Friday, January 24, 2014

Tiny, compared to Target.
Associated Press reports that retailer Neiman Marcus now says that up to 1.1 million customers’ card may be compromised by a breach that occurred between July and October.
In their updated statement on their website, CEO Karen Katz writes:
We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores. [Note that they can not say, “We have no evidence that the information was used illegally.” Unusual. Bob] We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority.
Here is the information we have learned so far, based on the ongoing investigations:
• Social security numbers and birth dates were not compromised.
• Our Neiman Marcus card has not seen any fraudulent activity.
• Customers that shopped online do not appear to have been impacted.
• PINs were never at risk because we do not use PIN pads in our stores.
We have also provided a Question and Answer section for additional information.
While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.
We are notifying ALL customers for whom we have addresses or email who shopped with us between January 2013 and January 2014, and offering one free year of credit monitoring and identity-theft protection.
There is also an FAQ on the breach.

(Related) Is the FBI telling us, “The sky is falling?” How does it help to say, “We're so cool, we are investigating crimes against you that you don't even know about yet!”
The FBI has warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target Corp in the holiday shopping season.
The U.S. Federal Bureau of Investigation distributed a confidential, three-page report to retail companies last week describing the risks posed by “memory-parsing” malware that infects point-of-sale (POS) systems, which include cash registers and credit-card swiping machines found in store checkout aisles.
Read more of this report on Reuters.
[From the article:
"The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors," the FBI said.
… The United States Secret Service usually takes the lead in credit card breach investigations for the federal government, though the FBI sometimes opens its own cases or asked to assist. The Secret Service is leading the investigations into the breaches at Target and Neiman Marcus. [Because my students thought the FBI did everything! Bob]
A spokesman for the Secret Service declined to comment on the FBI report to retailers.


“We improved security by changing the password from “OK” to “OkeyDokey” No doubt someone will report that this “bug” was mandated by the Chinese version of the NSA.
Bug Exposes IP Cameras, Baby Monitors
A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.
The issue came to light on the company’s support forum after camera experts discovered that the Web interface for many Foscam cameras can be accessed simply by pressing “OK” in the dialog box when prompted for a username and password. Reached via email, the company’s tech support division confirmed that the bug exists in MJPEG cameras running .54 version of the company’s firmware.
Foscam said it expects to ship an updated version of the firmware (Ver. 55) that fixes the bug by Jan. 25. The new firmware will be published on the company’s website.


Remember what you learn here when you read the next report...
Predictive Modeling With Big Data: Is Bigger Really Better?
by Sabrina I. Pacifici on January 23, 2014
Junqué de FortunyEnric, MartensDavid, and ProvostFoster. Big Data. December 2013, 1(4): 215-226. doi:10.1089/big.2013.0037. Published in Volume: 1 Issue 4: January 7, 2014 Online Ahead of Print: October 24, 2013.
“With the increasingly widespread collection and processing of “big data,” there is natural interest in using these data assets to improve decision making. One of the best understood ways to use data to improve decision making is via predictive analytics. An important, open question is: to what extent do larger data actually lead to better predictive models? In this article we empirically demonstrate that when predictive models are built from sparse, fine-grained data—such as data on low-level human behavior—we continue to see marginal increases in predictive performance even to very large scale. The empirical results are based on data drawn from nine different predictive modeling applications, from book reviews to banking transactions. This study provides a clear illustration that larger data indeed can be more valuable assets for predictive analytics. This implies that institutions with larger data assets—plus the skill to take advantage of them—potentially can obtain substantial competitive advantage over institutions without such access or skill. Moreover, the results suggest that it is worthwhile for companies with access to such fine-grained data, in the context of a key predictive task, to gather both more data instances and more possible data features. As an additional contribution, we introduce an implementation of the multivariate Bernoulli Naïve Bayes algorithm that can scale to massive, sparse data.”

(Related) I give you part of a typical “Case Study” from an Intelligence Analyst school. The first indication of a terrorist active in the United States comes from an intercepted phone call to a known terrorist organization in a terrorist-supporting country. The message is, “We are ready to strike.” What information would you like to have available to help you find these guys?
Privacy and Civil Liberties Oversight Board Issues Report on NSA Massive Metadata Surveillance
by Sabrina I. Pacifici on January 23, 2014
“The PCLOB is an independent bipartisan agency within the executive branch established by the Implementing Recommendations of the 9/11 Commission Act of 2007.6 The Board is comprised of four part-time members and a full-time chairman, all appointed by the President and confirmed by the Senate. The Board’s authorizing statute gives it two primary responsibilities: 1) To analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties; and 2) To ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism….”
“The Section 215 bulk telephone records program lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. As a result, the Board recommends that the government end the program… Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack…”


This is one of those “Privacy invaders” that improves human abilities, but does not create new ones (like the bite of a radioactive spider).
Woodrow Hartzog and Evan Selinger write:
Privacy concerns have been ignited by “NameTag,” a facial-recognition app designed to reveal personal information after analyzing photos taken on mobile devices. Many are concerned that Google Glass will abandon its prohibition on facial recognition apps. And, there are open questions about the proper protocols for opting customers in and out of services that identify people through facial comparisons in real time. These kinds of services are technically “face matching” services, though they are colloquially referred to here as “facial-recognition technologies.”
Ultimately, the coming wave of consumer facial-recognition technologies brings bad and good news. The bad news is obvious: Automatically identifying one of our most unique and personal traits raises serious privacy concerns ranging from stalking to loss of obscurity in public.
The good news is that facial-recognition technology—at least the kind that could be used at scale to identify most people in any given place—has an Achilles heel that buys society enough time to respond appropriately.
Read more on The Atlantic.


More for my lawyer friends than my students, but you can never have too many tools!
– is a desktop application for sending and receiving files. It’s easy to use, can transmit files of any size very fast, and uses end-to-end encryption. WireOver’s end-to-end encryption ensures that only your recipient can access the files you send, making it much more secure than most file sending tools. WireOver can transfer over your local network and the Internet.


Well, I find it interesting...
The 2013 Survey Of Online Learning
The report quantified many things that those involved in education already knew (or at least, suspected). Participation in online learning is increasing. Learning outcomes are largely positive. Interestingly, what this study does show is something that I hadn’t quite expected – that many of the numbers that had been continually rising over the past years were starting to show a slight decline. For example, the proportion of chief academic leaders that say online learning is critical to their long-term strategy dropped from 69.1 percent to 65.9 percent. Many believe that MOOCs are not a sustainable form of online learning for higher education institutions to pursue.
Please click here for a PDF of the full findings of the report.


I may have a few students who could do this. Many more with a bit of help. Would look good on their resume.
How To Get Published On MakeUseOf
Have you ever wanted to reach thousands of people with your words? If you love technology, enjoy explaining it to others, and can express yourself well, you should give writing for MakeUseOf a try.
We are now accepting applications. The Infographic below explains everything you need to know, so please read it thoroughly. We are happy to answer additional questions in the comments.

No comments: