Archive for September 29, 2017

Whole Foods Pwned….. Credit Card Data Swiped

Posted in Commentary with tags on September 29, 2017 by itnerd

The pwnage continues with Amazon owned Whole Foods getting pwned by hackers. Apparently the hackers managed to swipe credit card data. Here’s the really bad news…. They had no clue until someone else told them about the pwnage:

Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected. When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.

Let me translate above because I’ve been to a Whole Foods store once when my wife dragged me there. Taprooms are a pub by another name which sounds really fancy so that you can spend some cash. So if you’ve eaten at one of these places, you better keep an eye on your credit and debit cards. If you shopped in their stores to buy expensive hoity toity food, you should be fine. Apparently, even though they’re owned by Amazon, there systems aren’t connected so those on Amazon need not worry.

I’d love to understand why it seems that Whole Foods was asleep at the switch to such a degree that someone not working for Whole Foods had to tell them about it. Perhaps someone on Capitol Hill would care to organize a public flogging hearing to find out?

Leave a comment »

Mr. Smith Goes To Washington To Get Grilled Over Equifax Pwnage

Posted in Commentary with tags on September 29, 2017 by itnerd

Ex-CEO of Equifax Richard Smith is going to Washington next week to participate in the public flogging known as congressional hearings. I am sure that 143 million Americans, 400 thousand Brits and 100 thousand Canadians really want to hear about how he absolutely screwed up to this degree before he “retired”. Examples of this #EpicFail include hiring a CSO with no IT experience or not applying a patch for Apache Srtuts for months, or having a publicly accessible database with username of admin and the password of (you guessed it) admin. I could go on but you get the idea.

In any case, if you want to hear what he has to say, here’s the schedule of where he’s going in Washington next week:

I fully expect this to be a public flogging given the scale of the pwnage that took place. Thus this will be very interesting to watch on TV. Set your PVR and get the popcorn ready.

2 Comments »

One Reason For Mac Users To Upgrade To High Sierra: Security At The Firmware Level

Posted in Commentary with tags on September 29, 2017 by itnerd

research paper from Duo Security is recommending that if you want to keep your Mac safe from certain types of pwnage, you should always be up to date with your OS. That’s because according to new research Pre-boot software on Macs is often outdated, leaving Apple fans at a greater risk of being pwned. For example, users would be vulnerable to exploits such as Thunderstrike and attacks originally developed by the NSA and exposed in the WikiLeaks Vault 7 data dumps as they rely on out-of-date firmware. This of course ignores the other security fixes that come with OS upgrades such as the recently released High Sierra.

Now how does High Sierra fix this? It automatically checks and updates the firmware if required when it installs. Not only that, it also checks said firmware on a regular basis to make sure that it hasn’t been pwned by a hacker. Further info on this can be found in a related blog post where Duo Security said that users should not only upgrade to High Sierra, but users should also check if they are running the latest version of firmon their Macs, and it has released a tool to help them to do that.

Leave a comment »

Review: SanDisk Ultra Flair 32GB USB 3.0 Flash Drive

Posted in Products with tags on September 29, 2017 by itnerd

I walk around with a flash drive on my keychain at all times. The reason being that if I need to back up something in an emergency, or build a bootable USB flash drive in an emergency, I have the means to do it. To ensure that I had space for both possibilities, I decided to get a physically small flash drive with a lot of space. As in 32GB of space. So one trip to Amazon and I ordered the SanDisk Ultra Flair 32GB USB 3.0 Flash Drive which happened to be on special:

IMG_0852.jpg

 

As you can see, the drive is tiny. You hardly know it’s there as it doesn’t take up a lot of real estate. But it is quick. Since it’s a USB 3.0 drive, it’s capable of 150MB/s, Now I can’t confirm that I am getting those speeds, but it is insanely quick. Anything that I’ve done with it since I got it takes way less time than any other USB drive I have used lately.

Because this lives in my pocket, I have to be sure that any USB key will survive that environment as a lot of them won’t. The SanDisk Ultra Flair drive has been in my pocket for just over a week and there isn’t even a scratch on it. And it still works perfectly. It also has the ability to be password protected using SanDisk SecureAccess 3.0 which works with Windows and Mac. I’m not leveraging that feature as I have nothing critical on that drive. But it is an option for those who do.

The 32GB drive retails for $50 USD and comes with a 5 year warranty. But I got it from Amazon for $18 CDN which means it pays to shop around. It’s also available in capacities all the way up to 128GB. Consider it if you need a durable flash drive that doesn’t take up a whole lot of real estate.

1 Comment »