Stop & Shop acknowledges security breach

By SearchSecurity.com Staff 19 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Customer information was stolen from Stop & Shop stores in Coventry and in Cranston, and there's suspicion that stores in Bristol, Providence, Warwick, and Seekonk were affected, according to an announcement on its Web site. There's no evidence yet of fraudulent debit or credit card activity in connection with the security breach.

The supermarket chain said the data, consisting of credit card numbers and associated pin numbers were stolen in early February.

"Although we do not yet have enough information to determine the extent of this criminal activity, compromised debit and credit cards that we are aware of are limited to specific transactions at two stores," the supermarket chain said in a letter to customers on its Web site.

It wasn't immediately clear how many customers were affected by the thefts.

No arrests have been made. Local police departments and the U.S. Secret Service are investigating.

Apple fixes multiple flaws
Apple has released a security update for Mac OS X that fixes several vulnerabilities, including some disclosed as part of the Month of Apple Bugs project. They include:

• A boundary error in Finder attackers could exploit to cause a buffer overflow or run malicious code by tricking the user into mounting a malicious disk image.
• A null-pointer dereference error in iChat Bonjour attackers could exploit to crash an application.
• A format string error in how AIM URLs are handled in iChat, which attackers could exploit to launch malicious code.
• An error in the UserNotificationCenter local attackers could exploit to enhance their user privileges.

Cookie flaw found in Firefox
Researcher Michal Zalewski has reported a new Mozilla Firefox flaw attackers could exploit via a malicious Web site to manipulate authentication cookies for a third-party Web site. According to Zalewski's Bugzilla forum posting, the problem is an origin validation error in how the browser handles the "location.hostname" property. Remote attackers could exploit this to steal authentication cookies from arbitrary sites by tricking a user into visiting a specially crafted Web page. The flaw affects Firefox versions 2.0.0.1 and prior.

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research Web Browser Security Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Firefox update addresses several security flaws Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary