Tuesday, August 05, 2014
Interesting wording. (Only the Lakewood CO store was hit.)
P.F. Chang's: 33 restaurants affected in data breach
The restaurant chain P.F. Chang's China Bistro said Monday a security breach first reported in June may have led to the theft of customer data from credit and debit cards used at 33 restaurants.
An intruder may have stolen card numbers and possibly names and expiration dates of customers's credit and debit cards used over the course of about 8 months. But the chain has not determined that any specific card holders' data was stolen. [Another way to say that: “We have no idea what was taken.” Bob]
In Monday's statement the chain updated its progress in investigating a breach first reported in June. The statement said all card data has been processed securely at all locations since June 11.
The security breach of their card processing systems occurred between October 19th of 2013, and June 11th of 2014, one day after the Secret Service made the company aware of the breach. [“It's not like we can just turn off our compromised systems... Well, we could, but then we'd have to process the cards manually and that's like boring dude.” Bob]
… If you dined at any of the listed locations, between the dates noted, you are strongly advised to review your financial records to determine if any fraudulent activity has occurred since that time.
The “Oops!” just keep coming.
Myles Udland reports:
Target’s data breach just got more expensive.
In a statement, the retailer said its second quarter earnings will include a $148 million charge related to losses regarding the massive data breach which occurred during last year’s holiday shopping season. This is more than the company previously estimated.
Read more on BusinessInsider
Gamers in Philadelphia are crooks? Thumbprints ensure the games haven't been stolen? “We're just gathering data for the next thing in Behavioral Advertising – 'Bail Bond ads!'”
Steve Tawa reports:
The big video game retailer, GameStop, is now requiring its customers in Philadelphia, but not in the suburbs, to provide a fingerprint scan on certain transactions.
When GameStop buys used video games from customers, the chain says it is following a local law that allows the store to collect thumb prints, which go into a database to help law enforcement track down thieves who fence stolen goods.
City Solicitor Shelley Smith says, however, the city is not requiring GameStop to abide by the pawnbroker’s ordinance:
“What GameStop does doesn’t meet any of the elements of the definition in the code, so the pawnbreaker ordinance doesn’t apply to GameStop.”
Read more on CBS Philly.
[From the article:
The Philadelphia Police Department says the company is being proactive by storing fingerprints in a secure database – LeadsOnline – which is the nation’s largest online investigation system.
Still want to allow BYOD in your corporation?
Most Top Free and Paid Mobile Apps Pose Threat to Enterprises: Report
Mobile app risk management solutions provider Appthority has analyzed 400 of the most popular free and paid applications for Android and iOS devices and presented the results in a report released on Monday.
The risky behaviors identified by the company are related to the type of data that's collected, and where the data is going, not outright malware risks. According to Appthority's App Reputation Report for the summer of 2014, most apps collect information on the user's location, they access the address book and the calendar, they identify the user based on the device's IMEI or UDID, and they're capable of performing in-app purchases. The collected data can go to ad networks, social networks, third-party analytic frameworks, third-party crash reporting SDKs, and public cloud file storage providers.
… according to F-Secure's Q1 2014 Mobile Threat Report, more than 99 percent of new mobile threats discovered by the security firm in the first quarter of 2014 targeted Android users.
… Last summer, researchers from Bitdefender unveiled research that also found iOS apps to be just as invasive and curious about user data as Android apps are.
… The complete 2014 App Reputation Report from Appthority is available for download in PDF format.
Schools apparently have little or no resistance to salesmen. Wouldn't it be much simpler (and cheaper) to give the teachers an App that allowed them to do everything related to teaching and grading? (Note to reporters: The bracelets don't track student behavior, they record teacher opinions.)
Abbie Napier reports:
A North Canterbury school’s plan to fit students with microchip bracelets to track their behaviour has prompted concern among parents.
Swannanoa School wants to use silicon bracelets as part of a scheme to reward good behaviour, minutes from a Parent Teacher Association meeting show.
Teachers would use portable scanners to add points to a student’s online good behaviour chart with a reward when a certain amount of points was accumulated.
The school says the scheme would cost $7000 to set up. The proposal has been opposed by some parents.
Read more on Stuff.
[From the article:..
After the school was approached by The Press, parents received a letter about the proposed new system.
In it, McClelland said the bracelet system was an alternative to a previously proposed electronic card that students could lose.
(Related) Of course it's not just schools. My tax dollars, wasted! “Hey, they keep offering us all this money. Should we turn it down?”
Lynn Thompson reports:
More than a year after Seattle police promised to not turn on a network of surveillance cameras and communication nodes installed as part of a federal port-security grant, the department still hasn’t released a draft policy on how it will use the equipment and protect citizen privacy.
