Ramblings of an old Doc

 

Hope you shop online and know how to avoid the scams on folks online.

This one’s the ultimate nightmare: It goes the 2013 Target breach one better. It goes deep into the computer system affected, and is highly encrypted so most antivirals will miss it (in the store’s computers). It can record what you type into the pad on the terminal at checkout…so it scrapes the buyer i.d., and numbers/pin.

“The actors behind the ModPOS software have exhibited a very professional level of software development proficiency, creating a complex, highly functional and modular code base that places a very heavy emphasis on obfuscation and persistence. Thus, ModPOS can go undetected by numerous types of modern security defenses.

ModPOS is highly modular and can be configured to target specific systems with components such as uploader/downloader, keylogger, POS RAM scraper and custom plugins for credential theft and other specialized functions like network reconnaissance. We believe other capabilities could also be leveraged. The modules are packed kernel drivers that use multiple methods of obfuscation and encryption to evade even the most sophisticated security controls.

We know that US retailers have been targeted and believe it is very likely that criminal actors are seeking to compromise additional victims beyond those identified.” – iSight

So…you sigh with relief…”I have an EMV card!” (the chipped card). Well, only 20% of the card market is EMV ready, so 80% isn’t and is vulnerable. Moreover, iSight maintains information skimmed or taken in an unencrypted portion of the network—not all are secure yet—can be used to make an online purchase.

Sources:

https://finance.yahoo.com/news/sophisticated-scam-targets-retailer-payment-191352635.html

http://www.isightpartners.com/2015/11/modpos/


Comments
on Nov 28, 2015

And the world wants to do away with money.

on Nov 28, 2015

Only the folding stuff.

on Nov 28, 2015


And the world wants to do away with money.

Send it all to buxforjim@fillmypockets.com    

on Nov 28, 2015

That's why I like using cash. Won't do online purchases, if I see something I like and I can afford it boom...hit the bank, grab the cash and go buy it. I don't trust doing online stuff like that, never did. 

on Nov 28, 2015

Never had a problem spending online, but then again I check all my accounts daily, sometimes twice a day, and have protection services. 

No bucks for you Jim! 

on Nov 28, 2015

I'm with LightStar, I've not had any problems buying online, and like him I check stuff daily.   For those of you who still use cash, do you know where your wallet is?  Just like anything you do day to day you have to check......double check......and then just to be sure, check again.  

on Nov 28, 2015

it's not like you don't have to carry cards and what not with your wallet. unless your phone does it all.

 

i think wom means they want to do away with cash. which last i read is the plan, what with the push to contactless (low or no transaction fee to merchants or something... compared to bog standard chip and pin/swipe card transactions), getting rid of certain denominations of coins (in certain places)

on Nov 28, 2015

The chip card adoption by retailers has been miserable. Being stuck with a chip card the past few months, I can tell you that rollout was and is still broken.