Sunday, June 29, 2014

Amazon Account Phishing Email

Amazon phishing email...
                            
Delivered-To: xxxxxxxxxxx@gmail.com
Received: by 10.202.197.131 with SMTP id v125csp390758oif;
        Fri, 20 Jun 2014 17:13:32 -0700 (PDT)
X-Received: by 10.180.189.79 with SMTP id gg15mr7635763wic.0.1403309611555;
        Fri, 20 Jun 2014 17:13:31 -0700 (PDT)
Return-Path:  postmaster@lucklucky.net>
Received: from smtplqs-out38.aruba.it (smtplqs-out36.aruba.it. [62.149.158.76])
        by mx.google.com with ESMTP id f9si4695864wie.75.2014.06.20.17.13.30
        for  xxxxxxxxxxx@gmail.com>;
        Fri, 20 Jun 2014 17:13:31 -0700 (PDT)
Received-SPF: none (google.com: postmaster@lucklucky.net does not designate permitted sender hosts) client-ip=62.149.158.76;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: postmaster@lucklucky.net does not designate permitted sender hosts) smtp.mail=postmaster@lucklucky.net
Received: from webxc45s05.ad.aruba.it ([62.149.145.47])
 by smartcmd04.ad.aruba.it with bizsmtp
 id GoDW1o00c11am7y01oDWtF; Sat, 21 Jun 2014 02:13:30 +0200
Received: (qmail 21984 invoked by uid 19142416); 21 Jun 2014 00:13:30 -0000
Date: 21 Jun 2014 00:13:30 -0000
Message-ID:  20140621001330.21982.qmail@webxc45s05.ad.aruba.it>
To: xxxxxxxxxxx@gmail.com
Subject: update your account
X-PHP-Originating-Script: 19142416:send.php(2) : eval()'d code
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: amazon  postmaster@lucklucky.net>
 html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
xmlns="http://www.w3.org/TR/REC-html40">
 head>
 meta http-equiv=Content-Type content="text/html; charset=windows-1252">
 meta name=ProgId content=Word.Document>
 meta name=Generator content="Microsoft Word 12">
 meta name=Originator content="Microsoft Word 12">
 link rel=Edit-Time-Data href="amazon_fichiers/editdata.mso">
 title>Mise à jour de vos informations n /title>
 !--
 /* Font Definitions */
 @font-face
 {font-family:"Cambria Math";
 panose-1:0 0 0 0 0 0 0 0 0 0;
 mso-font-charset:1;
 mso-generic-font-family:roman;
 mso-font-format:other;
 mso-font-pitch:variable;
 mso-font-signature:0 0 0 0 0 0;}
@font-face
 {font-family:Tahoma;
 panose-1:2 11 6 4 3 5 4 4 2 4;
 mso-font-charset:0;
 mso-generic-font-family:swiss;
 mso-font-pitch:variable;
 mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
@font-face
 {font-family:"Lucida Sans";
 panose-1:2 11 6 2 3 5 4 2 2 4;
 mso-font-charset:0;
 mso-generic-font-family:swiss;
 mso-font-pitch:variable;
 mso-font-signature:3 0 0 0 1 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
 {mso-style-unhide:no;
 mso-style-qformat:yes;
 mso-style-parent:"";
 margin:0cm;
 margin-bottom:.0001pt;
 mso-pagination:widow-orphan;
 font-size:12.0pt;
 font-family:"Times New Roman","serif";
 mso-fareast-font-family:"Times New Roman";
 mso-fareast-theme-font:minor-fareast;}
a:link, span.MsoHyperlink
 {mso-style-priority:99;
 color:blue;
 mso-themecolor:hyperlink;
 text-decoration:underline;
 text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
 {mso-style-noshow:yes;
 mso-style-priority:99;
 color:purple;
 mso-themecolor:followedhyperlink;
 text-decoration:underline;
 text-underline:single;}
p
 {mso-style-noshow:yes;
 mso-style-priority:99;
 mso-margin-top-alt:auto;
 margin-right:0cm;
 mso-margin-bottom-alt:auto;
 margin-left:0cm;
 mso-pagination:widow-orphan;
 font-size:12.0pt;
 font-family:"Times New Roman","serif";
 mso-fareast-font-family:"Times New Roman";
 mso-fareast-theme-font:minor-fareast;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
 {mso-style-noshow:yes;
 mso-style-priority:99;
 mso-style-link:"Texte de bulles Car";
 margin:0cm;
 margin-bottom:.0001pt;
 mso-pagination:widow-orphan;
