jump to navigation

Equifax – Protecting themselves while exposing your data and Identity! September 11, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

BoldStrategyAs an update to my last Equifax post a number of stories had circulated regarding Equifax’s Terms of Use in which they attempt to prevent lawsuits related to their own incompetence that resulted in the exposure of nearly 150 million consumer records.  As stated on their Terms of Use:Terms of Use:

“YOU MUST ACCEPT THIS AGREEMENT, INCLUDING ITS “ARBITRATION” SECTION BELOW, BEFORE YOU WILL BE PERMITTED TO REGISTER FOR, USE OR PURCHASE ANY PRODUCT. BY REGISTERING ON THIS WEBSITE AND SUBMITTING YOUR ORDER, YOU ARE ACKNOWLEDGING ELECTRONIC RECEIPT OF, AND YOUR AGREEMENT TO BE BOUND BY, THIS AGREEMENT. YOU ALSO AGREE TO BE BOUND BY THIS AGREEMENT BY USING OR PAYING FOR OUR PRODUCTS OR TAKING OTHER ACTIONS THAT INDICATE ACCEPTANCE OF THIS AGREEMENT.”

So here is what the noble and caring Equifax has done to the public.  First, they had a data breach in 2015.  Then their CEO offers the obligatory public apology where he emphasizes the ‘importance of protecting data. etc. etc.  Then Equifax magnanimously offers consumers free credit monitoring…in the Equifax TrustedID Premier service.  It should be noted that IF you do enroll in the Equifax TrustedID Premier you are agreeing to the Terms of Use listed above…in short, should your information be exposed and used to say…steal your identity you cannot sue them nor can you engage in a class action lawsuit.  You are (according to the Terms of Use) bound by Equifax’ arbitration clause.  For those who are fans of the Oscar Winning film Dodgeball, I quote: “That’s a bold strategy Cotton. Let’s see if it pays off!”

To add fuel to the proverbial fire.  Equifax did not disclose the data breach for a full month while 3 executives sold millions of dollars of company stock within days of identifying the breach!  Now..to be fair, Equifax stated (ahem, cough, cough) “…the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”” Chief Financial Officer John Gamble, U.S. Information Solutions President Joseph Loughran and Workforce Solutions President Rodolfo Ploder — completed stock sales on Aug. 1 and 2.  So let me get this straight…the Information Solutions President and CFO did not know there was a breach?  To quote the incomparable George Straight: “I’ve got some oceanfront property in Arizona.  From the front porch you can see the sea.  If you’ll buy that I’ll throw the Golden Gate in free!”

 

 

 

Lenovo caught (again) installing SpyWare and Malware on Computers! September 27, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

LenovoI just saw on TheHackerNews Security Blog on a link I picked up on LinkedIn.  If true (no reason to think it is not), this is truly bad business and shameful practices by Lenovo..AGAIN. Keep in mind that two years ago Lenovo (a Chinese company, BTW) was banned (Again..) from providing computers to the US Intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand over spying issues.  They were first banned in 2006!  Then, in January 2015, Lenovo was caught…ONCE AGAIN..installing SuperFish malware onto refurbished laptops.  SuperFish has a serious vulnerability which makes it vulnerable to Man in The Middle Attacks (MitM).  Now, according to TheHackerNews Lenovo  was caught in August installing a rootkit into their computers.  This rootkit, known as the Lenovo Sevice Engine (LSE) installs into the BIOS on the computer.  According to TheHackerNews: One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.”

So what does this really mean for you…the consumer?  If you want to buy a Lenovo I would only ask that you email me as I have a great bridge for sale in Utah and would love to introduce you to some Ukrainian friends who love to give high interest loans.  Honestly, if you are going to buy a Lenovo after reading this, you probably deserve what you get.  I can tell you that I would never own a Lenovo again (had one in the 1990’s).  Fool me once…shame on you…fool me twice shame on me…fool me a third time?  Seriously?

“The Fortress Mentality & Data Compromises” – Chris & Heather Mark in August 2012 TransactionWorld Magazine July 31, 2012

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , ,
add a comment

This month’s TransactionWorld magazine includes an article by me (Chris Mark) titled: “The Impact Of the Fortress Mentality and Today’s Compliance Strategies”.  The article discusses, among other things, the Global Payments breach, PCI DSS compliance, and provides an overview and opinion on today’s focus on compliance with static standards as opposed to risk based information security.  One important note. I neglected to send an updated BIO to the editor so it still references my position at ProPay.  I have not worked at ProPay for over a year 😉  You can read more about my company Mark Consulting Group at www.MarkConsultingGroup.com.

Heather Mark is also in this month’s TransactionWorld with an article titled: “After the Compromise: Incident Response Plans and Mitigating the Damage”  Heather speaks about data compromises and provides good insight into strategies companies can employ to minimize the impact of such breaches.

“This is the American Express Fraud Department” – Two Dozen Carders Arrested on 4 Continents June 26, 2012

Posted by Chris Mark in cybersecurity, Industry News.
Tags: , , , , , , , , , ,
1 comment so far

Lnight my wife received an email about a suspcious transaction on our Amex card.  Turns out it was a fraudulent transaction and my wife’s card had been stolen.  I was writing a blog post on this very subject when a Google alert informs me of this article on Foxnews.  “Two Dozen Arrested in Online Financial Fraud Sting”.  According to the article:  “Two dozen people on four continents have been arrested in an elaborate sting  targeting a black market for online financial fraud, federal officials in New  York said Tuesday.

U.S. officials called the crackdown in United States, Europe, Asia and  Australia the largest enforcement effort ever against hackers who steal credit  card, bank and other information on the Internet — a practice known as  “carding.”   The officials claimed the two-year FBI sting protected more than 400,000  potential victims and prevented losses of around $205 million.”

On that note, I recommend that you take a look at the book “Fatal System Error”…gives very good insight into the underworld of Carding.

“Flame On!”- New CyberWeapon Discovered in Middle East May 28, 2012

Posted by Chris Mark in cyberespionage, cybersecurity, InfoSec & Privacy, News, terrorism.
Tags: , , , , , , , , , , ,
1 comment so far

Complementing the post CyberEspionage, researchers have discovered a new cyberweapon.  First there was Stuxnet, then there was Duqu..now there is Flame.  Called by a researcher: “…the most complex piece of malicious software discovered to date…” the recently discovered virus is designed to capture data but can also change computer setting and turn on integrated microphones to record what is being said in the room.  Kapersky labs discovered the virus, dubbed “Flame”,  which has been lurking undetected inside of thousands of computers in the Middle East for as long as 5 years.  According to Kapersky, the countries with the most infections include Iran with the most infections followed by Israel/Palestine area, Syria, and Sudan.  According to Kapersky senior researcher Roel Schouwenberg: “The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information”(more…)

%d bloggers like this: