This suggest a failure by policy. And
what are “proper
incident response procedures” and where are they
documented?
FTC
Files Complaint Against Wyndham Hotels For Failure to Protect
Consumers’ Personal Information
June 26, 2012 by admin
Woo hoo. I had such a headache trying
to sort out Wyndham’s breaches (see previous blog entries on
Wyndham) and was concerned that at least one state had removed their
notification from public view on the state’s web site because
Wyndham had asked that it be treated as confidential. Now it seems
the FTC has gone after them (complaint)
and that Wyndham’s breaches allegedly affected over 500,000
customers. From the FTC today:
The Federal Trade
Commission filed suit against global hospitality company Wyndham
Worldwide Corporation and three of its subsidiaries for alleged data
security failures that led to three data breaches at
Wyndham hotels in less than two years. The FTC alleges
that these failures led to fraudulent charges on consumers’
accounts, millions of dollars in fraud loss, and the export of
hundreds of thousands of consumers’ payment card account
information to an Internet domain address registered in Russia.
… In its
complaint, the FTC alleges that Wyndham’s
privacy policy misrepresented the security measures that the company
and its subsidiaries took to protect consumers’ personal
information, and that its failure to safeguard
personal information caused substantial consumer injury. The agency
charged that the security practices were unfair and deceptive and
violated the FTC Act.
… Ultimately,
the breach led to the compromise of more than 500,000 payment card
accounts, and the export (sic) hundreds of thousands of consumers’
payment card account numbers to a domain registered in Russia.
Even after faulty
security led to one breach, the FTC charged, Wyndham still failed to
remedy known security vulnerabilities; failed to employ reasonable
measures to detect unauthorized access; and failed to
follow proper incident response procedures. As a result,
Wyndham’s security was breached two more times in less than two
years.
(Related) Another 'less than stellar'
response? Looks like “speak with one voice' isn't one of their
“Best Practices.”
From
the a-little-birdie-told-me dept.
June 26, 2012 by admin
A Charter One customer called Charter
One after her debit card was refused at a merchant. It seems that
someone had tried to put through a micro-charge on the card that
morning and Charter One had cancelled the card because of the
suspicious activity. When she asked why she hadn’t
been called about the matter, an employee reportedly told her that
Charter One was busy dealing with thousands of breached cards from a
third-party processor and didn’t have time to call customers.
[Translation: Customers be damned, we could lose money! Bob]
Third-party processor and a rash of
charges on compromised cards? Hmmm.
How else should my Ethical Hackers
repay their student loans?
"Billionaire Mark Cuban talks
in an interview with the Wall Street Journal about how he thinks
high-frequency
trading can be quite damaging to stock markets. He goes so far
as to call high-frequency traders the 'ultimate
hackers.' [Translation:
Really good Bob] He says, 'They're running
software programs that have one goal, and that's to exploit
the trading systems as early and often as possible. [They
didn't write the rules... Bob] As someone who
wrote software for eight years and who keeps up very closely with the
technology world, that scared the hell out of me. The only certainty
in the software world is that there is no such thing as bug-free
software. When software programs are trying to outsmart other
software programs and hack the world's trading platforms, that is a
recipe for disaster. ... How many times an hour are there failures
across individual equities around the world because of software
running algorithms battling each other for supremacy to make a
profitable trade? We have no idea. It's not a question of if or
when we have meltdowns, it's just a question of how big and where.
It's straight out of War Games. And that's before we even get to the
possibility of nefarious or sovereign hackers getting involved.'"
If you keep teasing the kitten, don't
be surprised when you get an unpredictable cat.
"A series of reports shows that
the U.S. and Israel are engaged in a cyber war with Iran to stop it
from developing nuclear weapons. Oddly enough, at the same time, the
United States and others nations are trying to negotiate with Iran.
As America and others start the world's first
undeclared cyber-wars, dangerous
precedents are being set that this type of warfare is without
consequences. Such ideas could not be further from from truth."
Welcome to the world of Behavioral
Advertising...
Orbitz
Discriminates Against Mac Users ... Just Like It Should Be Doing
The Wall Street Journal has
a great scoop: Orbitz, the online travel agency, has realized
that users who visit the site on Mac computers spend as much as 30
percent more on hotels than their PC-using counterparts. Based on
that insight, the company is starting to show Mac-based visitors
different, and sometimes more expensive, hotel options.
Interesting idea. Take public
statements and make them even more public (public-er?) Would this
site help educate my students?
WeKnowWhatYoureDoing.com:
When Trashing Your Boss on Facebook Suddenly Becomes Very Public
Let me give you this hypothetical about
privacy. You and a friend walk into a public subway station having a
conversation about how much you hate your boss. Someone happens to
be recording every word spoken listening for the search string "hate
my boss" while running facial recognition software to figure out
who you are. This information is then being posted in another public
location for anyone and everyone to see. Would that be OK?
My intuition is that almost everyone
reading this post would say no. And yet, that is precisely what the
website, WeKnowWhatYoureDoing.com
is doing with public Facebook updates. The site scrapes public
Facebook updates and searches for people saying "hate my boss,"
discussing doing drugs, giving out their phone numbers, or
complaining about being hungover. It then handily formats them for
broader consumption.
Perspective: Unplanned increases cause
bottlenecks... Is this why everything seems so slow? For example,
every question in my online Math homework has a video attached and I
send students to KhanAcademy.org and other online Math sites, all
with video.
High
Definition Video Clogs Corporate Networks
If you could somehow peek inside the
pipes of your typical corporate network, you’d see a whole heck of
a lot of streaming video and P2P filesharing.
That’s what network scanning company
Palo Alto Networks discovered when it took
a look at more than 2,000 corporate networks between November 2011
and May of this year.
In the past six months, the amount of
bandwidth used by streaming video software has
quadrupled, according to Chris King, the company’s
director of product marketing. And P2P filesharing
traffic is up seven-fold, he says. It’s not that more
companies are allowing P2P or video streaming. It’s just that the
people doing it are using a lot more bandwidth. “It’s a massive
increase within the companies that are using them,” he says.
“There’s just more comfort with getting busted using streaming at
work.”
Perspective: Noticing changes in your
operating environment can allow you time to plan a solution. Also,
not all your growth is due to customer activity.
Facebook
Future-Proofs Data Center With Revamped Network
When Facebook started work on its new
data center in Forest City, North Carolina, the idea was to
create pretty much an exact copy of the
new-age facility the company had just built in the high desert of
central Oregon. “The blueprint we’d put together was pretty
good,” says Jay Parikh, the man who oversees Facebook’s entire
data center infrastructure. “We felt that all we needed to do was
lather, rise, and repeat.”
But about two months into the project,
Parikh and company decided this was a poor idea — not because the
Oregon facility was deficient in any way, but because Facebook’s
network traffic had changed in a big way and, as is always the case
in the internet world, more changes were on the horizon. “We
decided to change everything,” Parikh says. “We realized that we
have to make sure our infrastructure is several steps ahead of what
we need now.”
What Facebook noticed was a significant
jump in the traffic generated by its internal
services — software systems that generate things like
friend recommendations and realtime notifications. These services
work in tandem to build each new Facebook page, and the
bits traveling between
these services was growing exponentially faster than the traffic to
and from the internet.
“It is better to look good than to
feel good.” Fernando (Billy Crystal) on SNL Perhaps not the best
education strategy?
San
Diego schools spend $10M on iPads for students
The purchase, reported by several local
media outlets, is said to be one of the largest educational iPad
rollouts in the U.S. K-12 market. The 26,000 iPads will be spread
out in 340 classrooms starting this fall.
(Related) Insight or sour grapes?
Videos and transcript in the article, you be the judge.
"In a detailed interview on the
future of education, Bill Gates was surprisingly down on tablets in
education — considering that Microsoft just released Surface. He
said low-cost PCs are the thing for students, and he dismissed
the idea that simply giving gadgets to students will bring change.
Quoting: 'Just giving people devices has a
really horrible track record. You really have to change the
curriculum and the teacher. And it's never going
to work on a device where you don't have a keyboard-type input.
Students aren't there just to read things. They're actually supposed
to be able to write and communicate. And so it's going to be more in
the PC realm—it's going to be a low-cost PC that lets them be
highly interactive.'"
For my students...
Today, Google
announced the launch of a new MOOC - Massive Open Online Course -
titled Power
Searching With Google. The course will contain six 50 minute
sessions and activities to try out the things that are taught in the
course. Upon completion of the course you will be able to get a
certificate of completion (presumably suitable for printing at home
and putting on your refrigerator). The course begins on July 10.
Registration is open now.
Applications
for Education
If you're familiar with advanced
Google search tools, you can handle all of Dan
Russell's search challenges, and you're ready to take the next
step toward being a power searcher, take this
new course. And even if you're
not up to speed with all of the advanced search tools in Google, this
MOOC could help you too. Take the course this summer and pass on
your new search skills to your students in the fall.
No comments:
Post a Comment