 font-size:8.0pt;
 font-family:"Tahoma","sans-serif";
 mso-fareast-font-family:"Times New Roman";
 mso-fareast-theme-font:minor-fareast;}
span.TextedebullesCar
 {mso-style-name:"Texte de bulles Car";
 mso-style-noshow:yes;
 mso-style-priority:99;
 mso-style-unhide:no;
 mso-style-locked:yes;
 mso-style-link:"Texte de bulles";
 mso-ansi-font-size:8.0pt;
 mso-bidi-font-size:8.0pt;
 font-family:"Tahoma","sans-serif";
 mso-ascii-font-family:Tahoma;
 mso-fareast-font-family:"Times New Roman";
 mso-fareast-theme-font:minor-fareast;
 mso-hansi-font-family:Tahoma;
 mso-bidi-font-family:Tahoma;}
p.auto-style81, li.auto-style81, div.auto-style81
 {mso-style-name:auto-style81;
 mso-style-noshow:yes;
 mso-style-priority:99;
 mso-style-unhide:no;
 mso-margin-top-alt:auto;
 margin-right:0cm;
 mso-margin-bottom-alt:auto;
 margin-left:0cm;
 mso-pagination:widow-orphan;
 font-size:12.0pt;
 font-family:"Times New Roman","serif";
 mso-fareast-font-family:"Times New Roman";
 mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
 {mso-style-type:export-only;
 mso-default-props:yes;
 font-size:10.0pt;
 mso-ansi-font-size:10.0pt;
 mso-bidi-font-size:10.0pt;}
@page Section1
 {size:595.3pt 841.9pt;
 margin:72.0pt 90.0pt 72.0pt 90.0pt;
 mso-header-margin:35.4pt;
 mso-footer-margin:35.4pt;
 mso-paper-source:0;}
div.Section1
 {page:Section1;}
-->
 /style>
 !--[if gte mso 10]>
 style>
 /* Style Definitions */
 table.MsoNormalTable
 {mso-style-name:"Tableau Normal";
 mso-tstyle-rowband-size:0;
 mso-tstyle-colband-size:0;
 mso-style-noshow:yes;
 mso-style-priority:99;
 mso-style-qformat:yes;
 mso-style-parent:"";
 mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
 mso-para-margin:0cm;
 mso-para-margin-bottom:.0001pt;
 mso-pagination:widow-orphan;
 font-size:10.0pt;
 font-family:"Times New Roman","serif";}
 /style>
 ![endif]-->
 meta http-equiv=Content-Language content=fr>
 !--[if gte mso 9]> xml>
  o:shapelayout v:ext="edit">
   o:idmap v:ext="edit" data="1"/>
  /o:shapelayout> /xml> ![endif]-->
 /head>
 body lang=FR link=blue vlink=purple style='tab-interval:35.4pt'>
 div class=Section1>
 div align=center>
 table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=500
 style='width:375.0pt;mso-cellspacing:0cm;mso-yfti-tbllook:1184;mso-padding-alt:
 0cm 0cm 0cm 0cm'>
  tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes;
  height:22.5pt'>
   td style='padding:0cm 0cm 0cm 0cm;height:22.5pt'>
   div align=center>
   table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=489
   style='width:366.75pt;mso-cellspacing:0cm;background:#F1F1F1;mso-yfti-tbllook:
   1184;mso-padding-alt:0cm 0cm 0cm 0cm'>
    tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'>
     td style='padding:0cm 0cm 0cm 0cm'>
     div align=center>
     table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=490
     style='width:367.5pt;mso-cellspacing:0cm;background:#F1F1F1;mso-yfti-tbllook:
     1184;mso-padding-alt:0cm 0cm 0cm 0cm'>
      tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'>
       td width=490 style='width:367.5pt;padding:0cm 0cm 16.5pt 0cm'>
       div>
       p class=MsoNormal style='line-height:15.0pt'> strong> span lang=EN style='font-size:9.0pt;font-family:"Lucida Sans","sans-serif";
      mso-fareast-font-family:"Times New Roman";color:lime;mso-ansi-language:
      EN'>Dear xxxxxxxxxxx@gmail.com
, html xmlns="http://www.constantcontact.com/cctd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://www.constantcontact.com/cctd http://origin.ih.constantcontact.com/schemas/CCEM8templates.xsd">
 head>
   meta http-equiv="Content-Language" content="fr">
   meta name="GENERATOR" content="Microsoft FrontPage 6.0">
   meta name="ProgId" content="FrontPage.Editor.Document">
 
