Friday, May 23, 2014
Attention hackers! Pretend to be eBay and the phishing is great!
By E-Mailing Hacking Victims, EBay Opens Users Up to More Risk of Attack
After hackers stole e-mail addresses and other user data from EBay's network, the company announced today that it would e-mail users to suggest they change their passwords. That doesn't make a whole lot of sense.
The problem with this approach is that the hours immediately following a breach are prime time for hackers. Cyber-criminals are consummate opportunists. They scrutinize the news looking for ways to craft fraudulent and timely messages to trick people into clicking on them. The millions of EBay users who may have caught wind of the breach after seeing a headline today are more likely to fall for an e-mail scam prompting them to click a link and input their log-in information. A similar technique was used by Chinese military officers to hack into U.S. companies, showing that in cyber-security, people are their own worst enemies.
Instead of e-mailing the auction site's more than 145 million active buyers worldwide, EBay could have immediately done something that Adobe Systems, LinkedIn and Evernote all did after their recent high-profile hacks: change users' passwords. Automatically resetting accounts is becoming a "common courtesy" after many breaches, says Lysa Myers, a researcher with Slovakian security firm ESET.
Ignorance is not bliss. Should I buy an emergency generator because my electric utility was hacked? Or should I stock up on firewood because I could lose gas service? Will my sewer back up? And don't give me that, “There are some things man was not meant to know!”
An American Utility's Control System Was Hacked
The control system for a U.S. public utility was compromised. The Department of Homeland Security did not specify which utility was affected in the agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report.
… Details of these cyber attacks are rarely revealed to the public, and even more rarely do they provide details into the matter. What we do know: this particular attack was on a utility that was previously hacked and the hackers used the employee access portal to get in.
Most 2013 Data Breaches Affected E-Commerce and POS Systems: Trustwave
The new study is based on data gathered from 691 breach investigations and focuses on security threats, cybercrime and data breaches. Payment card data continues to be the top type of data that's compromised in breaches. However, the percentage of data thefts involving confidential, non-payment card data has reached 45 percent in 2013. This represents a 33 percent increase compared to the previous year.
Around 54 percent of the attacks that took place in 2013 targeted e-commerce systems. Point-of-sale (POS) attacks are next with 33 percent. In fact, experts believe that these two types of breaches will dominate the landscape in the upcoming years.
… You can download the full 2014 Trustwave Global Security Report from Trustwave’s website.
Please send your “Money-like things” to Bob, care of this Blog.
The Future of Money-Like Things
While we rarely think of it in this way, the payment system we use every day is among the most widespread and functional examples of an Internet of Things. It is an array of objects embedded with chips, magnetic stripes, scanners, and touchpads. These things are coordinated through networking protocols used to move information and, ultimately, monetary value.
In payment systems, as flights of imagination get grounded in real infrastructures, interoperability has gone hand in hand with technological inertia. Payment systems have to work, and they have to work everywhere. When you swipe your credit card, it works. No matter where you are in the U.S., if you have money or credit in physical or electronic form, you can pay for stuff.
Who wants your data? Just about everyone! ...and it's easy to see why.
Your Banker Wants To Know If You Are Pregnant
Your banker wants to know if your wife has thrown you out of the house. Or if one of your parents has died. Or if you are expecting a child.
Because banks typically make more money when they know clients better, they are stepping up efforts to learn more personal information. For example, in recent weeks HSBC has been writing its Premier clients and encouraging them to share details about themselves.
… According to Wells Fargo presentations earlier this week, “building relationships around individuals” leads to 65% higher revenue. Active customers there are 2.2 times more profitable than less active ones, the bank estimates.
McKinsey – The seven habits of highly effective digital enterprises
by Sabrina I. Pacifici on May 22, 2014
“The age of experimentation with digital is over. In an often bleak landscape of slow economic recovery, digital continues to show healthy growth. E-commerce is growing at double-digit rates in the United States and most European countries, and it is booming across Asia. To take advantage of this momentum, companies need to move beyond experiments with digital and transform themselves into digital businesses. Yet many companies are stumbling as they try to turn their digital agendas into new business and operating models. The reason, we believe, is that digital transformation is uniquely challenging, touching every function and business unit while also demanding the rapid development of new skills and investments that are very different from business as usual. To succeed, management teams need to move beyond vague statements of intent and focus on “hard wiring” digital into their organization’s structures, processes, systems, and incentives. There is no blueprint for success, but there are plenty of examples that offer insights into the approaches and actions of a successful digital transformation. By studying dozens of these successes—looking beyond the usual suspects—we discovered that highly effective digital enterprises share these seven habits…”
“'Tis a puzzlement”
The King of Siam Facebook Users
Is Facebook taking privacy more seriously?
… Facebook is worried that you will start sharing less - or maybe even move to more anonymous services - unless it helps you better manage your private information. On Thursday, the company announced that it would give a privacy checkup to every one of its 1.28 billion users worldwide.
Facebook, which is based in Menlo Park, California, will also change how it treats new users by initially setting their posts to be seen only by friends. Previously, those posts were accessible to anyone.
And it will explain to both current and new users that setting their privacy to "public" means that anyone can see their photos and posts.
The change in default settings and the person-by-person review is a sharp reversal for Facebook, whose privacy settings are famously complicated. Some users may be shocked when they see just how widely their personal information has been shared.
Microsoft challenged, that's good. But only once and only because it made no difference?
Microsoft Challenged Secret FBI Request for Data About Business Customer
Microsoft Corp. last year challenged a secret request for data about a business customer from the Federal Bureau of Investigation. The government backed down—but only after it got the information it sought without the software giant’s help, according to documents unsealed Thursday.
… Little is known about the facts behind the request Microsoft challenged. On a still-secret date last year, the FBI asked Microsoft for user information on a single employee at a large business customer, according to court records. The customer, whose name was redacted, used Microsoft’s Office 365 service, which stores customer data in Microsoft data centers—not servers controlled by the customer.
… After Microsoft objected, the FBI obtained the data it wanted by approaching Microsoft’s customer directly, according to court documents.
See? It can be done. But why would a monopoly want to?
Cox to offer residential gigabit speeds
Cox Communications – the third-ranked US cable MSO – has revealed plans to roll out gigabit Internet speeds across its markets nationwide. The company will start with new residential construction projects and new and existing neighbourhoods in Phoenix, Las Vegas and Omaha. In all Cox locations, the company will begin market-wide deployment of gigabit speeds by the end of 2016.