The installation of the 30 cameras and a wireless mesh broadband network came shortly after the Police Department’s purchase of two aerial drones, also with a Homeland Security grant, and also without public notice.
Read more on Seattle Times.
The Supreme Court Is Wising Up on Digital Privacy
While much of Washington grapples with a handful of newly-minted Supreme Court decisions focused on social and campaign finance reform, three largely overlooked court decisions signal a much larger tidal wave of change ahead for the tech community. Taken together, these cases shed light on the court’s views of how the Fourth Amendment’s protections of searches and seizures are complicated when much of our personal information is now digital.
The turning point for tech began in 2012 with United States v. Jones, in which the court ruled that attaching a GPS device to a car and monitoring its movements constitutes a search under the Fourth Amendment. This year, the court issued a single opinion on two more cases, Riley v. California and United States v. Wurie, finding that police enforcement must obtain a warrant in order to search digital information on a cell phone seized from an individual at the time of the arrest.
… As we enter an increasingly digital world, a period in which the Internet of Things is poised for explosive growth, it’s reassuring to see that today’s court is equipped to handle cases related to digital privacy. [Slick infographic Bob]
So if I'm sending or receiving high volumes on my phone, I could (temporarily of course) become a “Big Data user” and the medical data I'm sending for diagnosis will wait for some kid's selfie, because that's “fair.”.
Verizon response to FCC's throttling concerns: everyone's doing it
Verizon Wireless has officially responded to FCC Chairman Tom Wheeler and his data throttling concerns. The Verge has obtained a copy of the carrier's response, dated August 1st, which was written by Kathleen Grillo, the company's SVP of Federal Regulatory Affairs. In it, Verizon underlines the notion that customers will only experience slowdowns "under very limited circumstances." It will only happen at "particular cell sites experiencing unusually high demand," the letter reads. We've outlined the other factors that could result in reduced data speeds previously.
Verizon notes that any throttling will cease immediately when demand on a strained cell site returns to normal. "Our practice is a measured and fair step to ensure that this small group of customers do not disadvantage all others in the sharing of network resources during times of high demand." The carrier insists only big data users who "have an out-sized effect on the network" will be slowed down.
Verizon claims those same people almost always have unlimited data plans and have "no incentive not to" hog up network resources. The top 5 percent of data users will be subject to LTE throttling beginning in October. It may sound difficult to reach that level of data usage, but keep in mind that right now Verizon says exceeding 4.7GB of data would put you there.
Who cares what laws them fur-n-ers got... This here's 'Merica!
Federal Court Ruling Orders Microsoft to Violate International Law
Lawyers for Microsoft say they will appeal a federal judge's order that they turn over the contents of a customer's email that's stored on a server in Ireland. But if Microsoft were to comply with the order, it appears that the company would be in violation of both Irish and European laws.
My Computer Security students could build a wiki of useful guides and studies... Not doing it probably won't impact your grade... Probably.
Anna Forrester reports:
The National Institute of Standards and Technology has released a draft guidance for federal agencies, contractors and the intelligence community to evaluate the privacy and security controls used on federal information systems and information technology networks
NIST said Friday that the “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans” document (SP 800-53A) and the supplementary catalog of controls (SP 800-53) are available for public comments through Sept. 26.
Read more on ExecutiveGov.
Related: Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (SP 800-53A)
It was the first MS operating system that was “good enough.”
Windows XP Is Refusing To Die
Despite Microsoft pulling support for Windows XP in April, the ancient [in Internet years Bob] operating system is refusing to die. According to the latest figures from Net Applications, XP still accounts for 24.82 percent of the Windows market share, down just 1.5 percent since Microsoft pulled the plug.
Meanwhile, Windows 8 and Windows 8.1 continue to struggle, with a 12.48 percent market share for July actually showing a drop on the previous month. Windows 7 now boasts a market share of 51.22 percent, making it by far the most popular version of Windows out in the wild. We hope Microsoft is taking note of these statistics while developing Windows 9.
A way for my website students to “introduce” themselves to potential employers?
Remove Unused CSS to Reduce the Size of your Stylesheets
The CSS files of your website may have several redundant rules that are no longer used by any element on the web pages. For instance, you may have added a site search box on your website and associated styles went into the stylesheet. Later, if you decide to remove that search box, the styles may continue to exist in your CSS though they aren’t being used anywhere.
These unused entries in your CSS files increase the page load time of your website and also affect the site’s performance as the browser has to do extra work parsing all the extra rules. And even if the impact on performance is minimal, it would make your task of maintaining CSS easier if the files are kept clean and well-structured.