Social Engineering 101 – how customer service does more harm than good

Less is more? It turns out that both in Twitter accounts names and security breaches it is true. Recent post by Naoki Hiroshima gained already a lot if attention equally because of quite daring reveals of the attacker and utter incompetence on the side of PayPal and GoDaddy security and client data protection policies. As Naoki presents the case, it all started with a message from GoDaddy informing about change in account information. Unfortunately due to changes made by attacker it was already impossible to log into the account, furthermore because of changed credit card number customer service was unable to positively verify Naoki and failed to return the account. The attacker then tried to reset twitter password which failed, due to time required to update mail exchange record. Finally he contacted Naoki informing about his interest in @N account and threatened with making GoDaddy retake domain. Soon after GoDaddy replied to earlier filled case report. However they were not able to help, due to the fact that domain registrant have to be verified in order to proceed (you can almost see how things are getting sillier with every step). As a result Naoki decide to comply to the demands and release the @N address.

Continue reading “Social Engineering 101 – how customer service does more harm than good”

Target card data breach – CEO issues statement, conspiracy theories arise

As some of you probably know, or perhaps even have been affected, American retail giant suffered massive security breach as much as 40 millions might have suffered form their credit and debit card data stolen. As reported by KrebsOnSecurity, hackers gained access to company’s data infrastructure. What’s worth of interest is that theft did not affect online shopping, but actual in store operations as data from magnetic strips  – if attackers managed to also intercept pin numbers they might be able to recreate cards and siphon money straight from ATM’s. Yesterday the official statement has been issued by company’s CEO Gregg Steinhafel.

Continue reading “Target card data breach – CEO issues statement, conspiracy theories arise”