From maxsec at gmail.com  Sat Jan 19 11:54:38 2013
From: maxsec at gmail.com (Martin Hepworth)
Date: Sat, 19 Jan 2013 11:54:38 +0000
Subject: Chip and Pin compromised at B&N US
Message-ID: <CAGDKorLT6GBEdDv2c26n+cySt-X6JbNRQEV4hEcBJPunpDgXaw@mail.gmail.com>

Interesting story here..


http://blog.elementps.com/element_payment_solutions/2013/01/data-breach-hits-barnes-noble.html

Anyone any knowledge of the C&P terminals used etc as I'm not aware of C&P
being 'popular' in the USA (well it's been a couple years since I was last
there and things change rapidly, so could have gained alot of traction by
now).

-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130119/c4b739bf/attachment.html>

From benc at hawaga.org.uk  Sat Jan 19 17:35:14 2013
From: benc at hawaga.org.uk (Ben Clifford)
Date: Sat, 19 Jan 2013 17:35:14 +0000 (UTC)
Subject: Chip and Pin compromised at B&N US
In-Reply-To: <CAGDKorLT6GBEdDv2c26n+cySt-X6JbNRQEV4hEcBJPunpDgXaw@mail.gmail.com>
References: <CAGDKorLT6GBEdDv2c26n+cySt-X6JbNRQEV4hEcBJPunpDgXaw@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.1301191731450.27038@dildano.hawaga.org.uk>



On Sat, 19 Jan 2013, Martin Hepworth wrote:

> Interesting story here..
> 
> ?http://blog.elementps.com/element_payment_solutions/2013/01/data-breach-hits-barnes-noble.html
> 
> Anyone any knowledge of the C&P terminals used etc as I'm not aware of C&P being 'popular' in the USA (well
> it's been a couple years since I was last there and things change rapidly, so could have gained alot of
> traction by now).

That article does not seem to refer to C&P. Using PIN at point of sale has 
been pretty common in the US for longer than in the UK, using 
magstripe+pin.

-- 

From tony.naggs at googlemail.com  Sat Jan 19 19:53:57 2013
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Sat, 19 Jan 2013 19:53:57 +0000
Subject: Chip and Pin compromised at B&N US
In-Reply-To: <CAGDKorLT6GBEdDv2c26n+cySt-X6JbNRQEV4hEcBJPunpDgXaw@mail.gmail.com>
References: <CAGDKorLT6GBEdDv2c26n+cySt-X6JbNRQEV4hEcBJPunpDgXaw@mail.gmail.com>
Message-ID: <CAK0b=2fFo=ngciOW5rmt9BbVLN0tbdoiP=MELhOU-ziZToYRGQ@mail.gmail.com>

Hi

On 19 January 2013 11:54, Martin Hepworth <maxsec at gmail.com> wrote:
> Interesting story here..
>
>
> http://blog.elementps.com/element_payment_solutions/2013/01/data-breach-hits-barnes-noble.html
>
> Anyone any knowledge of the C&P terminals used etc as I'm not aware of C&P
> being 'popular' in the USA (well it's been a couple years since I was last
> there and things change rapidly, so could have gained alot of traction by
> now).

This seems to be a retelling of the news story from late October last year, eg
http://www.huffingtonpost.com/2012/10/24/barnes-noble-credit-card-hacked-_n_2007585.html

Details include:
    Barnes & Noble said it disconnected all of the devices, which
allow customers to swipe
    their debit and credit cards at checkout counters, on Sept. 14 and
notified the FBI and
    the U.S. attorney's office in the Southern District of New York.

Public disclosure apparently having been delayed at the request of the
investigating law
enforcement agencies.
Regards,
Tony