At some Subways, the sandwiches aren’t the only thing that’s
Security in the networked world of today isn’t always the easiest to understand, we’ll admit. But business owners, who are in a position of trust when it comes to customers’ debit and credit card transactions, should really be up on basic internet security. When they’re not, they literally give away their customers’ information to hackers. Case in point: about 150 Subway franchises, which, along with at least 50 other small retailers, caused 80,000 customers to lose a total of $3 million after they set up debit card scanners without proper security and encryption.
Here’s what happened: Though Subway distributes lists of security requirements to franchisees, some neglected to follow them. According to a Justice Department statement, in addition to disregarding encryption requirements, they installed cheap remote desktop software, the kind that lets a computer be accessed from another location. All hackers had to do was guess or otherwise determine the password for access, which, as all too many people have found out, isn’t very hard when your password is “password” or “12345.” Once they had that, the hackers were like kids in a candy store, and it took quite some time for anyone to notice what was going on.
It’s enough to make you take a good, hard look at your lunch joint’s manager, and, if he looks like he doesn’t know a trojan from a man in a toga, walk right back out that door.
Read more at Ars Technica.
Image courtesy of Brixton / flickr
The way bubbles are filled in encodes quite a bit of identifying information
What’s the News: Standardized tests aren’t as impersonal as you might think. Much as detectives analyze a note’s handwriting to pinpoint its author, scientists have developed a way to identify test-takers, voters, and so on just from the way they fill in bubbles.
The spam ecosystem.
What’s the News: Every day spammers are thinking up new ways to offer you “vIaGrA,” whether you have any interest or not, and spam filters have a tough time keeping up. Researchers studying what they call the “spam ecosystem” have outlined the processes and services spammers use in committing their nefarious deeds—going as far as to actually buy stuff in order to identify what banks they use—in hopes of finding new bottlenecks where regulators can disrupt spammers’ business model. Their findings? Hit ‘em where it hurts: their bank accounts.