Jump to content

Smith & Wesson Cyberattack


quedz

Recommended Posts

5 minutes ago, No_0ne said:

Damn Russians, at it again ...

Or is it the Ukrainians now, I forget ...

Or Berkeley liberals?

Regardless, I am sick and damn tired of CC security breaches.  “Checking your statements and credit report” is poor recompense for having to deal with such a violation of one’s business.

  • Like 1
Link to comment
4 minutes ago, Garufa said:

Or Berkeley liberals?

Regardless, I am sick and damn tired of CC security breaches.  “Checking your statements and credit report” is poor recompense for having to deal with such a violation of one’s business.

I'm resigned to the fact that it's just a facet of living in the connected world.  As with other areas (think DVD piracy, "jailbreaking" cable and dish receivers as past examples), whatever security measures are implemented will always eventually be compromised by those with the skills, time and equipment to do so ...

Link to comment

In all honesty, I bet the web store side is outsourced, or at least ran on 3rd party servers. Usually when it starts the IT guys get to give it a green light and keep up with it. At some point someone puts reduced cost above security and changes are made that put things at risk.  Cheaper hosting companies, cheaper 3rd party vendor software, and etc. end up meaning less security. How else can they do it cheaper without cutting things out?

  • Like 1
Link to comment
2 hours ago, Ronald_55 said:

In all honesty, I bet the web store side is outsourced, or at least ran on 3rd party servers.

I have not seen any indication the web store was run by a third party, but this article indicates it was probably an unpatched, open source, e-commerce platform that gave the hacker(s) an entry point.

https://www.securityweek.com/website-gunmaker-smith-wesson-hacked-magecart-attack

Link to comment
10 hours ago, Ski said:

I have not seen any indication the web store was run by a third party, but this article indicates it was probably an unpatched, open source, e-commerce platform that gave the hacker(s) an entry point.

https://www.securityweek.com/website-gunmaker-smith-wesson-hacked-magecart-attack

"I just can't believe my car was stolen officer!"

"Me neither sir. So I make sure I get it right in the report, it was parked on a dark corner in THIS neighborhood, with the windows down and the engine running?"

"Well sure. Why not?"

Link to comment
14 hours ago, Garufa said:

Regardless, I am sick and damn tired of CC security breaches.  “Checking your statements and credit report” is poor recompense for having to deal with such a violation of one’s business.

Agreed. Every since I got bent over by Equifax a few years ago I've had a credit freeze in place for both my wife and myself.  It's a pain. 

Link to comment
15 hours ago, Garufa said:

Or Berkeley liberals?

Probably. Because even the Russians would know that no one buys anything at the Smith & Wesson Online store. All that stuff is offered at a lower price on S&W vendors websites.

Call me paranoid, but that’s why I won’t text pictures, or give out a phone number on gun deals until we are near a deal. Too many people are going after anyone that has anything to do with guns. They are trying to put names with phone numbers and email addresses. When someone wants me to text pictures of “the item” to them; somethings up.

Link to comment

If your bank account was the same numbers as your Social Security number, how rich would you be? 

Believe it or not, I saw where somebody posted this on one of those social media sites and people actually answered.  :wall:

"Only two things are infinite. The universe and human stupidity. And I have my doubts about the former." Albert Einstein  ;)

Edited by Grayfox54
Link to comment
  • 2 weeks later...
On 12/5/2019 at 9:40 PM, Trekbike said:

Probably had it hosted on Hillary's server.   I don't think she's using it anymore.    

This article says how it was done

https://www.pcmag.com/news/372335/smith-wessons-website-hacked-to-steal-credit-card-details

 

If you recently bought something from Smith & Wesson on Black Friday, watch out. The gun manufacturer's website has been spotted hosting computer code that can steal your credit card details and forward it to hackers. The code was injected into the Smith & Wesson's website on Nov. 27 and remained there until Tuesday morning, according to fraud detection company Sanguine Security, which first noticed the "payment card skimming" attack. The data collection works via a Javascript program that'll run when a US-based browser loads the Smith & Wesson website. The program remains relatively dormant until the user goes to the checkout process, at which point the malicious Javascript will fully activate to create a fake payment form. Any payment card details entered will then be collected and sent off to a hacker-controlled website.

Link to comment
On 12/5/2019 at 7:45 PM, No_0ne said:

I'm resigned to the fact that it's just a facet of living in the connected world.  As with other areas (think DVD piracy, "jailbreaking" cable and dish receivers as past examples), whatever security measures are implemented will always eventually be compromised by those with the skills, time and equipment to do so ...

There's an axiom that reads something like ... "code making  technology will always lag behind code breaking technology".

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.