Monthly Archives: December 2014

Been swiping your payment card to pay for parking in the US?

Time to check for unauthorized charges!

A North American parking company, SP+, says that on 3 November, it got a security heads-up from the company that provides and maintains its payment card systems.

On Friday, SP+ said in a notice that an unauthorized person used a remote-access tool to get their fingers into some of its parking facilities’ computers that process payment cards.

SP+ says that it immediately launched an investigation and got some forensic expertise on board to examine the payment systems in the affected parking facilities, which are mostly located in Chicago.

Other affected parking garages are in Philadelphia, Seattle, Cleveland, and Evanston, Illinois.

The company operates about 4,200 parking facilities in hundreds of cities across North America.

The breach affected a total of 17 SP+ parking facilities, the payment system provider told SP+. During the course of its investigation, SP+ identified yet another facility where card data was at risk.

SP+ hasn’t been able to identify whether any specific cards were taken or mailed notification letters to the potentially affected cardholders, but it does know that whoever installed the remote-access tool used it to install malware that sniffed out payment card data routed through the computers that accept payments made at the parking facilities.

The company says that the intruder(s) may have been able to grab cardholders’ names, card numbers, expiration dates, and verification codes.

The company’s notice lists the names of the specific parking garages that were breached.

If you think you used your card at any of the locations between the earliest and last dates it lists for each spot, definitely do keep an eye on your account statements for wonky activity.

If you see any unauthorized charges, contact the bank that issued your card. Credit card companies typically guarantee that cardholders won’t be held responsible for bogus charges.

Having said that, who remembers the name of the place where they plonk down their ride?

I say, if you’ve used your card to pay for parking in Chicago, Evanston, Cleveland or Seattle, then go ahead and check those statements.

Hell, even if you only ever park in Peoria or Pittsburgh, check your statements anyway!

After all, there’s been a plethora of Point-of-Sale system breaches, including at Home Depot, Subway sandwich restaurants, a slew of Jimmy John’s restaurants, a bunch of car washes,
KMart, and even Dairy Queen.

That’s right: you can’t even buy a soft-serve dairy treat without getting your card nicked.

But one thing’s for sure: when somebody mentions remote-access tools in relation to PoS systems, there’s a good chance that the crooks could have infiltrated systems used by more customers of that PoS system vendor.

These PoS breaches travel in clumps, so it pays to stay alert – after all, you don’t want to accidentally pay for a crook’s fraudulent charges.

Via: sophos

Twitter is set to start peeking on users’ iPhones, iPads and Androids in order to see which apps they have downloaded.

The company will start collecting the list of apps installed on those smartphones and tablets so that it can, in its own words, “deliver tailored content that you might be interested in.”

A support article says the additional data collection will allow Twitter to make better recommendations on who to follow, as well as insert content it thinks you will find interesting into your feed.

The new feature, which Twitter has named “app graph,” could tie in with the company’s recently announced Instant Timeline feature which takes new users’ areas of interest and the people their contacts follow, and serves up a feed created for them in order to better personalize Twitter from day one.

By collecting data about other installed apps, the feature would be better positioned to create a more relevant starting timeline.

Of course, the main benefit to Twitter will be the ability to use the collected information to surface more targeted adverts. Or, as Twitter puts it, show you more promoted content it “think[s] you’ll find especially interesting.”

Twitter says it will only record the list of apps you have installed, not how they are used.

So, for example, Twitter will be able to see that you have Spotify on your phone, but not that you’re listening to the same 80s classic over and over and over again.

While entry into the new tracking system is automatic and opt-in by default, Twitter has promised to alert users when the new feature is turned on.

We will notify you about this feature being turned on for your account by showing a prompt letting you know that to help tailor your experience, Twitter uses the apps on your device. Until you see this prompt, this setting is turned off and we are not collecting a list of your apps.

If you don’t want your apps to be snapped up by Twitter’s data gobblers, here’s how to turn it off:

Twitter for Android

1. Tap the overflow icon (looks like 3 vertical dots)
   
2. Choose Settings.
   
3. Select your account
   
4. Under Other, turn off Tailor Twitter based on my apps.
   

Twitter for iOS

1. Tap the Me tab, and then the gear icon
   
2. Choose Settings
   
3. Select your account
   
4. Under Privacy, turn off Tailor Twitter based on my apps.
   

Once you opt out, Twitter says it will remove your app graph data from Twitter and stop future collection.

If you don’t yet see the option then Twitter won’t have started tracking you yet.

If you want to stop the collection before it’s started, Twitter says you can turn on Limit Ad Tracking on your iOS device by going to Settings and Privacy.

If you’re an Android user, go to Settings, tap the Google account, choose Ads and then turn on Opt out of interest-based ads.

Via: nakedsecurity