Hacker accesses 3.6 million South Carolina tax returns

On October 10, the Secret Service notified South Carolina state officials that an international hacker had gained access to approximately 3.6 million state tax returns, as well as 387,000 credit and debit card numbers. The breach happened when the hacker infiltrated the South Carolina Department of Revenue’s computer system, where state returns from 1998 to present resided containing unencrypted social security numbers and 16,000 unencrypted credit and debit card numbers. According to the Secret Service, it’s possible the hacker got into the system as early as the end of August.

Said South Carolina Governor Nikki Haley, “In the past two weeks, state and federal law enforcement along with the Department of Revenue have come together and done everything they need to make sure those [security] holes have been plugged and we no longer have any holes we are aware of at this point.” The security breach was “completely closed” by October 20. State officials stated that it did not appear much damage had occurred between the discovery on October 10 and the repaired system ten days later.

The hacker failed to access all of the tax information on the system. State officials revealed that the hacks originated from an international IP address, but did not specify the country. In addition to the involvement of the fed, Mandiant, a private information security company, has been brought in to investigate the matter.

When questioned about why residents weren’t notified of the security breach earlier, Gov. Haley responded with, “This is the difference between finding the person and how they did it. We need to find the person.” Anyone who has filed taxes in South Carolina from 1998 to present, whether via paper or online, has been asked to call 1-866-578-5422.

[via Myrtle Beach Online]


Hacker accesses 3.6 million South Carolina tax returns is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Hackers Just Stole Over 3 Million Social Security Numbers

If you’ve filed tax returns in South Carolina sometime since 1998, you might be in a little bit of hot water. An unidentified, foreign hacker has gotten into the state’s Department of Revenue, pilfering around 3.6 million social security numbers, and 387,000 credit and debit card numbers. In other words, no small haul. More »

DMCA update shuts down new phone unlocking next year, allows rooting (but not for tablets)

CyanogenMod adds 'pull' OTA updates to latest CM10 nightly builds

And so it passed that Congress didst layeth its blessing on the jailbreaking and rooting of all manner of devices; the hacking community saw the miracle and rejoiced. But that amendment to the DMCA two years ago was just a temporary exemption and the Electronic Frontier Foundation has been vigorously lobbying to get it reinstated. The Library of Congress has now done just that through a new three year extension, but with some serious caveats: After 90 days, unlocking of new phones will be verboten and all tablet mods will still be illegal. This differs from the 2010 decision which did allow unlocking, because the Librarian decided that a recent copyright ruling means fair use rules no longer apply to a handset’s OS. It also said the exception isn’t needed anymore because carrier rules regarding unlocking are now more liberal — although the lawmaker may be confounding chicken with egg by that reasoning.

Filed under: , ,

DMCA update shuts down new phone unlocking next year, allows rooting (but not for tablets) originally appeared on Engadget on Fri, 26 Oct 2012 08:01:00 EDT. Please see our terms for use of feeds.

Permalink Ars Technica  |  sourceLibrary of Congress (Amazon)  | Email this | Comments

AMD, Intel and RSA team up, form the Cyber Security Research Alliance

Tech giants, including AMD, Intel and RSA teamup to form the Cyber Security Research Alliance

Sure, it’s not the first elite cybercrime-fighting team we’ve heard of, it’s also not everyday you hear the likes of Intel, Lockheed Martin and AMD buddying up on research. The companies are looking to address the “complex problems” in cyber security, with the private, non-profit group (which also includes Honeywell and RSA/EMC) aiming to work somewhere between government-funded security research and commercial products already out there. The Cyber Security Research Alliance is already in talks with NIST, and plans to launch a security research symposium early next year. The CSRA will also start tracking cyber security R&D, “prioritize” those aforementioned challenges, and hopefully come together for the greater good.

Continue reading AMD, Intel and RSA team up, form the Cyber Security Research Alliance

Filed under: , , , ,

AMD, Intel and RSA team up, form the Cyber Security Research Alliance originally appeared on Engadget on Thu, 25 Oct 2012 10:07:00 EDT. Please see our terms for use of feeds.

Permalink Security Week  |  sourceCyber Security Research Alliance  | Email this | Comments

Barnes & Noble lists 63 stores affected by PIN hack

Today book retailer Barnes & Noble confirmed that 63 of their retail stores have been compromised with tampered PIN pads. We originally reported the breaking news earlier this morning, but the company completed an internal investigation today that revealed one PIN pad in each of the 63 stores were tampered with, and that customers who used a credit or debit card on the machines were at risk of stolen personal information.

According to the company, the PIN pads were implanted with “bugs” that allowed the recording of credit card information and debit card PINs. Barnes & Noble ended up disconnecting all of its PIN pads on September 14, and is now only allowing credit card purchases directly through their cash registers for the time being.

Barnes & Noble says that the tampering affected only about 1% of all the company’s PIN pads around the US, and the 63 stores affected are only in a handful of states, including California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island. To see if your local store was one of the affected locations, check out the full list of all 63 stores.

