Sunday, November 17, 2013

'Tis the season. Like most retailers, the video is not reviewed unless a specific incident/problem is under review. Waiting a month to notify the AG is a bit unusual.
Ten registers in Nordstrom stores in Aventura Florida reportedly were tampered with and had keyloggers attached. Video footage from security revealed that the criminals worked in groups to distract and install the keyloggers between August 14 and October 5, when Nordstrom discovered the problem.
Nordstrom believes that some customer data may have been compromised, but all customers who had transactions during the suspect period were offered free credit monitoring and resolution services.
Nordstrom reported the breach to the New Hampshire Attorney General’s office on November 7th.

Attention Ethical Hackers. Target alert! Just make sure you can turn it back on as the AAA guy arrives (and then off when he leaves)
French automaker Renault can cut off your car battery if you don’t make payments on time

Microsoft's new Cybercrime Center combines tactics against hacking groups
… Microsoft Corp's expanded Digital Crimes Unit inside the 16,800-square foot, high-security facility combines a wide array of tactics that have worked the best: massive data gathering and analysis, gumshoe detective work, high-level diplomacy and creative lawyering.

All technology goes from the rare and exotic to the common place and everyday. No doubt most of this technology is available for free online, all you need do is find it and assemble a toolkit (or hire one of my Ethical Hackers) Corollary: By the time technology goes commercial, the military (and those 3 letter agencies) have new tech toys.
Sean Gallagher reports:
Local law enforcement is getting the kind of technological boost that used to be limited to three-letter agencies, thanks to Web-based software services that mine social media for intelligence. At last month’s International Association of Chiefs of Police (IACP) conference in Philadelphia, LexisNexis showed off a new tool it will bundle with its research service for law enforcement agencies—one that will help them “stake out” social media as part of their criminal investigations.
Called Social Media Monitor, the cloud-based service will watch social networks for comments and activities that might offer clues to crimes in the physical world. With direct connections into a variety of social media services’ feeds, it will help police plow through Twitter and Facebook in search of evidence that could lead to arrests.
Read more on Ars Technica.
Joe Cadillic also sends along links to these reports:

(Related) You can work backward from the results to the technology used. You can't work backward to the laws requiring/justifying anything if the laws are secret. (Ignorance of secret laws is an excuse?)
Mark Rumold writes:
On Monday, the US Department of Justice will release to the public hundreds of additional pages of government documents concerning its use of Section 215 of the Patriot Act, the provision of law the NSA relies on to collect the call records of millions of Americans.
The disclosures will follow closely on the heels of yesterday’s reports in the New York Times and Wall Street Journal that the CIA, too, has been using Section 215 to collect, in bulk, the sensitive financial information of millions of Americans making overseas financial transfers. The Times reported that “Several officials also said more than one other bulk collection program has yet to come to light.” While it is not clear whether the documents released on Monday will contain information about the CIA’s program, we’re hopeful that the government will take the opportunity to finally be forthcoming with the American public about all secret bulk collection programs operating under Section 215.
Monday’s disclosures are the result of a Freedom of Information Act lawsuit filed by EFF over two years ago.
Read more on EFF.

How far from this to new law?
Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace
GAO was asked to examine privacy issues and information resellers. This report addresses (1) privacy laws applicable to consumer information held by resellers, (2) gaps in the law that may exist,and (3) views on approaches for improving consumer data privacy.

Something for the Student Veterans Organization to notify members about? Better: tell them how easy it is to cover the bar code with duct tape.
Jackie Calloway reports:
Anyone with a smartphone and a bar code app can scan any VA identification card issued since 2004 and the cardholder’s Social Security number immediately pops up on the screen.
Tampa businessman and Army veteran Barry Landau wants answers. “I didn’t think that was possible.” Landau said. “The card is absolutely no good.”
WFTS found Veterans Affairs published warnings about the veterans information, or VIC, cards on their website in 2011 and in July of this year.
The alert states, “Some barcode readers, including those available as applications on cell phones, can scan the bar code on the front of the card, and reveal the veteran’s social security number.”
Read more on TCPalm.

No comments: