Mail Fishing

Not email, paper mail: Thieves, often at night, use string to lower glue-covered rodent traps or bottles coated with an adhesive down the chute of a sidewalk mailbox. This bait attaches to the envelopes inside, and the fish in this case — mail containing gift cards, money orders or checks, which can be altered with chemicals and cashed — are… Continue reading Mail Fishing

Drupalgeddon, USPS, & JavaScript – Application Security Weekly #41

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users’ data, this JavaScript can snoop on other Browser Ta… Continue reading Drupalgeddon, USPS, & JavaScript – Application Security Weekly #41

US Postal Service Left 60 Million Users Data Exposed For Over a Year

The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.

The U.S.P.S. is an independent agency of the American federal … Continue reading US Postal Service Left 60 Million Users Data Exposed For Over a Year

USPS Informed Delivery Vulnerabilities, Holiday Credit Card Fraud, Huge SMS Database Leak – WB43

This is your Shared Security Weekly Blaze for November 19th 2018 with your host, Tom Eston. In this week’s episode: USPS Informed delivery vulnerabilities, protecting yourself from credit card fraud and a huge SMS database leak. Silent Pocket is … Continue reading USPS Informed Delivery Vulnerabilities, Holiday Credit Card Fraud, Huge SMS Database Leak – WB43

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes. Continue reading U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images.

The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front and back of each envelope or package destined for a specific address. Continue reading USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

USPS ‘Informed Delivery’ Is Stalker’s Dream

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. Continue reading USPS ‘Informed Delivery’ Is Stalker’s Dream