Better (http://blog.wired.com/27bstroke6/2009/01/card-processor.html)

:banghead:

lovely.

this just make me paranoid for my network...how the heck was it not secured....*goes to scan whole network*

Malware means it was on a windows pc, so they have some windows PC passing around unencrypted customer data.....not well thought out...

this just make me paranoid for my network...how the heck was it not secured....*goes to scan whole network*

One has to assume that a processor of that size has a very complex network. Complexity is the #1 enemy of security.


Malware means it was on a windows pc, so they have some windows PC passing around unencrypted customer data.....not well thought out...

No, Windows is just the most likely attack vector. However given the scope of the attack, and the fact that it would take someone with advanced skills to carry it out without being detected at a place where I guarantee you certain security protocols were in place, it's entirely possible that they were able to get malware running on some other OS.

To sniff this information unencrypted, they would have to be in the path of transfer or storage, so I start to think network devices, firewalls, databases. It's possible it was some unsecured frontend Windows box, but I'd be surprised. I'm quite surprised to hear the guy say the transmission has to be unencrypted to get authorization, however; that is BS. PCI requirements in no uncertain terms specify that any card data be encrypted over every transmission medium, and any time it is stored. The only time it should ever be in the clear is on the actual machine doing the crypto translations, and if that system was compromised, well...

It's all just theorization though, since in the end we will probably never know how they got pwned. Too bad since this one would be a fantastic case study.

One has to assume that a processor of that size has a very complex network. Complexity is the #1 enemy of security.



No, Windows is just the most likely attack vector. However given the scope of the attack, and the fact that it would take someone with advanced skills to carry it out without being detected at a place where I guarantee you certain security protocols were in place, it's entirely possible that they were able to get malware running on some other OS.

To sniff this information unencrypted, they would have to be in the path of transfer or storage, so I start to think network devices, firewalls, databases. It's possible it was some unsecured frontend Windows box, but I'd be surprised. I'm quite surprised to hear the guy say the transmission has to be unencrypted to get authorization, however; that is BS. PCI requirements in no uncertain terms specify that any card data be encrypted over every transmission medium, and any time it is stored. The only time it should ever be in the clear is on the actual machine doing the crypto translations, and if that system was compromised, well...

It's all just theorization though, since in the end we will probably never know how they got pwned. Too bad since this one would be a fantastic case study.

Humm malware that can enable a man in the middle attack to sniff a switched network....I would love a copy of that because its hard enough to do legitimately.

My only reasoning for windows is to assume it got in on some local network where users are more laxed in protection. Perhaps someone that has do manual validation of a account that doesnt get processed correctly was surfing Facebook and got Koobface or whatever, ignored it, went on with their day of manually verifying account information......

My number one problem with security is users, without them my network would be completely safe. :)

Inside job.

How do you footprint a network like that? VERY tough to do without being on the inside. I am sure they have a security TEAM. If they are worth their weight they have switch logs, authentication failure logs, access attempts, load variances that are not line with normal usage.

I am sure they have (EDIT: had) a security TEAM.

Ha! and I am sure they are hiring!

Ralphy! Get over there and set them straight!! You can make a killing!

You're assuming it sniffed a switch. What if it was watching traffic on a network port of the server doing the work? What if it was watching temp storage space on the server itself (even in memory)? What if something were put on the firewall to capture certain useful information (not hard at all, we use this as a troubleshooting tool all the time)?

When I did my SANS course I saw some pretty remarkable stuff (then got to try it). Ways of owning a computer and its data without the operator ever knowing you were there. Someone smart could have pulled it off in this case.

Dana - yeah, statistically inside users are the greatest, yet most underestimated security threat. Could have been a clever external person, but it's definitely something an insider may have facilitated or done.

Nothing is completely secure

When I did my SANS course I saw some pretty remarkable stuff (then got to try it). Ways of owning a computer and its data without the operator ever knowing you were there. Someone smart could have pulled it off in this case.



Go on.... :)

I wonder if i was a victim. I got a call today from my credit union regarding an unusual charge $800+ at a Walmart in Illinois. The charge was declined because of the suspicious nature and when I verified it wasn't me the card was cancelled and I am waiting on a new card.

Nothing is completely secure

Dana's pants are. NOBODY wants in those.

Go on.... :)

SEC504 class. Check it out, take it if you can. They will unleash an unreal amount of information into your brain in five days.

SEC504 class. Check it out, take it if you can. They will unleash an unreal amount of information into your brain in five days.
I am in LOVE!:leghump:
During the workshop, you will be connecting to one of the most hostile networks on planet earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.
By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn, as well as have a lot of fun.

Nessus -Check!
Nmap -Check!
Wireshark -Check!
msfconsole :D-Check!
hydra -Check!
Brutus -Check!
Brutal Gift -Check!
HoneyPotX -Check!

Lets play! err learn!

Yikes! EC 504: Hacker Techniques, Exploits & Incident Handling (2,795)<---That the price?

Yeah, it's worth the price. Just get your employer to pay for it. :) Also if you're a CISSP, it counts as 40 CPE credits for your recert requirements. (If not a CISSP get that first so you can count the credits...)

Also get some keyboard time playing with Metasploit, and command line sniffers like tcpdump/windump. If you know netcat (nc) you will be golden too, but you'll learn all that stuff in the class as well.

I (strongly) recommend showing up with a virgin machine, not your work or personal laptop with anything of value on it. When I went I put a fresh boot camp Windows image on my Mac. It WILL get scanned, and it WILL get attacked. I even had a Honeypot going on my machine in class feeding out false DNS and responding to requests just to toy with stupid people that forgot to do that. Some poor lady was trying to check her corporate email against my machine for almost the whole week.

There is no Internet access during class (network is completely isolated) to protect the world at large from what goes on in there, though we tethered our Blackberries and got around that.

Oh, if you take that class make sure your instructor is Ed Skoudis.

Yeah, it's worth the price. Just get your employer to pay for it. :) Also if you're a CISSP, it counts as 40 CPE credits for your recert requirements. (If not a CISSP get that first so you can count the credits...)


Ha, work would never go for that....


Also get some keyboard time playing with Metasploit, and command line sniffers like tcpdump/windump. If you know netcat (nc) you will be golden too, but you'll learn all that stuff in the class as well.


Getting to know Meta better I have the trunk (SVN) loaded on my Netbook....humm netcat......

Wish I had the cash, my old job sent me to SAN (Storage Area Networks) convention in CA it was basics and instructions to the SAN world it was awesome.....but very basic

Speaking of storage networks, I just got done building a Fiber SAN at my house with a bunch of recycled high end hardware...so now I can add that to my experience list....I need a new project.....
http://farm4.static.flickr.com/3407/3203892979_7550f79411.jpg
http://farm4.static.flickr.com/3323/3204713826_c108fed98d.jpg

I wonder if i was a victim. I got a call today from my credit union regarding an unusual charge $800+ at a Walmart in Illinois. The charge was declined because of the suspicious nature and when I verified it wasn't me the card was cancelled and I am waiting on a new card.

It's always fucking Wal-Mart, and it's always fucking in IL!!!
:scream1:

My Credit Union debit card got cloned a couple years back, and a Wal-Mart in Lansing fucking approved their purchase!

I don't know who buys $800 worth of stuff at Wal-Mart, but definitely not a guy who lives in Colorado!

Anyway... Sorry. Just had a bit of a flashback there.