Quincy, Massachusetts-based supermarket chain Stop & Shop has
acknowledged that thieves stole account and personal identification
numbers from customers' credit and debit cards at two Rhode Island
locations by tampering with checkout-lane computers.
Customer information was stolen from Stop & Shop stores in
Coventry and in Cranston, and there's suspicion that stores in
Bristol, Providence, Warwick, and Seekonk were affected, according
to an announcement on its Web site. There's no evidence yet of
fraudulent debit or credit card activity in connection with the
security breach.
The supermarket chain said the data, consisting of credit card
numbers and associated pin numbers were stolen in early
February.
"Although we do not yet have enough information to determine the
extent of this criminal activity, compromised debit and credit
cards that we are aware of are limited to specific transactions at
two stores," the supermarket chain said in a letter to customers on
its Web site.
It wasn't immediately clear how many customers were affected by
the thefts.
No arrests have been made. Local police departments and the U.S.
Secret Service are investigating.
Apple fixes multiple flaws
Apple has released a
security update for Mac OS X that fixes several
vulnerabilities, including some disclosed as part of the
Month of Apple Bugs project. They
include:
- A boundary error in Finder attackers could exploit to cause a
buffer overflow or run malicious code by tricking the user into
mounting a malicious disk image.
- A null-pointer dereference error in iChat Bonjour attackers
could exploit to crash an application.
- A format string error in how AIM URLs are handled in iChat,
which attackers could exploit to launch malicious code.
- An error in the UserNotificationCenter local attackers could
exploit to enhance their user privileges.
Cookie flaw found in Firefox
Researcher Michal Zalewski has reported a new Mozilla Firefox flaw
attackers could exploit via a malicious Web site to manipulate
authentication cookies for a third-party Web site. According to
Zalewski's
Bugzilla
forum posting, the problem is an origin validation error in how
the browser handles the "location.hostname" property. Remote
attackers could exploit this to steal authentication cookies from
arbitrary sites by tricking a user into visiting a specially
crafted Web page. The flaw affects Firefox versions 2.0.0.1 and
prior.