised an Eee desktop for 2008 and these might very well be the first pictures of it. Apparently these images are far from official but HotHardware seems to think that they are, indeed, real. There are no hardware specs yet but an earlier report from Gizmodo indicates that it might sport a 1.8 GHz processor along with a $300 tag.

The new Eee obviously takes a page out of the Nintendo designer’s handbook, and we can’t say that it looks anything short of stunning. Based on the choice of color and awesome minimalistic design, it looks like this little PC would fit in just right with any computer or home theater setup.

Asus Eee PC Desktop, Eee Box Unveiled [via Giz]

Apple to customer: We hate you

There’s no doubt about it; Apple has an extremely dedicated fan base. From waiting in line a whole week for a phone, to writing books and creating movies dedicated to the Apple experience, we’d say that this ungrateful corporation is lucky to have such a following. With this kind of loyalty, you’d expect Apple employees to treat customers with, at the very least, courtesy and respect.

This was not the case however, when an email to Steve Jobs regarding water damage took a hard left. An anonymous tipster on the BoyGeniusReport accidentally spilled water on his MacBook Pro, and after contacting Apple support was informed that the repair would cost $300. Without any guarantee as to its success. Naturally frustrated, the guy sent Satan Jobs an email voicing his concerns and this was the reply:

Xxxxxxx,

This is what happens when your MacBook Pro sustains water damage.They are pro machines and they don’t like water. It sounds like you’re just looking for someone to get mad at other than yourself.

Steve

Whether this was actually Steve or not doesn’t really matter considering it came from within Apple. You’d think that with Apple seemingly up on the blog and social networking communities, they’d expect for this to spread like wildfire. I’m sure they could have let the man down easy without making him feel like an idiot. A simple “not our policy” would do.

Apparently “Pro” machines dislike water, therefore we’d like to warn our aquatic readers to purchase regular Macs instead.

Apple doesn’t care about its customers

Hackers attack epileptic forum and make sufferers convulse

By Mark O’Neill

epilepticbrain.jpgIn what is being described as the first attack over the internet to cause immediate direct physical harm, hackers have caused an unknown number of epileptic sufferers to suffer seizures by hacking into an epileptic support forum and leaving flashing animation screens.

The flashing screens, made with javascript code, would then adversely affect those suffering from pattern-sensitive epilepsy or photo-sensitive epilepsy (I also suffer from a strain of it). This means that if the eyes are exposed to rapidly flashing lights for a prolonged period of time, the brain reacts violently and sends the body into a seizure. The risk becomes even higher if the flashing lights are in a darkened room such as a nightclub or a cinema (you may have seen cinemas warning epileptics about strobe lighting in movies)

Circumstantial evidence has responsibility pointing to a group that seemingly has a beef with scientologists (Edit: After further investigation, we believe that the culprits were not who everybody though to be responsible at first… everybody points their finger at everybody else, and it’s not our position to determine who did it. Please note that WIRED, which usually is a reliable news source, reported the story first). But it’s one thing to have an argument with a religious cult. It’s quite another thing to target a group of people with a medical disability and provoke traumatic and terrible seizures in their head.

I am trying to be impartial about this but being a fellow epilepsy sufferer myself, I am shaking at the moment with deep anger. I am currently going round several other epilepsy support groups online that I am involved with to see if anything has been going on there as well.    Is this a co-ordinated attack or a one-off deal?    It’s essential to know.

Who in their right mind gets off on making people convulse uncontrollably? If they could just realize for a moment what a seizure actually involves and if they were to experience one themselves, they wouldn’t be so cavalier about inflicting that hurt on others.