Stop & Shop acknowledges security breach

By SearchSecurity.com Staff 19 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Customer information was stolen from Stop & Shop stores in Coventry and in Cranston, and there's suspicion that stores in Bristol, Providence, Warwick, and Seekonk were affected, according to an announcement on its Web site. There's no evidence yet of fraudulent debit or credit card activity in connection with the security breach.

The supermarket chain said the data, consisting of credit card numbers and associated pin numbers were stolen in early February.

"Although we do not yet have enough information to determine the extent of this criminal activity, compromised debit and credit cards that we are aware of are limited to specific transactions at two stores," the supermarket chain said in a letter to customers on its Web site.

It wasn't immediately clear how many customers were affected by the thefts.

No arrests have been made. Local police departments and the U.S. Secret Service are investigating.

Apple fixes multiple flaws
Apple has released a security update for Mac OS X that fixes several vulnerabilities, including some disclosed as part of the Month of Apple Bugs project. They include:

• A boundary error in Finder attackers could exploit to cause a buffer overflow or run malicious code by tricking the user into mounting a malicious disk image.
• A null-pointer dereference error in iChat Bonjour attackers could exploit to crash an application.
• A format string error in how AIM URLs are handled in iChat, which attackers could exploit to launch malicious code.
• An error in the UserNotificationCenter local attackers could exploit to enhance their user privileges.

Cookie flaw found in Firefox
Researcher Michal Zalewski has reported a new Mozilla Firefox flaw attackers could exploit via a malicious Web site to manipulate authentication cookies for a third-party Web site. According to Zalewski's Bugzilla forum posting, the problem is an origin validation error in how the browser handles the "location.hostname" property. Remote attackers could exploit this to steal authentication cookies from arbitrary sites by tricking a user into visiting a specially crafted Web page. The flaw affects Firefox versions 2.0.0.1 and prior.

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary