Slashdot Mirror
Slashback: Scrambled, Dreams, Stars
Well, there is just one other little thing ... jmorse writes: "In light of the recent attack on Egghead.com, the company is sending this email to its registered customers, claiming that "...Egghead.com's existing security systems interrupted the intrusion while it was in progress, and that customer data has not been compromised." Yet, later in the same email, they admit that "...In addition, reports from the credit card companies with whom we work suggest that fewer than 7,500 credit card accounts registered with us have shown possible fraudulent activity. This is a very small fraction -- less than two tenths of one percent -- of the approximately three million credit cards registered with Egghead.com. " Now, if their security systems stopped the intruders cold, why were 7500 credit cards then used fraudulently? I think Egghead has some more explaining to do..."
I think we understand each other, Mr. Bond An unnamed correspondent writes: "This e-mail showed up on the NETBSD/Dreamcast mailing list. Interesting eh?"
Interesting, that is, because it comes (seems to come? can never be too careful these days ... ) from John Byrd, manager of the Developer Technical Support department at Sega of America, who expresses interest in the recent work on Net("runs on 2-stroke oil")BSD for the Sega Dreamcast. Here's the recent Slashdot story on that port.
In it, Byrd says: "Although I can't yet release proprietary technical information publicly, there are other ways we might be able to help out with this sort of project. For example, we may be able to help with testing or verification of compatibility with various revisions of Dreamcast hardware."
Nice to hear, eh?
Mr. Walker played by Jim Carrey Finally, thanks go out to the heroic Starband installer Winston Walker. Regarding the recent story on using Starband's two-way satellite service under Linux and other OSes, Winston expresses himself thusly: "USB to serial for starband is NOT needed. You can use a 9pin to 25pin modem cable. Get rid of ALL the usb stuff on the starband No point in paying 40-50 bucks for that stupid cable (grin)."
Must tend to agree; can anyone else confirm this? Things are looking good for the move to Alpine, Texas, which seems to have some southern sky to spare.
Lest we forget The latest in our series of reprints and reactions to Jon Katz' Hellmouth columns is up.
I asked egghead specifically about this problem: Their reply:
Dear Joshua Wand,
We'd like to update you regarding your customer service request xxxxxxxx.
While we are able to remove your credit card number from your account and our customer files, if you have placed an order with us, the credit card number will remain on record with that transaction. We are required by credit card agreements to maintain these financial transactions. This information is also used when crediting or refunding your order. Please be assured we have taken significant measures to ensure this data is stored in a highly secure environment.
While the FBI investigation is still ongoing, we can now give you an update on our internal investigation, which has uncovered evidence which suggests that Egghead.com's existing security systems interrupted the intrusion while it was in progress, and that customer data has NOT been compromised.
Through our joint efforts with Kroll Associates over the past few weeks, we have taken additional steps to reduce the possibility of future incidents by continuing to strengthen our security measures. This is an ongoing process that we continue to take very seriously.
Sincerely,
Dan R
Your Customer Service Representative
If SoA is supporting this, does this mean that they just don't realize that people who buy a Dreamcast solely to run NetBSD are costing them money? Or do they take the safer (much safer) guess that someone who bought it for NetBSD would also pick up a couple games? Or are they not selling them at a loss?
-bugg
John Byrd emails and reads the dc-dev mailing list (which I'm on) fairly regularly. The general consensus is that he's legit.
The archives of the list can be found here (not too up to date as Dan Potter, who runs that site, has yet to find a good solution to archiving the list).
For more on dc dev, see Jules' site, which is more or less a good hub site for everything dc dev related.
--Psi
Max, in America, it's customary to drive on the right.
Here is the letter (bold face emphasis is mine):
u estions_login.htm
Dear Customer,
On December 22nd, as a precautionary measure I wrote to inform you of an
attack on our computer systems. Regrettably, until now, we have not been
able to update you or comment publicly on the situation, due to an ongoing
investigation into the matter.
While the FBI investigation is ongoing, I can now give you an update on our
internal investigation, which has uncovered evidence which suggests that
Egghead.com's existing security systems interrupted the intrusion while it
was in progress, and that customer data has not been compromised.
In addition, reports from the credit card companies with whom we work
suggest that fewer than 7,500 credit card accounts registered with us
have shown possible fraudulent activity. This is a very small fraction --
less than two tenths of one percent -- of the approximately three million
credit cards registered with Egghead.com. At this point it is difficult
to determine whether any fraudulent activity on this relatively small
number of credit cards can be traced back to the attack on our system, or
whether it may be the result of credit card theft elsewhere. At this point,
the evidence we have gathered to-date suggests that these credit card
numbers were NOT obtained from our site.
We have heard from many of you, and we thank you for your support and
patience as we continue the complex investigation into this unfortunate
incident. I realize that taking this precautionary measure of informing you
and the credit card companies of the breach resulted in the cancellation of
credit cards, and even embarrassment, for some of you, and we sincerely
apologize for any trouble this may have caused. However, that was the risk
we ran by going public, and it is important to understand that the actions
taken by the credit card issuers were also out of their eagerness to protect
your best interests.
Our first priority has been to protect our customers. We deeply regret
any inconvenience recent events may have caused you, but we believed that
going public with this information would help limit any possible damage,
and give you the choice of taking precautions to protect your privacy. I
believe strongly that this was the prudent and responsible course of action
for our company -- or any company -- faced with this situation.
Through our joint efforts with Kroll Associates over the past few weeks, we
have taken additional steps to reduce the possibility of future incidents by
continuing to strengthen our security measures. This is an ongoing process
that we continue to take very seriously. All of the information that we have
gathered has been turned over to the FBI, which is conducting an ongoing
investigation.
Below is the press release we will be issuing on Monday, January 8th. If
you have questions, please contact our Customer Service Department at
1-800-EGGHEAD (1-800-344-4323), which is open from 5:00 AM - 7:00PM
Pacific Time, Monday through Friday, and 7:00 AM - 3:00 PM Pacific Time,
Saturday and Sunday. You can also send an email by visiting this URL:
https://www.egghead.com/custserv/actreq/general_q
Respectfully,
Jeff Sheahan
President & CEO
Egghead.com, Inc.
Now, if their security systems stopped the intruders cold, why were 7500 credit cards then used fraudulently? I think Egghead has some more explaining to do..."
They have three million credit cards in their database. They checked with the credit card companies, and in the past little while, 7,500 of them were used fradulently. That's a very small percentage, and probably typical. Nowhere does it say that this fradulent use was in any way due to Egghead. Having your credit card number stolen online is not the only way to have it used fradulently, people. That pimply kid at the gas station could be copying down your numbers, for all you know.
Now, I know Egghead is a Corporation, and thus obviously guilty of the incredibly heinous act of trying to make money, but couldn't we at least stop trying to make shit up?
Possibly because they believe that those credit cards are fraudulently being used not from being stolen from their site but from just ordinary everyday credit card fraud. Their justification is so low a percentage of the credit cards seem to be fraudulently used that it's comparable to normal percentages of credit card fraud.
What's more likely is that the attackers haven't gotten to use all the credit cards yet ;)
"Anybody who tells me I can't use a program because it's not open source, go suck on rms. I'm not interested." (LT 2004)
This is why I always keep my Credit Cards maxed out. (Plus everybody thinks I'm a good consuemer.)
If you've not already, max out your credit cards today.
M0571y H@rml355.