   title>Mise à jour de vos informations n /title>
 style>
.MainBorder {
 background-color: #CCCCCC;
 padding: 1px;
}
.body {
 background-color: #FFFFFF;
 margin : 0px 0px 0px 0px;
}
.MainBG {
 background-color: #FFFFFF;
}
.MainText {
 title: Main Text;
 font-family: Arial, Helvetica, sans-serif;
 font-size: x-small;
 color: #000000;
}
.GraphText {
 title: Graph Text;
 font-family: Arial, Helvetica, sans-serif;
 font-size: xx-small;
 color: #111111;
}
.CClink1 {
 font-family: Arial, Helvetica, sans-serif;
 font-size: x-small;
 color: #3E69BD;
}
.TemplateWidth {
 width: 600px;
}
.TemplatePad {
 padding: 0 15px 15px 15px;
}
.GraphBG {
 background-color:#4E81BD;
}
.BarBG {
 background-color:#ffffff;
}
.StatTable {
 background-color:#F5F5F5;
}
.HiLight {
 font-family:Arial, Helvetica, sans-serif;
 color:#357E86;
 font-size:x-small;
}
.HiLight2 {
 font-family:Arial, Helvetica, sans-serif;
 color:#357E86;
 font-size:x-large;
 letter-spacing: -2px;
}
.TableHdr {
 font-family:Arial, Helvetica, sans-serif;
 background-color: #E7F2F4;
 color:#357E86;
 font-size:small;
}
.TableHdrBrdr {
 border-top:1px solid #E7F2F4;
 border-bottom:1px solid #E7F2F4;
 background-color:#F3F3F3;
}
 /style>
 /head>
 body leftmargin="0" rightmargin="0" topmargin="0">
   html xmlns="http://www.constantcontact.com/cctd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://www.constantcontact.com/cctd http://origin.ih.constantcontact.com/schemas/CCEM8templates.xsd">
 body leftmargin="0" rightmargin="0" topmargin="0">
 p style="color: rgb(51, 51, 51); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 1px 0pt 8px; font-family: Arial, sans-serif; font-size: 12px; line-height: 16px; background-color: rgb(241, 241, 241);">
Your account will expire in less than 48 hours. br>
it is imperative to conduct an audit of your information is present, otherwise
your account will be destroyed . Just click the link below and log in using your
email and password. /p>
 table border="0" cellpadding="0" cellspacing="0" class="callToAction" style="font-family: Verdana, Arial, Helvetica, sans-serif; letter-spacing: normal; orphans: auto; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px 0px 10px; font-style: normal; font-variant: normal; font-weight: normal; font-size: 11px; line-height: normal; background-color: rgb(241, 241, 241);">
  tr>
   td bgcolor="#ffa822" class="actionLinkContainer" style="margin: 0px; padding: 1px 10px; border-width: 1px; border-style: solid; border-color: rgb(191, 191, 191) rgb(144, 141, 141) rgb(144, 141, 141) rgb(191, 191, 191);">
   a style="color: rgb(8, 68, 130); text-decoration: underline;" href="http://sasn.mcafee.com/l?v=0&ui=0&spid=rssmountain&p=000c0000000000000000000000000000&url=https://gator4083.hostgator.com/~coachmur/gettingpaidtobefit.com/readme.php">by
  clicking here /a> /td>
  /tr>
 /table>
 p style="color: rgb(51, 51, 51); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 1px 0pt 8px; font-family: Arial, sans-serif; font-size: 12px; line-height: 16px; background-color: rgb(241, 241, 241);">
For more information, see span class="Apple-converted-space">  /span> a style="color: rgb(8, 68, 130); text-decoration: underline;" href="">Questions
and answers /a>. /p>
 p style="color: rgb(51, 51, 51); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(241, 241, 241);">
Sincerely, br>
Amazon /p>
 p style="color: rgb(51, 51, 51); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(241, 241, 241);">
Copyright  2014 amazon, Inc. All rights reserved. amazon is located at 2211 N.
First St., San Jose, CA 95131.

