Looks
like the ATMs don't edit the data from the card. Really bad
programming?
Thieves
Planted Malware to Hack ATMs
A
recent ATM skimming attack in which thieves used a specialized device
to physically insert malicious software into a cash machine may be a
harbinger of more sophisticated scams to come.
Authorities
in Macau —
a Chinese territory approximately 40 miles west of Hong Kong — this
week announced the arrest of two Ukrainian men accused of
participating in a skimming ring that stole approximately $100,000
from at least seven ATMs.
Local
police said
the men used a device that was connected to a small laptop, and
inserted the device into the card acceptance slot on the ATMs. Armed
with this toolset, the authorities said, the men were able to install
malware capable of siphoning the customer’s card data and PINs.
…
The Macau government alleges that the accused would return a few
days after infecting the ATMs to collect the stolen card numbers and
PINs. To do this, the thieves would reinsert the specialized chip
card to retrieve the purloined data, and then a separate chip card to
destroy evidence of the malware.
Perspective.
Give it a few years and everyone will be hacked multiple
times each year. So often, you won't know who to sue.
Report
– Half of American Adults Data Hacked So far This Year
by
Sabrina I.
Pacifici on May 30, 2014
EPIC:
“A
new report finds that 432 million
online accounts in the US have been hacked this year, concerning
about 110 million Americans. In the last year, 70
million Target customers, 33 million
Adobe users, 4.6
million Snapchat users, and
potentially all
148 million eBay users had their
personal information exposed by database breaches. Earlier this
month, the President’s
science advisors found
little risk in the continued collection of personal data.
However, the FTC’s recent report
on data brokers warned that,
“collecting and storing large amounts of data not only increases
the risk of a data breach or other unauthorized access but also
increases the potential harm that could be caused.” Earlier, EPIC
urged the White House to promote
Privacy Enhancing Techniques that minimize or eliminate the
collection of personally identifiable information. For more
information, see EPIC:
Big Data and the Future of Privacy,EPIC:
Identity Theft and EPIC:
Choicepoint.”
Got
any embarrassing photos you'd like removed? Send your request from a
European address.
Google
sets up 'right to be forgotten' form after EU ruling
Google has launched a service to allow Europeans to ask for personal
data to be removed from online search results.
The
move comes after a landmark European Union court ruling earlier this
month, which gave people the "right to be forgotten".
Links
to "irrelevant" and outdated data should be erased on
request, it said.
Google
said it would assess each request and balance "privacy rights of
the individual with the public's right to know and distribute
information".
"When
evaluating your request, we will look at whether the results include
outdated information about you, as well as whether there's a public
interest in the information," Google
says on the form which applicants must fill in.
(Related)
‘Right
To Be Forgotten’ is a hit in Europe; 12,000 requests to Google on
Day 1
Because
the government needs to know if you can afford campaign contributions
or are rich enough to have good lawyers (and therefore laws don't
apply to you) or are failing to report cash (and therefore are a drug
dealer)
New
federal database will track Americans’ credit ratings, other
financial information
by
Sabrina I.
Pacifici on May 30, 2014
Washington
Examiner, Richard Pollock: “As many as 227 million Americans
may be compelled to disclose intimate details of their families and
financial lives — including their Social
Security numbers — in a new national database being
assembled by two federal agencies. The Federal
Housing Finance Agency and the Consumer
Financial Protection Bureau posted an April
16 Federal Register notice of an expansion of their joint
National Mortgage Database Program to include personally identifiable
information that reveals actual users, a
reversal of previously stated policy… But under the
April register notice, the database expansion means it will include a
host of data points, including a mortgage owner’s name, address,
Social Security number, all credit card and other loan information
and account balances. The database will also encompass a mortgage
holder’s entire credit history, including delinquent payments, late
payments, minimum payments, high account balances and credit scores,
according to the notice. The two agencies will also assemble
“household demographic data,” including racial and ethnic data,
gender, marital status, religion, education, employment history,
military status, household composition, the number of wage earners
and a family’s total wealth and assets.”
Does
anyone believe this? Could the FTC articulate “Best Practices?”
