Wednesday, June 27, 2012

This suggest a failure by policy. And what are “proper incident response procedures” and where are they documented?
FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information
June 26, 2012 by admin
Woo hoo. I had such a headache trying to sort out Wyndham’s breaches (see previous blog entries on Wyndham) and was concerned that at least one state had removed their notification from public view on the state’s web site because Wyndham had asked that it be treated as confidential. Now it seems the FTC has gone after them (complaint) and that Wyndham’s breaches allegedly affected over 500,000 customers. From the FTC today:
The Federal Trade Commission filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.
… In its complaint, the FTC alleges that Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information, and that its failure to safeguard personal information caused substantial consumer injury. The agency charged that the security practices were unfair and deceptive and violated the FTC Act.
… Ultimately, the breach led to the compromise of more than 500,000 payment card accounts, and the export (sic) hundreds of thousands of consumers’ payment card account numbers to a domain registered in Russia.
Even after faulty security led to one breach, the FTC charged, Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures. As a result, Wyndham’s security was breached two more times in less than two years.

(Related) Another 'less than stellar' response? Looks like “speak with one voice' isn't one of their “Best Practices.”
From the a-little-birdie-told-me dept.
June 26, 2012 by admin
A Charter One customer called Charter One after her debit card was refused at a merchant. It seems that someone had tried to put through a micro-charge on the card that morning and Charter One had cancelled the card because of the suspicious activity. When she asked why she hadn’t been called about the matter, an employee reportedly told her that Charter One was busy dealing with thousands of breached cards from a third-party processor and didn’t have time to call customers. [Translation: Customers be damned, we could lose money! Bob]
Third-party processor and a rash of charges on compromised cards? Hmmm.

How else should my Ethical Hackers repay their student loans?
"Billionaire Mark Cuban talks in an interview with the Wall Street Journal about how he thinks high-frequency trading can be quite damaging to stock markets. He goes so far as to call high-frequency traders the 'ultimate hackers.' [Translation: Really good Bob] He says, 'They're running software programs that have one goal, and that's to exploit the trading systems as early and often as possible. [They didn't write the rules... Bob] As someone who wrote software for eight years and who keeps up very closely with the technology world, that scared the hell out of me. The only certainty in the software world is that there is no such thing as bug-free software. When software programs are trying to outsmart other software programs and hack the world's trading platforms, that is a recipe for disaster. ... How many times an hour are there failures across individual equities around the world because of software running algorithms battling each other for supremacy to make a profitable trade? We have no idea. It's not a question of if or when we have meltdowns, it's just a question of how big and where. It's straight out of War Games. And that's before we even get to the possibility of nefarious or sovereign hackers getting involved.'"

If you keep teasing the kitten, don't be surprised when you get an unpredictable cat.
"A series of reports shows that the U.S. and Israel are engaged in a cyber war with Iran to stop it from developing nuclear weapons. Oddly enough, at the same time, the United States and others nations are trying to negotiate with Iran. As America and others start the world's first undeclared cyber-wars, dangerous precedents are being set that this type of warfare is without consequences. Such ideas could not be further from from truth."

Welcome to the world of Behavioral Advertising...
Orbitz Discriminates Against Mac Users ... Just Like It Should Be Doing
The Wall Street Journal has a great scoop: Orbitz, the online travel agency, has realized that users who visit the site on Mac computers spend as much as 30 percent more on hotels than their PC-using counterparts. Based on that insight, the company is starting to show Mac-based visitors different, and sometimes more expensive, hotel options.

Interesting idea. Take public statements and make them even more public (public-er?) Would this site help educate my students? When Trashing Your Boss on Facebook Suddenly Becomes Very Public
Let me give you this hypothetical about privacy. You and a friend walk into a public subway station having a conversation about how much you hate your boss. Someone happens to be recording every word spoken listening for the search string "hate my boss" while running facial recognition software to figure out who you are. This information is then being posted in another public location for anyone and everyone to see. Would that be OK?
My intuition is that almost everyone reading this post would say no. And yet, that is precisely what the website, is doing with public Facebook updates. The site scrapes public Facebook updates and searches for people saying "hate my boss," discussing doing drugs, giving out their phone numbers, or complaining about being hungover. It then handily formats them for broader consumption.

Perspective: Unplanned increases cause bottlenecks... Is this why everything seems so slow? For example, every question in my online Math homework has a video attached and I send students to and other online Math sites, all with video.
High Definition Video Clogs Corporate Networks
If you could somehow peek inside the pipes of your typical corporate network, you’d see a whole heck of a lot of streaming video and P2P filesharing.
That’s what network scanning company Palo Alto Networks discovered when it took a look at more than 2,000 corporate networks between November 2011 and May of this year.
In the past six months, the amount of bandwidth used by streaming video software has quadrupled, according to Chris King, the company’s director of product marketing. And P2P filesharing traffic is up seven-fold, he says. It’s not that more companies are allowing P2P or video streaming. It’s just that the people doing it are using a lot more bandwidth. “It’s a massive increase within the companies that are using them,” he says. “There’s just more comfort with getting busted using streaming at work.”

Perspective: Noticing changes in your operating environment can allow you time to plan a solution. Also, not all your growth is due to customer activity.
Facebook Future-Proofs Data Center With Revamped Network
When Facebook started work on its new data center in Forest City, North Carolina, the idea was to create pretty much an exact copy of the new-age facility the company had just built in the high desert of central Oregon. “The blueprint we’d put together was pretty good,” says Jay Parikh, the man who oversees Facebook’s entire data center infrastructure. “We felt that all we needed to do was lather, rise, and repeat.”
But about two months into the project, Parikh and company decided this was a poor idea — not because the Oregon facility was deficient in any way, but because Facebook’s network traffic had changed in a big way and, as is always the case in the internet world, more changes were on the horizon. “We decided to change everything,” Parikh says. “We realized that we have to make sure our infrastructure is several steps ahead of what we need now.”
What Facebook noticed was a significant jump in the traffic generated by its internal services — software systems that generate things like friend recommendations and realtime notifications. These services work in tandem to build each new Facebook page, and the bits traveling between these services was growing exponentially faster than the traffic to and from the internet.

“It is better to look good than to feel good.” Fernando (Billy Crystal) on SNL Perhaps not the best education strategy?
San Diego schools spend $10M on iPads for students
The purchase, reported by several local media outlets, is said to be one of the largest educational iPad rollouts in the U.S. K-12 market. The 26,000 iPads will be spread out in 340 classrooms starting this fall.

(Related) Insight or sour grapes? Videos and transcript in the article, you be the judge.
"In a detailed interview on the future of education, Bill Gates was surprisingly down on tablets in education — considering that Microsoft just released Surface. He said low-cost PCs are the thing for students, and he dismissed the idea that simply giving gadgets to students will bring change. Quoting: 'Just giving people devices has a really horrible track record. You really have to change the curriculum and the teacher. And it's never going to work on a device where you don't have a keyboard-type input. Students aren't there just to read things. They're actually supposed to be able to write and communicate. And so it's going to be more in the PC realm—it's going to be a low-cost PC that lets them be highly interactive.'"

For my students...
Today, Google announced the launch of a new MOOC - Massive Open Online Course - titled Power Searching With Google. The course will contain six 50 minute sessions and activities to try out the things that are taught in the course. Upon completion of the course you will be able to get a certificate of completion (presumably suitable for printing at home and putting on your refrigerator). The course begins on July 10. Registration is open now.
Applications for Education
If you're familiar with advanced Google search tools, you can handle all of Dan Russell's search challenges, and you're ready to take the next step toward being a power searcher, take this new course. And even if you're not up to speed with all of the advanced search tools in Google, this MOOC could help you too. Take the course this summer and pass on your new search skills to your students in the fall. 

No comments: