I apologize for not talking about the main topic here but I have to say what an obnoxious website! I can't read the article because it says:

   Premium Content Area
   Please complete a survey to unlock this page.
   Download F1 Racing Challenege Today!
   How Would You Look As A Redneck?
   How Would You Look As A Zombie?
   Download 1600 Games! Full Versions!
   Want To See Yourself As An Elf?
   How Would You Look As A Vampire?

When I try to close the tab, it asks me "Help keep this content free. Please take one minute to complete a SPAM-free market research survey to gain access to this special content. Are you sure you want to leave?"

YES. Especially when I can read it easily on http://techland.time.com/2011/06/09/now-citibank-hacked-thou...

If annoying your visitors and harassing them into taking ridiculous surveys is the only way to keep your site running, your business plan is seriously flawed.

BTW this comment refers to the bogus site this originally linked to.

I thought I was going mad for a second until I moved on to your comment.

Your post reminded me to turn off ad-block and no-script on HN. Thanks! I didn't see any of that stuff on that site with these on by default.

I had a Citibank VISA as payment from Google Summer of Code 2009 that started getting $100 charges each month about a year later. I assumed it was some sort of fee, but it turned out my information was stolen (despite me never using the card once). Thankfully, someone noticed this activity on several cards and I was reimbursed.

How would you guess that your information was stolen?

I wonder when corporations will start taking true computer security seriously? Because it seems to me that companies just aren't. Toyota, Sony, Citibank, that construction company who allowed their computers to be compromised and thus have hundreds of thousands of dollars stolen.

It's a good time to be a hacker in the classic unlawful sense. Because of that, these events are only going to get worse and more frequent.

Corporations won't start taking computer security more seriously until they start facing serious business or legal consequences from being hacked.

There's a perception problem: "being hacked" means you are a victim, and the question of negligence rarely comes into play. There should be more stigma associated with it, so that someone who has a serious security problem is seen as the lax/irresponsible party to a breach that they really are.

My reaction is similar. Specifically, I recall reading a few years ago some stories/comments about differences between banking in the U.S. versus Europe. For example, IIRC, one reason Europe had... I believe it's called "chip and PIN" on banking cards, was/is that banks are financial liable for losses.

Occasionally, a good article will appear that discusses "risk". I've come to assign great relevance to the term; many circumstances and changes "make sense" when you look at where risk is or is being shifted.

It's also a good time to be a security expert then.

That website is terribly annoying. Please don't post things like that.

FWIW, my Citi card info was stolen and used last week. This despite never being out of my possession.

About 2 months ago my citi card was charged for various things originating in L.A. and also small purchases online such as netflix. I was in possession of the card the whole time. Citibank refunded me all the charges.

The same news from a source that doesn't fade out the content and put a pop-over, or pop up messages as you try to leave the page: http://www.bbc.co.uk/news/technology-13711528

So the thing I keep wondering is, where is all this data going? Outside of the high-profile Lockheed Martin attempt, have there been any reports of accounts, particularly consumer accounts, getting hacked as a result of these attacks?

Also, is there any indication of who is behind these attacks? For arguments sake, I'll buy that Anon was behind the Sony attacks, but RSA? Lockheed Martin? Major banks like Citibank? Those are huge targets.

Credit card numbers get sold to people who use them to commit fraudulent purchases.

That is one of the most aggressive subscription-pushing site I know.

Seriously. It actually checks that you've completed one of the surveys! And checks for ad-blocking the wedget to prevent page load.

There is no way its content is worth all the hassle.

If you hit a site like that when looking at a news story, just slap the keywords from the headline into Google News to find many copies of the same information in a less irritating package, such as the BBC (http://www.bbc.co.uk/news/technology-13711528 in this case).

I would search the BBC directly but the last few times I've tried their search feature has failed to find the relevant story when an external search provider (Google in my case) found it easily...

>It has been criticised for not telling customers about the breach when it happened in May.

Really now? This needs to stop, it wasn't ok a decade ago, it wasn't ok when Sony pulled this recently, why would they think it's ok now?

The tense is weird in that sentence you quoted. If this information came out today, when were they criticized?

I'm making a huge leap based on the title alone, I'm going to assume that they( and I guess others) knew about this and are just not confirming what everyone believed.

Time isn't binary, the fact that something happened "today" doesn't mean that no time has passed between when it happened and now.

Is it illegal to have negligence with security in exposing personally identifying data in USA?

When did I say it's illegal? I said it needs to stop.

Wouldn't matter if it was, it's a corporation (and a bank) no-one will serve a day. They would just have to pay a small fine (from their billions in profits).

Security became a hot topic about 10 years ago and thought it will be become a mandatory/important class in degree courses just like programming or OS is there by increasing the knowledge/awareness among every techie. I realized a few years later how naive that was.

Can anyone tell if this is connected to the RSA SecurID compromise?