Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

A First Look at the Target Intrusion, Malware
Krebs On Security ^ | 1/12/2014 | Krebs

Posted on 01/16/2014 8:40:12 AM PST by BlueMondaySkipper

click here to read article


Navigation: use the links below to view more comments.
first previous 1-5051-73 last
To: catnipman

That is complete BS. First Windows XP is no longer in regular support and is going to be completely unsupported in April.

Try getting a version of Linux from when XP was launched that is still secure today.


51 posted on 01/16/2014 8:22:29 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Windflier

I know they are two separate words. Cramming them together is reminiscent of a (now) very old SNL skit.


52 posted on 01/16/2014 9:21:20 PM PST by Smokin' Joe (How often God must weep at humans' folly. Stand fast. God knows what He is doing.)
[ Post Reply | Private Reply | To 37 | View Replies]

To: beef
...our systems are too big and too convoluted for anyone to understand. They are poorly designed and hurriedly slapped together with little or no QA. They are riddled with security flaws.

It'd be pretty hard to find a better description of healthcare.gov, eh? Today I was watching the news coverage of one of the Dem. Reps (in Lamar Smith's committee, I think?) The Rep. was accusing the Pubs of trying to "scare" people away from signing up for ObamaCare, with security concerns. This from an old fool who could not run a lemonade stand, or learn in 2 years how to write a 6 line program in Basic. (See, there I am dating myself!) The gratifying thing was the interviews of young people asked if they were concerned / would sign up, and were saying "no way!"

The Dems of course had their own "expert" saying, essentially, that healthcare.gov was not as attractive a target as other sites. Obviously this guy doesn't understand all hackers or their motivations. Most Everest climbers don't do it solely for the money...

Then of course there was that Pub bill the other day, that would supposedly require the Administration to report any thefts of information from the healthcare.gov within 2 days of the occurrence. (Paraphrasal.) Yeah, that'll help. Shouting at the horse that's already galloped 500 ft. out the barn door helps too.

53 posted on 01/17/2014 12:16:31 AM PST by Paul R. (We are in a break in an Ice Age. A brief break at that...)
[ Post Reply | Private Reply | To 49 | View Replies]

To: Still Thinking
Why is it even running on an OS in the first place instead of bare metal?

Because, if you're running on bare metal, you'll have to invent the OS.

Then where are you? You will now have an ad hoc, informally specified, bug-ridden semblance of an OS. Congratulations!

The bad guys will get a hold of a sample of your custom brainchild OS, reverse engineer it, and fashion a suitable attack. Then all they have to do is get on your network and deploy their code with a script, similar to the ones you use to update your system.

If the door's ajar, they'll get in!

54 posted on 01/17/2014 12:47:03 AM PST by cynwoody
[ Post Reply | Private Reply | To 50 | View Replies]

To: eyeamok
Bank Accounts are just fine if you choose a Credit Union, it is virtually IMPOSSIBLE to transfer Money OUT of MY Credit Union without Physically walking in and filling out a bunch of papers.

How do you pay your bills?

I have a B of A account. When my Amex bill arrives, I log onto my B of A account and schedule a payment of the full amount on the due date several weeks into the future. Just keystrokes and clicks. Works every time. Puts the USPS out of business (or reduces them to littering my mailbox with ValuePaks).

What's the use of a bank account if not to make payments?

55 posted on 01/17/2014 12:59:02 AM PST by cynwoody
[ Post Reply | Private Reply | To 9 | View Replies]

To: Boogieman
Well, that’s the bank’s problem. Most banks nowadays cover any unauthorized use of your card, as long as you report it within a certain time frame.

No, it's your problem if your checks bounce.

My solution is always to use my Amex card.

I remember when "check cards" were introduced. My new ATM card came with a MasterCard logo and a brochure touting the new charge card "feature".

I called the 800 number and asked if that meant charges could be made without entering the PIN. They said yes, it's more convenient — you can use it anywhere a credit card can be used. I told them to close my account. They said, hold on, we'll send you a new card. And they did. In the next day's mail — no stinkin' MC logo and a new account number not in the MC range.

ATM card should be used only at ATMs. All other payments should be using charge cards!

56 posted on 01/17/2014 1:16:56 AM PST by cynwoody
[ Post Reply | Private Reply | To 24 | View Replies]

To: Buckeye McFrog
"How would malware get into the POS system?"

If the POS is running on top of a vulnerable Windows OS, all too easy. All it takes is one compromised machine on a network, and it can be used as an attack platform to target other machines that can be exploited. Pretty soon, the attacker 'owns' the place.

57 posted on 01/17/2014 2:12:43 AM PST by KoRn (Department of Homeland Security, Certified - "Right Wing Extremist")
[ Post Reply | Private Reply | To 2 | View Replies]

To: rarestia
Many POS systems are running XP or some screwy Windows variant.

Businessweek has an article that saying that 95% of ATMs worldwide are still using XP. Support for embedded XP ends in 2016, instead of this year for regular XP. It wouldn't be surprising if POS systems have similar ratios.

58 posted on 01/17/2014 3:38:17 AM PST by EVO X
[ Post Reply | Private Reply | To 41 | View Replies]

To: Still Thinking
“Why is it even running on an OS in the first place instead of bare metal?”

Because they can. Because it's cool. To be fair, embedding something like Linux in an electric meter gives you access to protocol stacks and other platform software that work pretty well. But putting stuff like this under so much automation opens us up to remote attacks and we can't anticipate all of them. Was it really so bad having a 90 IQ guy drive around and read meters instead of sitting at home watching Jerry Springer?