How about “Not too bad Practices?”
Companies
should already know how to protect data, FTC argues
The Federal Trade
Commission (FTC) has published enough information publicly for
companies to know exactly what the agency considers reasonable
security practices for protecting sensitive data, an FTC
representative said in deposition entered this week in a closely
watched case challenging its authority to enforce data security
standards.
"The
[FTC] has published a great deal of consumer and business education
on the issue of what is reasonable data security," Daniel
Kaufman, the deputy director for the FTC's Bureau of Consumer
Protection, said in deposition before an FTC administrative court.
"The Commission has testified on it on a number of occasions,
and there's a lot of other publicly available information on what
constitutes reasonable data security."
The
deposition involves a dispute between the FTC and LabMD, an
Atlanta-based medical laboratory that claims it was driven
out of business by an FTC data breach
investigation.
…
The FTC last August filed a formal compliant against LabMD over data
leaks dating back to 2008 that exposed personal information on close
to 10,000 people. In its complaint, the
FTC charged LabMD with unfair trade practices for not doing enough to
protect data. [Enough? Or what we have published as “reasonable?”
Bob]
Over
the past few years, the agency has filed similar complaints against
dozens of companies that suffered data breaches and has won
settlements from almost all of them.
LabMD,
however, challenged the FTC complaint and accused
the agency of holding it to data security standards that do not exist
officially at the federal level. The only other company
to challenge the FTC so far is Wyndham Hotels, which has argued that
the agency has no legal authority to enforce data security controls
on companies.
Both
cases are widely seen as a test of the FTC's authority to punish
companies that suffer data breaches. Many have expressed concern
that the FTC may be overstepping its authority in going after
breached firms.
…
In response to the LabMD motion, the
FTC argued that it was not obligated to disclose the standards
it uses to judge whether a company has adequate controls or not.
However, in a setback for the agency, the FTC's chief administrative
judge earlier this month held that the agency could indeed be
compelled
to disclose the standards.
Assuming
this proves the concept at the state level, will other/all states do
this?
The
Texas Tribune and Oyez® to launch multimedia site for Texas high
courts
by
Sabrina I.
Pacifici on May 30, 2014
IIT
Chicago Kent College of Law - “Texas will soon benefit from an
online archive for its two highest courts, launched through a
partnership between The
Texas Tribune and Oyez®,
a free law project at IIT Chicago-Kent College of Law, with support
from the John S. and James L. Knight Foundation. Amidst
a scarcity of news coverage about law, the partnership between The
Texas Tribune and Oyez will increase public access to the cases
before the Supreme Court of Texas and Texas Court of Criminal
Appeals. This offers more opportunities for in-depth reporting and
research on the state’s judicial system… The site will go
live in late summer 2014 and offer case summaries written for a
non-legal audience. The multimedia resource will include opinions,
transcript-synchronized videos of oral arguments, justice biographies
and decision information. Fundraising is also underway to provide
Spanish translations of case information… The partnership is part
of a larger initiative to expand Oyez’s successful U.S. Supreme
Court site to all federal appellate and state supreme courts. The
Knight Foundation has funded Oyez’s efforts in Texas, as well as in
California, New York, Florida and Illinois, covering one-third of the
U.S. population.”
Perhaps
my Criminal Justice students would find this useful.
–
Search more than five million legal cases with precision, using
natural language or Boolean. Ravel lets you focus on judges’ words
and analysis, removing clutter so that you can read and scan quickly.
Mining the connections that link millions of court documents,
Ravel’s technology identifies cases’ key passages and shows how
later cases have rephrased or interpreted them.
Tools
for my Computer Security and Ethical Hacking students.
–
is a collection of useful
online tools for your computer. As the name of the site
suggests, you can view DNS settings and DNS changes. But that is not
all the site offers. It also offers various tools that you would
normally have to surf to other sites to use. Here they all are on
the same page for your convenience. This includes Is My Site Down,
and an IP location finder.
(Related)
The start of a series about analyzing the “Big Data” from
security logs. Simple in concept, tedious to implement.
Finding
Needles in the Haystack of Security Events
…
Security devices generate volumes of raw data, usually in a
proprietary manner. Parsing such unstructured data and making sense
out of it is a tedious, if not an impossible task. If that’s not
enough to make you cringe, when your organization is under a DDoS
attack, your CIO is going to want not only a resolution but the
answers to Who, What, Where, When, Why and How – fast. Security
is time-sensitive; every minute counts and every second
that ticks by negatively impacts your bottom line – brand
degradation, unhappy customers and ultimately lost revenues.
…
The goal of inspecting Internet traffic and establishing
a baseline is to determine the normal activity level for
your environment and establish any thresholds that would indicate a
threat or security event in order to generate the proper alerts.
Normal activity levels can vary by time of day or by the month of the
year or by some other factors specific to your business.
…
Once the baselines are established, SOCs monitor all activity
(network activity, security events) and analyze
those that exceed the pre-determined thresholds or indicate
suspicious behavior. Monitoring involves tracking
abnormal behavior, outside the range of normal activity levels
established during the baseline, and is almost always done via the
alerting procedures that notify SOC personnel via an e-mail, SMS,
dashboard indicators, or a combination of these.
Continuing
to automate the legal functions. Soon there will be nothing left for
lawyers to do!
5
Apps & Online Tools To Help You Write a Will
Is
it because too many people have too much money, or is it that I
don't?
Did
Steve Ballmer pay too much for the Los Angeles Clippers? The market
says no.
At
least on a surface level, the Los
Angeles Clippers appeared to be a lousy
investment for any potential buyer — a franchise with none of the
championship history and Hollywood buzz of the rival Lakers and one
still reeling from the racist comments made five weeks ago by
now-deposed owner Donald Sterling.
But
as the sports industry begins to process the
staggering amount — $2
billion — for which Sterling’s
wife agreed to sell the Clippers, it is clear, in this new Golden Age
of sports television, there is no franchise too weak or too sullied
to command a windfall at auction, especially in Hollywood.
I
must be out of touch. I can't imagine what a good old fashioned
spanking would result in. (Is Hawaii infested with pedophiles?)
Father
Gets Probation For Making Son Walk Home From School
A Hawaii man has been sentenced to a year of probation after making
his son walk a mile [Oh the
horror! Bob] home from school.
Robert Demond was convicted of a misdemeanor charge of second-degree
endangering the welfare of a minor.
Demond explained that his son had been involved in some sort of
rule-breaking at school. When Demond picked him up, he asked about
it, but his son refused to respond. Demond then stopped the car and
told his son to walk to rest of the way home to think about what he
had done, reports
the Garden Island.
The judge, Kathleen Watanabe, ruled that the
punishment was “old-fashioned” and inappropriate. She
said that it is dangerous for children to walk alongside the road due
to potential pedophiles.
It was a form of punishment no longer supported by the community.
(Related)
What are we teaching/failing to teach our teachers?
The
Sydney Morning Herald reports:
A Victorian mother is demanding answers after her teenage daughter’s
armpits were shaved by her teacher as part of the school’s
curriculum.
Melissa Woods, mother of 14-year-old Taylah, says her daughter was
“extremely upset” when her armpits were shaved in front of two
other girls in a classroom.
Read
more on Sydney
Morning Herald.
Something
for my Statistics students to debate. No doubt Google and whichever
auto makers lease their software will get sued a lot. Probably worth
having insurance for anything that gets past their lawyers. (Will
cars be subject to “grounding” like airplanes? One measly little
wing falls off and the FAA gets all safety conscious.)
Car
insurance would be a lot cheaper without drivers
…
Driverless cars may shrink your insurance costs.
Human error accounts for more than 90% of car crashes, multiple
studies have found. Cars that drive themselves are expected to
dramatically reduce that statistic, particularly since Google’s
version nixes the steering wheel and brakes. “They have sensors
that remove blind spots, and they can detect objects out to a
distance of more than two football fields in all directions, which is
especially helpful on busy streets with lots of intersections,”
Chris Urmson, director of Google’s self-driving car project, wrote
in a blog post. Those factors could also largely absolve drivers
from liability for accidents, experts say.
No comments:
Post a Comment