Firefox tells buyer not to buy sweater
ZDNet Blogger Chris Matyszczyk recently blogged about an experience he had online shopping using Mozilla’s Firefox browser. Matyszczyk explained that as he was about to purchase a sweater from retailer H&M, the Firefox browser warned him: “The connection is insecure. Logins entered here could be compromised." Not willing to risk his credentials, Matyszczyk asked Mozilla about the message. This was their response: “ If you go to the main site of this retailer https://hm.com/ without any cookies you'll get redirected to their country chooser at https://www.hm.com/entrance.ahtml?orguri=%2F. Most of the country-specific site links have a padlock icon next to them, and the US URL does have an https:// link. It looks like they know what they ought to be doing, but that https:// link. then redirects to insecure http: so the implementation is lacking. There is a tiny "sign in" link at the top that would be insecure.” Despite several attempts to contact H&M, Matyszczyk couldn’t secure a response. What is weird about this story isn’t the fact that the company didn’t get the encryption right on the e-commerce site, but rather that the browser alerted the buyer before the purchase could be made. Which is actually really nice.
Forget the dark web, shady dealer sells customer data on Craigslist
Previously in our Uzado blog we have written about the dangers of finding your credentials, or worse, your Personal Identifiable Information (PII) for sale on the dark web. Is it surprising then, that someone would try to sell this data on Craigslist? Recently, someone has tried to sell data from a data server from electronics retailer NCIX, which went bankrupt in 2017. The company, which had customers is the United States and Canada, was taken over by a financial firm called the Bowra Group, which then sold the remaining assets to an undisclosed third party that intended to restart NCIX, a Bowra representative told PCMag. The assets were later put up for sale through Able Auctions. However, all the NCIX hardware was first reviewed by the undisclosed third party. It seems somewhere along they way, someone else had managed to get at the hardware and unwiped data from the machines. Travis Doering, who runs the cybersecurity firm Privacy Fly, noticed the Craigslist posting last month; it was offering two servers from the now-defunct NCIX, which operated in the US and Canada. He decided to investigate, and eventually met the mysterious seller, who claimed to possess an entire server farm from NCIX, in addition to hundreds of desktop computers used by the retailer's offices and stores. According to Doering, some of the data goes back 15 years and was entirely stored in plain text. It included customer addresses, phone numbers, credit card payment details, and details about items people bought. Since Doering published his blog, the police have been investigating the matter, and indeed have seized some of the assets. There are questions as to whether there are other assets out there with the same information on them.
Hackers have planted credit card stealing malware on government sites
It seems even governments are not safe from hackers. Think about all the numerous financial transactions that can be made online with various government agencies, and you have a great target. Security firm, Fire Eye, has recently confirmed that a payment portal used by US government agencies, has been compromised. Click2Gov is used by local government services to administer payments for things like utilities and permits. Superion, a major technology provider that owns the web payment portal, confirmed in June a breach had occurred last year but there was “no evidence” that the portal was unsafe to use. Superion issued patches after several customers complained that their credit card information had been stolen but said that “it was largely up to local governments and municipalities to patch their servers.” Hackers used the server vulnerability to upload a tool, which it calls FIREALARM, to sift through server log data for credit card data, while another piece of malware it’s calling SPOTLIGHT to intercept credit card data from unencrypted network traffic. Once collected, the data is encoded and exfiltrated by the hacker. Credit card numbers, expiration dates, and verification numbers, along with names and addresses were stolen by the malware.