Security Threats Round-up

By now, you have probably heard about the Hannaford breach.  Briefly, the supermarket chain suffered a breach of customer credit card data when thieves hacked into its computers to steal credit and debit card data in transit to the bank.  Unlike TJX, Hannaford was found to be in compliance with security standards set by the Payment Card Industry.  Even with this compliance, 4.2 Million records have been exposed and approximately 1,800 cases of fraud have been reported.  In addition, a class action lawsuit has been filed alleging Hannaford’s negligence in failing to maintain the security of customer credit/debit card info.

In another example of a company perhaps thinking it is more secure that it actually is, read the story about donotreply.com.  The domain is registered and owned by an individual but a variety of companies use it when trying to discourage recipients from replying to emails.  Meaning, when a company sends an email to customers, it uses “company@donotreply.com,” or something like that, as the sender email address.  Then, if a recipients wants to respond to the message, there’s usually a link or specific contact info in the body of the message.  Unfortunately, not all recipients notice and some do just click the reply button and end up sending a message to the donotreply.com domain, which is owned by an individual unrelated to the company.  And of course, when the recipient hits reply, any personal information contained in the original email is then forwarded to the owner of donotreply.com.  Now fortunately, the owner of the domain does not release the private info but it’s unsettling to think companies who probably otherwise purport themselves to be secure could participate in this unsound practice (that is also potentially not compliant with the can-spam act).

Finally, this last security exposure could probably be classified as one of those things that could only happen on the Internet.  A fake ad was placed on Craig’s List advertising that a home was abandoned and suggesting that anyone could come help themselves to the horse and other property at the location.  When the owner arrived at his home, saw people driving away with his stuff and asked for it back, people wouldn’t give it back to him, as they were convinced because they had the ad from Craig’s List, it must be true.  The authorities were notified and some of the property has been returned.  At this point, the poster of the fake ad has not been identified.

Update April 2:  Apparently, the ad hoax was set up to obscure a burglary.  Read more at Techdirt.