Tuesday, January 21, 2014

Australian teen "charged" for exposing transit system, security flaw; Target wanted to use the smart-chip card technology a decade ago.

An Australian teenager, Joshua Rogers, discovered a major security vulmerability in a transit website in Victoria, with PII of 600000 people.  Once he exposed the vulnerability, he was reported to police!  It sounds like it has something to do with transportation cards.  The technology involved as an SQL injection attack.

Timothy B. Lee has a story on the "Switch Blog" on the Washington Post, Jan. 9, link.

The vulnerability might be similar to problems at retailers, as the number of people potentially vulnerable to identity theft because of the breach at Target and several other retailers increases.

On NBC4 in Washington, Liz Crenshaw reported that you have only 2 days to report money missing because of a debit card misues, and after 3 days you're on the hook for the first $500.  After a week or so, the entire amount. Some reports say that over $4 billion might be pilfered from debit cards that had been used at Target and other retailers.

Target had wanted to install smart chips on its cards 10 years ago, Wall Street Journal story by Pail Ziobro and Robin Sidel (paywall) here.  

No comments: