Friday, September 19, 2014

Declining the Despot

I can't say I was surprised when I read that 56 million credit cards were affected by a security breech at Home Despot (sic). Let that sink in for a bit... fifty million credit cards were affected... that's one credit card per person for more than one-sixth of the population of the U.S. (yeah, I know that certain people have more than one credit card, and there are international customers, but the number is mind boggling. I have a low opinion of Home Depot anyway, CEO Ken Langone is a whiny plutocrat and Republican donor who groused about Pope Francis speaking out against income equality and the indifference of the rich.

Earlier this week, I went to the independent hardware store within working distance of my home. I had a pleasant walk to the store, where I purchased an 18" fluorescent bulb. The proprietor got it off the shelf for me, and wrapped it in paper to protect it on the walk home (with detours to the bakery for a sfogliatelle and the butcher shop for a store-made black pudding and some delicious pork-and-leek sausages). All of the proprietors of the stores I visited are local people, and I consider them all friends (I've known the baker since I was a teenager).

I live in a neighborhood with a vibrant commercial district. I'd rather travel by shanks' mare to patronize stores owned by careful, attentive local people than to drive to a big box store with sub-par customer service and an abysmal attitude toward the security of their customers. Luckily for me, I have that option, unlike a lot of Americans.

6 comments:

Gary McCammon said...

Oh, the other black pudding.

I was wondering how you got it home while taking 3d6 per round after it ate through your chain mail.

mikey said...

As some of my internet friends and neighbors know, I work in the enterprise network security field. So let me just add to Mr. Bastards post to say to you all unequivocally that at this point in time the bad guys are winning.

These aren't the acne scarred D&D playing hackers of yore. These are organized, well funded professional corporations, mostly operating out of Eastern Europe and Russia. They use highly sophisticated tools to locate vulnerabilities and penetrate the perimeter security. Importantly, they either steal, co-opt or create legitimate credentials, so the company can't see them as someone who has come in from the outside without permission, but rather they appear to be legitimate users.

They then use other sophisticated tools to gain access to the devices and applications they need - in the case of Home Depot and Target it's the PoS machines. You see, when you swipe your card, for the duration of that transaction (until you see the "Approved" line) that data is in RAM unencrypted. So the malware on the PoS machine transmits it to a database they have set up and then every day or two the whole batch is uploaded to a masked C&C server.

They are hard to detect, impossible to prosecute and are making millions of dollars. It's an irresistible opportunity. There are tools that can detect them (actually, that's precisely what I do), but they are new and have not been adopted by a lot of companies. It will be a few years before the good guys can even begin to claim qualitative parity with the criminals...

ifthethunderdontgetya™³²®© said...

In Berkeley Springs, there are two local hardware stores: Hunter's (downtown) and Dawson's (an Ace-affiliated store halfway between downtown and Cacapon State Park).

They're both run and staffed by very friendly locals. My most frequent purchase is suet blocks for the birdfeeder. BUT sometimes, there have been things we needed for major house repairs that required going to the megastore in Hagerstown...
~

Big Bad Bald Bastard said...

I was wondering how you got it home while taking 3d6 per round after it ate through your chain mail.

I cast Protection from Protean Protoplasmic Perils before heading out of the house. Now roll for initiative!

They are hard to detect, impossible to prosecute and are making millions of dollars. It's an irresistible opportunity. There are tools that can detect them (actually, that's precisely what I do), but they are new and have not been adopted by a lot of companies. It will be a few years before the good guys can even begin to claim qualitative parity with the criminals...

And that is precisely why I use pre-paid cards for online purchases and cashola in person.

They're both run and staffed by very friendly locals. My most frequent purchase is suet blocks for the birdfeeder. BUT sometimes, there have been things we needed for major house repairs that required going to the megastore in Hagerstown...

It's awfully hard to avoid the big box stores all of the time. I rent, so I've never had to buy a pallet of Quik-Crete, but homeowners would be hard pressed to avoid HD or Lowes.

ifthethunderdontgetya™³²®© said...

Take a look at these!

I am jealous.
~

Smut Clyde said...

an 18" fluorescent bulb ... a store-made black pudding ... some delicious pork-and-leek sausages
BBBB has interesting party preparations.