News Analysis

Security news round up: Retailer acknowledges security breach

SearchSecurity.com Staff
Quincy, Massachusetts-based supermarket chain Stop & Shop has acknowledged that thieves stole account and personal identification numbers from customers' credit and debit cards at two Rhode Island locations by tampering with checkout-lane computers.

Customer information was stolen from Stop & Shop stores in Coventry and in Cranston, and there's suspicion that stores in Bristol, Providence, Warwick, and Seekonk were affected, according to an announcement on its Web site. There's no evidence yet of fraudulent debit or credit card activity in connection with the security breach.

The supermarket chain said the data, consisting of credit card numbers and associated pin numbers were stolen in early February.

"Although we do not yet have enough information to determine the extent of this criminal activity, compromised debit and credit cards that we are aware of are limited to specific transactions at two stores," the supermarket chain said in a letter to customers on its Web site.

It wasn't immediately clear how many customers were affected by the thefts.

No arrests have been made. Local police departments and the U.S. Secret Service are investigating.

Apple fixes multiple flaws
Apple has released a security update for Mac OS X that fixes several vulnerabilities, including some disclosed as part of the Month of Apple Bugs project. They include:

  • A boundary error in Finder attackers could exploit to cause a buffer overflow or run malicious code by tricking the user into mounting a malicious disk image.
  • A null-pointer dereference error in iChat Bonjour attackers could exploit to crash an application.
  • A format string error in how AIM URLs are handled in iChat, which attackers could exploit to launch malicious code.
  • An error in the UserNotificationCenter local attackers could exploit to enhance their user privileges.

Cookie flaw found in Firefox
Researcher Michal Zalewski has reported a new Mozilla Firefox flaw attackers could exploit via a malicious Web site to manipulate authentication cookies for a third-party Web site. According to Zalewski's Bugzilla forum posting, the problem is an origin validation error in how the browser handles the "location.hostname" property. Remote attackers could exploit this to steal authentication cookies from arbitrary sites by tricking a user into visiting a specially crafted Web page. The flaw affects Firefox versions 2.0.0.1 and prior.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy