Ars readers react to Target’s POS snafu and mining Coinye coins

We also praise Google's new video-identifying browser tab.

Read the whole story

 

[SudoShinji]

It looks like the group that compromised Targets web server used their own software distribution against them to spread this malware which explains why there was a lack of alerting going on, I know I use similar software to push software and updates at my store and it has me thinking twice. All this talk about using EMV cards is completely pointless on this kind of attack as memory would still hold that data on it's way to the PCI provider. It's going to take a complete overhaul of how we process cards in the CDE to address this issue and my fear is most corporate environments aren't going to push those changes and play the wait and forget game.

 

[mtp3]

Chrome's noisy tab notification is a step in the right direction. However, I was astonished that when i clicked on the speaker icon in the tab it did not mute. Now that would be truly useful

 

[Christian Long]

Apostrophe alert

"Google released it's Chrome OS-like Metro mode browser"

When are you filling that Senior Editor position, Ars?

 

[RRob]

Could you link to the evidence/report that the Target breach was an inside job, or involved hacking the patch management box?

Quoting random people from Ars who make up a theory seems out of line. It's no more professional than quoting random "authorities" on global warming, except there's even less people around to correct you.

 

[Kaji01]

As noted in the other thread, 鯉 is also pronounced as "koi" in Japanese, which provides a tie-in with the name and perpetuates the meme for another iteration.

 

[MrHumpty]

SudoShinji[/url]":1e35qri0]It looks like the group that compromised Targets web server used their own software distribution against them to spread this malware which explains why there was a lack of alerting going on, I know I use similar software to push software and updates at my store and it has me thinking twice. All this talk about using EMV cards is completely pointless on this kind of attack as memory would still hold that data on it's way to the PCI provider. It's going to take a complete overhaul of how we process cards in the CDE to address this issue and my fear is most corporate environments aren't going to push those changes and play the wait and forget game.

I was thinking along the same lines with Target. You'd have to think they compromised the distribution of the POR system images or the image itself. Even with Malware it would be very hard to get to every machine at every store. You'd have to have some sort of automated roll out and doing so covertly would be too hard to hide.

Carefully guarding that system as well as proper logging of network traffic that isn't normal or blocking all network traffic that isn't explicitly needed would have made this type of attack incredibly hard to pull off.

 

[TechBumbler]

"Target POS." Ha ha, that means two things.

 

[cuvtixo]

RRob[/url]":279bxjpr]Could you link to the evidence/report that the Target breach was an inside job, or involved hacking the patch management box?...

Quoting random people from Ars who make up a theory seems out of line. It's no more professional than quoting random "authorities" WHO DENY global warming, except there's even less people around to correct you.

There, fixed that for you.

 

[AreWeThereYeti]

I wouldn't call what happened at Target a snafu. This was more like fubarmageddon.

 

[a_v_s]

As long as Google bans their employees from using Windows as their main OS, they will not ever know how big of a clusterfuck Chrome is on touchscreens.

Windows != only touchscreen os.

Chrome on my Chromebook Pixel is perfectly fine. Same with Android.

 

[dzuzga]

With the meaning of the Chinese characters on the new Coinye meaning "carp", I think that the coin should be renamed "Koi-nye".