If you bought stuff at Buckle between October 28, 2016 and April 14, 2017 with a credit card, you may want to check your statements. It seems they found some POS malware infecting the system. Not a lot of data is out, but it looks like swipe transactions are the target.
Month: June 2017
San Francisco Radio Station KQED Streaming Silenced By Ransomware
A public radio station in San Fran had streaming and email taken offline by ransomware last Thursday, June 15th. They had to set up a temporary email account to deal with live questions during the “Forum” radio show. Only the streaming and email was taken down, but in this day and age, that can be a significant percentage of listeners.
What an experience – Aggression and Racism in the DC Metro Station
Yesterday I travelled to Washington DC to attend the Gartner Security Summit. This is not my first time in DC but I had never been to the Smithsonian Museum of Natural History and since I had some to time to myself on this Sunday I decided to head over. I was going to Uber over, but the hotel receptionist mentioned that it was a quick trip on the Yellow Line Metro to L’Enfant Plaza and a short walk to the National Mall. I decided to take the Metro. I like new experiences.
First, I found a wallet on a bench at the Metro stop. It had $83 in cash and a bunch of credit cards and such. I turned it in the lady in the booth. It took a while, but we inventoried the contents and she logged the find, etc. I missed a couple of trains during this, but that was OK, I did the right thing.
I caught the next train there at the Eisenhower station and headed along the path of the beam to downtown DC (Blaine is a pain*). About 15 minutes later I arrived at L’Enfant station where I happily disembarked, looking forward to my trip to the museum. At this point, it was about 1:00pm and since I had not had lunch after arriving, I decided to find something to eat on my way. Now, L’Enfant station is huge. It’s a transfer point for several other lines and is not easy to navigate. It’s also underground at this point. I managed to find the exit after a few minutes and headed out the gates. There was not much in the way of foot traffic actually leaving the station, so I was alone.
Just about the time I exited the little podium gates, I was approached by guy. He was about 6’1″, tall and skinny, had short dreadlocks, and was black. I wouldn’t normally mention his race, but it plays in to things a little later. His approach was aggressive and unexpected, however I do keep an eye on my surroundings (*cough* *cough* *paranoid* *cough*).
He said something to me, but I had my earbuds in, so I pulled one out while continuing to walk. I said, “huh?” and he repeated himself. He said he wanted me to give him a dollar for the bus. Mind you, he told me he wanted me to give him a dollar, he did not ask. I told him I didn’t have any cash (true) and he get even closer asking me for the dollar. I told him again that I had no cash. At this point he called me some pretty rude things and walked ahead of me quickly. There are some long escalators heading to the plaza, 2 of the 3 were going up, one going down. He got on the right escalator going up about 10 yards ahead of me, and I got on the left. He glared at me the entire way up the escalator, then at the top, he proceeded to block the escalator he was on pestering the next 2 people trying to get off the escalator.
The folks just walked by and ignored him and he repeated his action of talking smack to them as they walked away. I kept going and found a place for lunch where I got in the line. There were only a couple of people ahead of me at this time, and the same guy walks up to the older people who were at the register, gets in their face and demands a dollar from them. One of the 2 people told him no, and they guy reached over and pointed at his wallet and said, “You have it there!”. The 2nd guy at the register gave him a dollar, probably hoping he would go away, but the guy turned around and started cussing at them all the same. As he was leaving, I told the older folks that he had been demanding money and cussing people out from the exit booth.
He heard me, turned around and got about 2 inches from my face and started talking a lot of smack, cussing me out and asking me if I had a problem. At this point something sort of odd happened, I found myself very detached and calm. That surprised me. I just looked him straight in the eyes and said, “You have some issues man.” and continued to stare back. He broke eye contact and turned around like he was going to walk away, then turned around quickly and got in my face again. He started calling me names again, pretty much everything was about being white. I’ve never really experienced a racial tirade like that before, but I just stared him down and started to smile. I couldn’t help it, it reminded me of Full Metal Jacket and I could just feel that he was just blustering a bunch of hot air. I can’t say how I knew he was all show, maybe it was because his eyes showed some confusion and actually looked a bit scared. I don’t think he expected me to stand my ground and start smiling, because he backed away quickly, then walked away quickly while continuing to hurl racial insults. He really didn’t like the fact that I was white.
It was easily one of the more interesting experiences I have had. Fact is, he would have been easy to put down as he was trying to make himself look big by holding his arms out at shoulder height, looking like a chicken while exposing his whole midsection. He was open for a knee to the groin, the gut or a headbutt before he could have done anything to prevent it.
I don’t know if he was on drugs, but I don’t feel like he was. His eyes were focused and appeared to be aware. I could actually see the change in them when I wouldn’t back down. Honestly, I think he is just a punk that uses extreme aggression to try to bully things out of people. I wonder if this works better in places like DC where the general population is almost guaranteed to be unarmed.
One thing is for sure, I won’t be doing much more walking around without some sort of defense available. I usually take my camera monopod, a large aluminum tube that could double as a seal club, along when I walk strange cities alone. This time I did not. I can tell you that I won’t be caught off guard like that again.
Stay safe out there.
*Obligatory Dark Tower reference when I ride a train.
‘The Witcher’ developer ransomed over new game material
If you have anything of value, the bad guys are targeting it. We saw this with the latest Pirates of the Caribbean movie and here it is again targeting the company behind “The Witcher” games as they develop a new game called “Cyberpunk 2077” which was first announced in 2013. Imagine the cost associated with that much development time and the value of it to the company.
While this isn’t ransomware, it poses the same basic issue. You are going to lose something of value if you don’t pay up. In this case, the IP (Intellectual Property) of the developer could quickly find itself in the wild and any competitive advantages they may have had could be lost. It could be even worse if something like the source code were dumped.
Hopefully it work out for them
A tweet from CD Projekt Red addressing this:
Over 2,000 North Dakota Medicaid Patients Affected By Improper PHI Destruction
Because nobody really seems to know that tossing medical forms with things like names, dates of birth, provider numbers, Medicaid ID number, dates of service, diagnoses codes, and other sensitive information is bad, the North Dakota Department of Human Services (NDDHS) is in a bit of a pickle. Fortunately, somebody spotted the papers in a dumpster and said something about it.
All told, 2,452 folks had their PHI potentially exposed, but hey, they get a free year of credit monitoring out of the deal. Isn’t that nice?
Kmart Breach Impacts Delaware Division of Child Support Services Clients
592 child support client cards issued by the Delaware Division of Child Support Services (DCSS) appear to be caught up in the Kmart breach. Some clients may find that cards don’t work, but they should be replaced by this weekend.
These cards are related to child support payments and are being replaced due to the risk of compromise, although none of the DCSS cards have shown unauthorized activity.