Target Breach and releated POS Breach Articles

Articles about the target breach:

Overview:
http://www.businessinsider.com/target-credit-card-hackers-2013-12

Number of cards updated to 70 million
http://mobile.eweek.com/security/target-data-breach-affected-70m-much-more-than-earlier-estimates.html

Timeline:
http://www.ibtimes.com/timeline-targets-data-breach-aftermath-how-cybertheft-snowballed-giant-retailer-1580056

Missed alerts:
http://www.npr.org/2014/03/13/289836952/report-target-missed-its-chance-to-prevent-data-breach

Human considerations:
http://www.eweek.com/security/preventing-targets-troubles-locking-the-door-against-data-breaches.html

Federal lawsuit
http://www.nationaljournal.com/tech/senate-report-target-could-have-prevented-massive-hack-20140325

Removal of corporate officers:
http://www.insidecounsel.com/2014/05/30/inadequate-data-breach-preparation-response-should

CISO should report to CEO
http://www.computerworld.com/s/article/9249129/Target_top_security_officer_reporting_to_CIO_seen_as_a_mistake

Target CEO Resignation Due To Security Issues
http://www.csoonline.com/article/2151381/cyber-attacks-espionage/target-ceo-resignation-highlights-cost-of-security-blunders.html

Cards Sold on Black Market
http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/

Started with an Email attack against HVAC vendor
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

Ward Off POS Attacks
http://www.retailgazette.co.uk/articles/32114-how-to-ward-off-pos-cyber-security-attacksd

Chip Cards to Prevent Credit Card Information Loss
http://www.northjersey.com/news/business/a-chip-on-the-old-card-1.1039445

Talent in Hacking, Not Security
http://wallstcheatsheet.com/technology/cyber-crime-why-is-all-the-talent-in-hacking-and-not-in-security.html/?a=viewall

EMV (Chip and Pin) credit cards alone cannot protect data

Car Washes had PC Anywhere installed on computers. End of life by Symantec, not used in years.
http://nakedsecurity.sophos.com/2014/06/25/carwash-pos-systems-hacked-credit-card-data-drained/

Tips for Protecting Point of Sale (POS) systems
http://www.lexology.com/library/detail.aspx?g=edac3d96-7d0a-4d70-87b1-966ba3fcc5c7

Small business & mobile POS
http://www.smallbusinesscomputing.com/biztools/small-business-mobile-point-of-sale-systems-the-pros-cons.html

Protecting POS systems
http://www.darkreading.com/attacks-breaches/tech-insight-defending-point-of-sale-systems/d/d-id/1141214?

Separate VLANs
http://www.darkreading.com/attacks-breaches/back-to-basics/d/d-id/1269436

VLANs vs Subnets
http://websitenotebook.blogspot.com/2014/06/vlans-vs-subnets.html?m=1

PCI is not enough, POS Malware kits, warnings and auditing software ignored or shut off
http://www.computing.co.uk/ctg/feature/2348267/too-open-for-business

FBI warns of more retail attacks
http://www.reuters.com/article/2014/01/23/us-target-databreach-fbi-idUSBREA0M1UF20140123

Hackers that wrote the malware
http://www.startribune.com/business/243125731.html#ZMDJ1wAuHohOSl87.97

Memory scraping malware
http://www.csoonline.com/article/2359441/data-protection/criminals-seeking-more-buyers-with-all-in-one-malware.html

http://www.darkreading.com/attacks-and-breaches/target-breach-8-facts-on-memory-scraping-malware/d/d-id/1113440

http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/

http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

http://threatpost.com/ram-scraper-malware-a-threat-to-point-of-sale-systems

http://volatility-labs.blogspot.com/2014/01/comparing-dexter-and-blackpos-target.html

ICMP







http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=24d3c229-4f2f-405d-b8db-a3a67f183883

More...


 

 

 

 

People

 

 

 

PCI Compliance


 

 

Target.com                                                                                                          

 

NEW CISO


 

Joined Financial Information Sharing Center

https://www.fsisac.com/

 

What has done to prevent


 

Waiting for a major problem before taking action:


 

Chip and Pin Solution


 

 


 

Attacks on key employees







 

VLANs vs Subnets


 

POS security:

 




 

Net diagram - hunch