Pillar to Post: Peter Welander's Blog 
Recent Posts
- Who's searching on "engineer?"
- Back to ExxonMobil and the skills gap
- Blackout plus five: Any improvements?
- Driving is down, biking is up
- Corn for ethanol sets record in 2008
- ExxonMobil helping plug skills gap
- EPA: Ethanol to stay
- Why drill for oil domestically?
- Reducing energy use, the hard way
- Gasoline stabilizes, now what?
Recent Comments
- Nancy McIntyre on ExxonMobil helping plug skills gap
- EPA: Ethanol to stay on EPA: Ethanol to stay
- MWegenka on Reducing energy use, the hard way
- Kirslis on Making gasoline out of coal
- John Rezabek on 3.6 billion gallons per day
Most Commented On
- Chinese pharma plants go un-inspected? (2)
- I am not a socialist (2)
- EPA: Ethanol to stay (1)
- ExxonMobil helping plug skills gap (1)
- Reducing energy use, the hard way (1)
Archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
Blog
Link This | Email this | Blog This | Comments (0)
Very scary cyber security story
One of the funny but scary cyber security stories making the rounds is the strange case of Quantina Moore-Perry. She discovered a glitch in QVC's (TV shopping channel) online store that enabled her to order items but not pay for them. Apparently she noticed that if she ordered something and then immediately canceled it, it went into some internal limbo that allowed it to ship but never produced a bill. Accounts don't explain how she made that determination, but once she did, she ordered more than 1800 items over 9 months, totaling $412,000 for which she was never charged. She then turned around and sold them on ebay. The only reason she was caught was that she didn't bother to repackage the items and some of her customers mentioned it to QVC.
Sure, this is a story that might make you smile, but might keep you awake at night if you are responsible for cyber security for your systems.
Ms. Moore-Perry is no hacker, according to the accounts. This was not the result of a complex scheme to break into QVC's system. Indeed, that's what makes it so troubling. Nothing about what she was doing rang any alarms, which is why she did it for so long. Had her customers not mentioned it, she might have gone on for years. Moreover, I wonder if others found the same "glitch" and were also taking advantage of it.
Hackers are usually caught because their activity is not what normally goes on. They're spotted because they go places in the system that nobody has any reason to go in normal operation. Viruses and other malware is spotted because it is different. These openings in the security wall can be exploited because they're almost impossible to detect. I'm sorry if I disrupt your sleep, but do such things exist in your system?
I would like to follow this up and ask some industry experts what they think. Watch this space in coming weeks.
Very scary cyber security story
November 6, 2007
One of the funny but scary cyber security stories making the rounds is the strange case of Quantina Moore-Perry. She discovered a glitch in QVC's (TV shopping channel) online store that enabled her to order items but not pay for them. Apparently she noticed that if she ordered something and then immediately canceled it, it went into some internal limbo that allowed it to ship but never produced a bill. Accounts don't explain how she made that determination, but once she did, she ordered more than 1800 items over 9 months, totaling $412,000 for which she was never charged. She then turned around and sold them on ebay. The only reason she was caught was that she didn't bother to repackage the items and some of her customers mentioned it to QVC.Sure, this is a story that might make you smile, but might keep you awake at night if you are responsible for cyber security for your systems.
Ms. Moore-Perry is no hacker, according to the accounts. This was not the result of a complex scheme to break into QVC's system. Indeed, that's what makes it so troubling. Nothing about what she was doing rang any alarms, which is why she did it for so long. Had her customers not mentioned it, she might have gone on for years. Moreover, I wonder if others found the same "glitch" and were also taking advantage of it.
Hackers are usually caught because their activity is not what normally goes on. They're spotted because they go places in the system that nobody has any reason to go in normal operation. Viruses and other malware is spotted because it is different. These openings in the security wall can be exploited because they're almost impossible to detect. I'm sorry if I disrupt your sleep, but do such things exist in your system?
I would like to follow this up and ask some industry experts what they think. Watch this space in coming weeks.
Posted by Peter Welander on November 6, 2007 | Comments (0)
Advertisement
Advertisements