Barnes & Noble is urging customers who have swiped their cards at the affected locations to change their debit card PINs as a precaution, as well as keeping an eye on credit card statements for fraudulent charges. However, the company notes that their database hasn’t been breached, and purchases made elsewhere aren’t affected.


Barnes & Noble lists 63 stores affected by PIN hack is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Over 60 Barnes & Noble locations victims of PIN pad tampering, customer data at risk

Over 60 Barnes & Noble locations victims of PIN pad tampering, customer data at risk

Book retailer Barnes & Noble this morning revealed that 63 of its stores have been victims of PIN pad tampering, following an internal investigation of “every PIN pad in every store” (just under 700 locations). B&N calls the tampering, “a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers,” and warns customers who may have swiped their cards at affected locations to alter debit card PINs as a precaution, as well as to keep an eye on credit card statements for false charges.

B&N specifically note that its company database hasn’t been breached, and purchases made through the B&N website, its Nook e-reader, and the Nook mobile apps are unaffected. According to the company, the PIN pads were implanted with “bugs” that allowed the recording of credit card numbers and PINs. To be extra safe, B&N disconnected all of its PIN pads on September 14 and is only allowing credit card purchases directly through cash registers. For a full list of affected stores, head past the break.

Continue reading Over 60 Barnes & Noble locations victims of PIN pad tampering, customer data at risk

Over 60 Barnes & Noble locations victims of PIN pad tampering, customer data at risk originally appeared on Engadget on Wed, 24 Oct 2012 10:21:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Hacking a Single Radio System to Work With Wi-Fi, 3G and Bluetooth

Zap-happy channel-surfers could soon control a lot more than cable TV from their remotes. Michael Ossmann, co-founder of Great Scott Gadgets, is developing HackRF, a software-defined radio (SDR) that lets you switch between radio frequencies on the fly. More »

Sony isn’t liable for PSN hack, says California judge

Last year, Sony‘s PlayStation Network was hacked, resulting in a massive breach of users’ personal information, something the company delayed in announcing. A class-action lawsuit was filed against the company, which was mostly dismissed this morning by a California district judge. The reason? Sony didn’t promise users perfect security.

The lawsuit was filed against Sony due to the company’s failure to protect users’ data via industry standards, claiming that this put users at unnecessary risk. Restitution was sought for the inability to access paid services, such as Netflix, for over a month via the PlayStation 3 while the PlayStation Network was down. The suit was filed last June.

California district judge Anthony J. Battaglia has ruled in Sony’s favor, however, rejecting the majority of the arguments against the company. According to Battaglia, Sony did not, at any point, promise its users perfect security. It was pointed out that the PlayStation Network’s privacy policy warns users that the company couldn’t guarantee the safety of user data transmitted via the PSN.

Another nail in the lawsuit’s coffin is Sony’s terms of service, which state that there is no warranty about the quality, functionality, availability, or performance of Sony’s online services. These snippets of legalese render many of the lawsuit’s arguments inert. Plaintiffs have until November 9th to make amendments to their claims.

[via Ars Technica]


Sony isn’t liable for PSN hack, says California judge is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Meet the Arduino Due, the 32-bit board that’ll let your projects fly (really)

Meet the Arduino Due, the 32bit board thatll let your projects fly really

As much as we love the Arduino Uno, it’s not the most powerful of hobbyist microcontrollers. Fortunately, the folks in Turin have just put the finishing touches on a 32-bit upgrade with buckets of potential. At the heart of the Arduino Due is an 84MHz Atmel CPU, based on ARM’s Cortex M3 Architecture, which is capable of being the brains inside your own flying drone or homemade 3D printer. It should start trickling out onto shelves from today, setting you back $49, but hey, that’s a small price to pay to automate your drinking adventures.

Continue reading Meet the Arduino Due, the 32-bit board that’ll let your projects fly (really)

Filed under:

Meet the Arduino Due, the 32-bit board that’ll let your projects fly (really) originally appeared on Engadget on Mon, 22 Oct 2012 09:22:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter

JailbreakMe hacker Comex let go at Apple after failing to respond to offer letter

After developing JailBreakMe, cracking such devices as the iPad 2 or iPhone 4 and finally scoring a paying intern gig with his nemesis, hacker Comex tweeted that he’s no longer working at Apple. Also known as Nicholas Allegra, the talented coder’s Cupertino situation apparently came asunder when he failed to respond to an email offer to re-up with the company, though he also told Forbes that the situation was more complicated than that. He added that “it wasn’t a bad ending,” and that he has fond memories of his Apple experience, but if you’re hoping the Brown University student will have an iOS 6 jailbreak soon, don’t hold your breath — he’s concentrating strictly on his studies, for now.

Filed under: , , ,

JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter originally appeared on Engadget on Fri, 19 Oct 2012 08:44:00 EDT. Please see our terms for use of feeds.

Permalink 9 to 5 Mac  |  sourceForbes, Twitter  | Email this | Comments