59 posted on 01/17/2014 4:40:08 AM PST by beef (Who Killed Kennewick Man?)
[ Post Reply | Private Reply | To 50 | View Replies]

To: EVO X

Embedded operating systems often have customized kernels to accommodate the lower-end hardware in most POS and ATM devices. That being said, it’s still a Windows XP kernel which is a well-known vector and capable of exploitation if not patched properly, which I can personally attest they usually aren’t.


60 posted on 01/17/2014 4:59:52 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 58 | View Replies]

To: BlueMondaySkipper

After the congress critter declared the Target problem to be like the Obama care problem,I am certain the hack was done by the treacherous tyrant in the White House to make himself look good.


61 posted on 01/17/2014 5:03:56 AM PST by bert ((K.E. N.P. N.C. +12 ..... History is a process, not an event)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Smokin' Joe
Cramming them together is reminiscent of a (now) very old SNL skit.

Emily Litella? I remember that too, but it was still two words.

62 posted on 01/17/2014 7:30:23 AM PST by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 52 | View Replies]

To: cynwoody

Easy, I only Write Checks for Bills, and pay CASH for everything else. I make NO electronic Transactions of ANY KIND EVER. I should also point out the obvious, when you Use CASH ONLY, you will find yourself not Wasting Money on trivial Bullshit that you really don’t need. Abstinence works every time it is Tried.


63 posted on 01/17/2014 7:31:33 AM PST by eyeamok
[ Post Reply | Private Reply | To 55 | View Replies]

To: cynwoody

Well, to each his own I guess. I have bounce protection and fraud protection from my bank, so there is really nothing to worry about, for me.


64 posted on 01/17/2014 8:28:22 AM PST by Boogieman
[ Post Reply | Private Reply | To 56 | View Replies]

To: rarestia
Windows XP kernel which is a well-known vector and capable of exploitation if not patched properly, which I can personally attest they usually aren’t.

That was a thorough monkey hammering they took. If they weren't patching them before, they will be shortly.

65 posted on 01/17/2014 8:34:49 AM PST by EVO X
[ Post Reply | Private Reply | To 60 | View Replies]

To: The Great RJ

That’s hackers’ goal was the data, not to bilk cardholders directly. The way these large scale credit card scams generally work is the hackers steal the information, package it in bundles, and then resell it to criminals on the black market. These criminals then run the false transactions.


66 posted on 01/17/2014 9:35:48 AM PST by Eepsy
[ Post Reply | Private Reply | To 32 | View Replies]

To: cynwoody
Well, what if you used an AmEx card at Target in the time frame in question? How would that affect the equation?

CA....

67 posted on 01/17/2014 9:46:47 AM PST by Chances Are (Seems I've found that silly grin again....)
[ Post Reply | Private Reply | To 56 | View Replies]

To: Chances Are
Well, what if you used an AmEx card at Target in the time frame in question? How would that affect the equation?

That could be a minor annoyance. I might have to call the 800 number and tell them I haven't been to Estonia or wherever. They might need to issue me a new card. But there would be no dent in my bank account and no bounced checks. They are unusually efficient about removing fraudulent or disputed charges.

In any case, at Target, I use the house REDcard because they give a 5% discount.

68 posted on 01/17/2014 10:33:21 AM PST by cynwoody
[ Post Reply | Private Reply | To 67 | View Replies]

To: Windflier

I was thinking Rosanna Rosanadanna, but it has been a while...


69 posted on 01/17/2014 1:38:25 PM PST by Smokin' Joe (How often God must weep at humans' folly. Stand fast. God knows what He is doing.)
[ Post Reply | Private Reply | To 62 | View Replies]

To: Smokin' Joe
I was thinking Rosanna Rosanadanna, but it has been a while...

Don't I know it! I don't know how I even remembered the Emily Litella character. It just popped into my head. But she was the one who used to go off on the rants because she misunderstood a word.

70 posted on 01/17/2014 5:08:29 PM PST by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 69 | View Replies]

To: BlueMondaySkipper
the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

“The bad guys were logging in remotely to that [control server], and apparently had persistent access to it,” a source close to the investigation told KrebsOnSecurity. “They basically had to keep going in and manually collecting the dumps.”

It’s not clear what type of software powers the point-of-sale devices running at registers in Target’s U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service (WEPOS).

If the malware was an attack on Windows XP Embedded/Windows Embedded for PoS" it'll be the first case I've heard of, though likely not the ONLY case out there.

XP Embedded happens to run quite a few ATM machines in the U.S. I was part of a large project for a big Chicago Based Bank (now B of A) back in 2003 which converted legacy mainframe based 3270 ATM's with Windows XP Embedded.

My guess is right about now there's a whole lotta banks double-checking their ATM security .....

71 posted on 01/17/2014 5:21:34 PM PST by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: pepsi_junkie
One trick they use is to send data that's way too big for the buffer (sort of like the "inbox") so that the data overflows into areas of memory it's not supposed to go to.

Its not that clever. Buffer overflows have been used since Sendmail came out in the 1980s. Its old hat now. Sendmail ran as root. Guess what file they went after? That's right. Send your stuff straight to the passwd file.

Never let anyone code using gets() and you'll take care of mot of those.

72 posted on 01/18/2014 12:10:59 AM PST by superloser
[ Post Reply | Private Reply | To 26 | View Replies]

To: Boogieman

I was thinking that everyone certainly is speaking negatively of Target’s system until I suddenly remembered that POS also means “point of sale”.


73 posted on 01/18/2014 2:54:51 PM PST by RipSawyer (The TREE currently falling on you actually IS worse than a Bush.)
[ Post Reply | Private Reply | To 7 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-5051-73 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson