Sunday, January 26, 2014

This may be one of the “other retailers” related to Target. Note: If we are already seeing the card data in use, the breach is old enough for the breachers to gather, organize, and sell the data.
Sources: Card Breach at Michaels Stores
Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.
Update 1:34 p.m. ET: The U.S. Secret Service confirmed that it is investigating a potential data breach at Michaels. Also, Michaels has just issued a statement stating that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.”
… It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place.”

A cautionary tale. Is it in fact “User Error” when a technology changes without a clear explanation of the new features? Does anyone conduct a scenario review to see what new data might be exposed?
The Stream Team writes:
Google’s latest operating system for Android, called the KitKat, has faced criticism from transgender users who say it fails to protect their privacy.
A key feature of the software is Google+ integration with contacts, SMS messages and texts. Attention was drawn to the potential problems this update poses for trans users when a trans woman named Erika Sorensen was inadvertently outed to her coworker. The software update makes the Google Hangouts instant messaging chat platform the default for all messages, so when Sorensen texted a coworker, her name appeared as Erika rather than her previous male name she was still using at work.
Read more on The Stream Team and then read this very powerful piece on the issue by Violet Blue if you haven’t read it already. And when you look around for examples of “privacy harm,” think of this situation.

Some functions should never be outsourced. If 40% were “flushed,” were the remaining 60% perfect?
POGO – DOJ Sues Firm That Screened Edward Snowden and Navy Yard Shooter
by Sabrina I. Pacifici on January 25, 2014
“On Wednesday [January 23, 2014], the Justice Department filed its long-awaited complaint in a False Claims Act lawsuit against background check contractor U.S. Investigations Services (USIS). In October last year, Justice announced it had intervened in the lawsuit, which was filed in 2011 by former USIS employee Blake Percival. Percival’s complaint is posted here.
The government claims that, from March 2008 through September 2012, USIS defrauded the government by submitting at least 665,000 incomplete background investigations of current or prospective federal and contractor employees, which were used to determine eligibility for access to classified information and suitability for sensitive jobs. Specifically, the government accuses USIS of engaging in a practice known inside the company as “dumping” or “flushing,” through which it allegedly submitted investigations that it falsely claimed were complete and had undergone quality review. The government paid USIS between $95 and $2,500 for each of these 665,000 investigations (about 40 percent of USIS’s total workload during that time period) and also paid USIS more than $11.7 million in annual performance bonuses. USIS made national news last year as the firm responsible for the background investigations of Navy Yard shooter Aaron Alexis and NSA surveillance program whistleblower Edward Snowden. It is not clear from the government’s complaint whether USIS’s 2011 investigation of Snowden is among the thousands USIS allegedly falsified. (USIS’s investigation of Alexis, conducted in 2007, is presumably outside the scope of the lawsuit.) It also does not state whether USIS’s alleged fraud resulted in any serious security breaches or if any of the allegedly tainted background investigations had to be reopened…”

Microsoft releases global survey on Internet users around the world
by Sabrina I. Pacifici on January 25, 2014
“A new global survey of Internet users conducted by Microsoft Corp. reveals distinct regional findings and differing viewpoints between the developed and developing world. However, overwhelmingly the more than 10,000 people surveyed from 10 nations said they embrace personal technology, particularly in emerging markets, and see it as the foundation of innovation and economic empowerment. Microsoft unveiled the results of its new survey today at the World Economic Forum in Davos, Switzerland, in the report titled, Views from Around the Globe: How Personal Technology is Changing Our Lives.”
[From the article:
We invite you to read the entirety of our survey, entitled “Views from Around the Globe: How Personal Technology Is Changing Our Lives,” by clicking here. The survey was taken between Dec. 26, 2013 and Jan. 3, 2014. The 10 countries surveyed include the U.S., France, Germany, Brazil, Russia, China, India, Japan, Mexico and Turkey.

Global Cooling! Global Cooling! Take that, Al Gore.
Solar Lull Could Trigger Another 'Little Ice Age,' Sun Scientists Say

Every week, and it's free!
… After penning a letter to the campus protesting proposed budget cuts, CSU sociology professor Tim McGettigan had his email suspended by the university. McGettigan’s email compared the budget cuts to the Ludlow massacres (the massacre in 1914 of striking coal miners in the region). The university said the email was a threat and compared McGettigan to the shooters at Columbine and Virginia Tech. By the end of the week – after a huge outcry about academic freedom and the administration’s inability to grasp analogy, McGettigan’s email was restored. More via Inside Higher Ed.
Last week, two Yale students got in trouble for creating a website to help other students plan their course schedule. In response to the university shutting down that site, another student Sean Haufler made an “unblockable replacement.” The URL for his blog post is great: “i-hope-i-dont-get-kicked-out-of-yale-for-this/” – and I don’t think he will. Yale later admitted that it had made a mistake in banning the website.
Microsoft Research has adopted an open access policy for its researchers’ publications.

No comments: