CC WARNING!!! TheNerds.net HACKED

[johto]

Actually, all you defending theNerds.net and blaming Microsoft should do a little bit of research first.

IF (and I'm not sure this is true) theNerds.net is telling the truth about the security vulneribility being announced last week, it would HAVE to be MS02-024 on May 22.

If you guys go read that bulletin, Microsoft asseses (sp?) the risk to internet servers as low. Why you might ask? Well, it is because to exploit this bug the hacker must have the ability to LOG ON LOCALLY. This means they had BASIC, FUNDAMENTAL security issues... totally their fault. Hell, even getting into something would imply they either have no firewall or an idiot net admin that didn't block ports correctly.

my 2 cents

 

[XFreebie]

cant we just blame both? well they mentioned the break-in of thenerds.net over at cnet: http://news.com.com/2100-1040-930130.html?legacy=cnet&tag=lthd

 

[ValsalvaYourHeartOut]

Here is what happened:
1) TheNerds were informed by many of their customers that a hacker had obtained their full CC Database information; Full name, CC# & exp date, home address & phone number and had, as proof, sent that info to us over non secure Email.
2) Five hours later TheNerds sent an Email to their customers with this opening statement:
"Dear Customer,
TheNerds.net has discovered that a hacker has accessed our computer systems, potentially
including our customer databases. While there is no indication that any customer
information has been compromised..."

John[/quote]

No, John. That's NOT the order of what happened.

1) The Nerds realized that they had been hacked - we don't know how they realized this, but it was probably the hacker notifying them and asking for $$$ in exchange for not sending out all the CC#'s...and of course, the Nerds refused. This is how the scam works, FYI.
2) The Nerds sent out E-mail #1 warning that they had been hacked.
3) Customers e-mailed thenerds with their exposed CC#'s.
4) The Nerds sent out E-mail #2 which told people that for sure, the CC#'s had been compromised, and to cancel cards.

This "Mr. Zilterio" may, if he follows a pattern he's established when attacking other organizations, send you email which claims to present "evidence" that he has access to confidential information, and/or that he was actually trying to "help" TheNerds.Net with its security. Remember how easy it is, online, for people to forge evidence and make it appear to be legitimate."

...which makes the Nerds sound very wishywashy about what happened...too bad you didn't FINISH the quote: " All you have to do is conduct a little online research of your own about Zilterio to find proof that he is nothing more than a extortionist, a criminal, a cyber-terrorist." By taking a quote out of context and changing its meaning, I don't know who you're trying to impress.

"The problem is that they [TheNerds] didn't install a patch that was released by Microsoft one week prior. "
Then you excuse TheNerds and go on to blame *Every One/Thing Else* including me (their customer) for TheNerds' problem!

Valsalva - Your perception of reality and my perception of reality differ a bit!

Your synopsis is so inconsistent with what I actually wrote, that I'm not even going to bother to respond. Please either a) actually read what I wrote or b) work on your reading comprehension. Seriously.

My previous post can be found below, for your reference:

I'm not sure if I agree with some of you who give TheNerds a hard time...it's not like they didn't have any security on their CC database. The problem is that they didn't install a patch that was released by Microsoft one week prior. That's it. How many other companies out there do you think failed to to that??? I bet A LOT!! TheNerds obviously doesn't have the same resources as Amazon.com or Buy.com to have full-time web-admins to vigilantly stay on top of things...you can't expect that from a smaller online company, and you should accept that when you take a higher risk in order to save a little more money.

The actual problem was with the Microsoft software, which had a loophole that was discovered only recently. MICROSOFT did not produce a secure enough software product. That's #1. ...but MICROSOFT should also know that it's not 100% perfect and that it will need to patch security issues from time to time. How come Microsoft didn't have a built-in system like Symantec's Automatic LiveUpdate to automatically dl/install patches? That's #2. Then of course, you have jerks like Mr. What-his-face who hack into a bunch of online companies and demand millions of dollars in exchange for NOT releasing all those CC#'s . Obviously, thenerds can't afford to pay that, so the hacker just e-mails some customers with their CC#'s and freaks them out. Then the customers get pissed and direct their anger toward thenerds. And do you know who wins? the hacker!!! ...because of people like you who place the burden on the company and not on a) Microsoft, b) the hacker, and c) FBI/police who should have busted this guy the first time he did it.

Valsalva

 

[JPSJPS]

Originally posted by JPSJPS:

Here is what happened:
1) TheNerds were informed by many of their customers that a hacker had obtained their full CC Database information; Full name, CC# & exp date, home address & phone number and had, as proof, sent that info to us over non secure Email.
2) Five hours later TheNerds sent an Email to their customers with this opening statement:
"Dear Customer,
TheNerds.net has discovered that a hacker has accessed our computer systems, potentially
including our customer databases. While there is no indication that any customer
information has been compromised..."

John

Then, ValsalvaYourHeartOut implies that JPSJPS (John) is a liar:

No, John. That's NOT the order of what happened.
1) The Nerds realized that they had been hacked - we don't know how they realized this, but it was probably the hacker notifying them and asking for $$$ in exchange for not sending out all the CC#'s...and of course, the Nerds refused. This is how the scam works, FYI.
2) The Nerds sent out E-mail #1 warning that they had been hacked.
3) Customers e-mailed thenerds with their exposed CC#'s.
4) The Nerds sent out E-mail #2 which told people that for sure, the CC#'s had been compromised, and to cancel cards.
Valsalva
[/quote]Valsalva,
I reported *EXACTLY* what happened to *ME* and several other TheNerds' customers *in the EXACT ORDER* of how it happened!
I did this so that other TheNerds' customers could protect themselves and cancel their credit card. I felt that this was important because TheNerds, at that time, had nothing on their website and had not Emailed us about being hacked. On the phone, their customer service reps admitted that credit card info had been compromised and they were working on an Email to inform their customers. Then, Several Hours Laterthey sent out the "feel good" Email described above that misled their customers.
Now, you imply that I am a LIAR and respond with your fabricated fictional story where you PRETEND to know what happened.


Said by Valsalva:
"too bad you didn't FINISH the quote" from Mr. Zilterio.
Valsalva - The WHOLE message was quoted earlier and trimmed here for emphasis!


Said by Valsalva:
"Your synopsis is so inconsistent with what I actually wrote, that I'm not even going to bother to respond. Please either a) actually read what I wrote or b) work on your reading comprehension. Seriously."
Valsalva - My synopsis you criticize is this quote of *YOUR* earlier statement!:
"The problem is that they [TheNerds] didn't install a patch that was released by Microsoft one week prior. "


Valsalva - Ok, GOOD - Do NOT respond, cause it's is not gonna work - You have already told all about yourself!
Isn't it amazing how some threads end up going into the sewer like this?

Man, you should go to work for TheNerds - Or do you?
You both "think" alike!

John

 

[MrCoyote]

The Nerds should not store full Credit Card numbers on their servers! This is down right stupid. I told them to erase my whole account and information, so I better check back with them to see if they did. Else I'm going to complain big time.Credit Card numbers should be ONE time use only!

 

[Beldar]

I used my credit card with them three weeks ago and have not seen any charges yet. I will keep an eye out.

I must say, that in my opinion no matter how much time they spend applying patches to the server, the hacker will always be better than Microsoft and find a way in if he really wants to. The best we can hope for is that they don't store the credit cards on the server. If they do than they should be incrypted at a minimum.

just my $.02

 

[ValsalvaYourHeartOut]

[/quote]Valsalva,
I reported *EXACTLY* what happened to *ME* and several other TheNerds' customers *in the EXACT ORDER* of how it happened!
I did this so that other TheNerds' customers could protect themselves and cancel their credit card. I felt that this was important because TheNerds, at that time, had nothing on their website and had not Emailed us about being hacked. On the phone, their customer service reps admitted that credit card info had been compromised and they were working on an Email to inform their customers. Then, Several Hours Laterthey sent out the "feel good" Email described above that misled their customers.
Now, you imply that I am a LIAR and respond with your fabricated fictional story where you PRETEND to know what happened.[/quote]

You are such an idiot. If they KNEW the CC#'s were compromised at the time, then why would they purposely send out a "feel good" e-mail, knowing full well that they would have to send out a "CC#'s stolen" e-mail a few hours later? Any moron could tell you that a "feel good" e-mail followed by a "CC#'s stolen" e-mail makes you look like you don't know what the heck is going on. ...it is more plausible that the second e-mail was sent out as soon as it was confirmed that the CC#'s had been compromised (e.g. enough of you guys called in tell them, and then the company heads became informed, and then the e-mail writer was told to write the e-mail, and then the e-mail was written). There's obviously a lag time between informing different departments and taking action. Believe it or not, I'm sure TheNerds is not linked together by telepathy, although they might be in your fantasy world.

The WHOLE message was quoted earlier and trimmed here for emphasis!

Again, fantasy world. "trimmed here for emphasis" is the not the same as "taken out of context in order to distort the meaning." Again, this is what you quoted:
This "Mr. Zilterio" may, if he follows a pattern he's established when attacking other organizations, send you email which claims to present "evidence" that he has access to confidential information, and/or that he was actually trying to "help" TheNerds.Net with its security. Remember how easy it is, online, for people to forge evidence and make it appear to be legitimate
And this is what you left out:
All you have to do is conduct a little online research of your own about Zilterio to find proof that he is nothing more than a extortionist, a criminal, a cyber-terrorist.
The meaning changes 180 degrees when you add that last line back in. If you really had a legitimate point, you wouldn't have to twist reality around like that.

Ok, GOOD - Do NOT respond, cause it's is not gonna work - You have already told all about yourself!"

Exactly. I post a set of arguments, and you either a) didn't read them and responded anyway or b) have reading comprehension below the junior high level. Either way, it's not surprising that I got the above response...not at all.

Man, you should go to work for TheNerds - Or do you?
You both "think" alike!
John

I obviously don't work for TheNerds...but I have offered a series of arguments for why I believe we are placing too much blame on TheNerds. Unfortunately, I think for many of us, our knee-jerk reaction in this type of situation is to blame whomever is convenient. I have already invited you to address my arguments, and I had even copied and pasted them for your reference in my last post. ...so as they say, "Put up, or shut up."

Valsalva

 

[JPSJPS]

Valsalva - I don't believe my eyes!
You have a real mental problem.
Do you have a functional brain?

My original post shows the timing of both of the TheNerds' Emails compared to when they knew for sure that my full information had been hacked!

I described *exactly* what actually happened and *exactly* when it happened to help protect others in my same sitiation.
Do you realize that the headers on those two Email messages I received show the time that those Emails were sent on the *sending (TheNerds)* computer?

Now you actually seem to believe that a ridiculous argument that you fabricated in your little "mind" will change those factual times!

And you expect me to respond to those insane arguements? You are completely nuts!

With every post, you prove yourself to be a bigger and bigger fool!

BYE,

John

 

[ValsalvaYourHeartOut]

My original post shows the timing of both of the TheNerds' Emails compared to when they knew for sure that my full information had been hacked!

You original post fails to account for lag time in the following: time for operators to receive phone calls from customers who got CC# e-mails, time for operators to realize that there were a LOT of callers like this = notify someone, time for higher-ups to be notified, time for higher-ups to confer and make another decision, time for higher-ups to contact the e-mail writing guy, time for e-mail writing to guy to draft the e-mail, time for e-mail guy to send e-mail, time for e-mail to arrive. You seem to believe that "once TheNerds" got your phone call, the first e-mail should never have gone out...again, I'd be willing to bet that the 1st e-mail was being drafted in response to knowledge that they had been hacked, but BEFORE the higher-ups told the e-mail guy to send out the 2nd e-mail.

You obviously don't have sufficient evidence to accuse these people of intentionally sending out e-mail #1 with the intention to deceive. Not only that, but your story doesn't make any sense, because if they knew CC#'s had been compromised, why the heck would they send out E-mail #1 when they knew they would have to send out E-mail #2 hours later?? It would have made them look worse!! Just because YOU want so very much to believe that you were deceived doesn't mean that you were indeed intentionally deceived.

I described *exactly* what actually happened and *exactly* when it happened to help protect others in my same sitiation.
Do you realize that the headers on those two Email messages I received show the time that those Emails were sent on the *sending (TheNerds)* computer?

Again, you fail to account for lag time. See above. "TheNerds" is not one entity...it is a company with different departments and different employees. Just because the phone people learn of your CC# problem doesn't mean the rest of TheNerds will know that very instant....and it doesn't mean TheNerds will be able to respond that very instant either. Again, see above. It's a very simple concept...take some time and think about it.

Now you actually seem to believe that a ridiculous argument that you fabricated in your little "mind" will change those factual times!
And you expect me to respond to those insane arguements? You are completely nuts! With every post, you prove yourself to be a bigger and bigger fool!

My arguments were NOT related to the timing of events. My arguments were related to who we should blame in this situation, irrespective of the timing. I think it's funny how you call my arguments "ridiculous" and "insane," yet you COMPLETELY miscontrue what my arguments are pertaining to!!!! I think it goes without saying who the bigger and bigger fool is.

(psss...the answer is: You, cuz I'm sure you had to think about that one too.)

Valsalva

 

[Technogeek]

Just what the hell does "ValsalvaYourHeartOut" mean??

 

[ValsalvaYourHeartOut]

Originally posted by: Technogeek
Just what the hell does "ValsalvaYourHeartOut" mean??

I'm not entirely sure myself...it's open to interpretation...

Valsalva

 

[Mday]

free bump with a comment:

the security of a transaction is only as secure as the weakest part in the transaction. the failure can come at your end, the transmission, and\or the seller.

 

[XFreebie]

or just blame microsoft, they still control everything