Saturday, September 20, 2014

One interesting and unusual security step.
Sheplers, the leading multi-channel western-wear retailer, today issued the following statement:
Sheplers has determined that our payment systems suffered a security breach in which hackers gained access to our systems and some of our customers’ payment card information was exposed. With the assistance of a leading computer security firm, we are continuing our investigation into this incident, and we are cooperating with law enforcement in their efforts to find the criminals responsible. Although our investigation continues, at the present time, we believe it is safe to use payment cards at Sheplers.
Our information to date indicates that the breach potentially impacts customers who used payment cards at Sheplers’ retail locations between June 11, 2014, and September 4, 2014. At this time, we do not believe that this incident affected our online webstore.
When we first received an informal tip from a financial institution suggesting the possibility of a breach, we hired a leading computer security firm to conduct a thorough investigation and suspended all electronic processing of payment cards for sales at our retail store locations until we could determine whether customer information was at risk.

Interesting collection of comments. I would say: remain humble, it will happen to you.
Feedback Friday: 56 Million Payment Cards Compromised in Home Depot Breach - Industry Reactions
… What types of security solutions should have been used by Home Depot? What are best practices for avoiding such incidents? What steps should the retail industry take? These are just some of the questions answered by members of the security industry.
And the Feedback Begins...

For my Computer Security students. How to defeat simple passwords. My Ethical Hackers must create a tool like this.
Is your security up to this challenge?
Simon Hartley reports:
Police are investigating after attempts were allegedly made to hack a nationwide patient database.
In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ”significant hacking attempt” on September 9.
He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.
”Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,” Dr Abbott said.
Read more on Otago Daily Times.

For my Computer Security students. Physical security isn't perfect. (Imagine what someone who was not mentally ill might be able to do.)
Secret Service investigates after man jumps White House fence, reaches doors
A man jumped over the White House fence and made it to the front doors of the executive mansion before being apprehended on Friday, sparking an evacuation within the complex shortly after President Barack Obama departed for the weekend.
Omar J. Gonzales, a 42-year-old white male from Texas, made it onto the grounds at 7:20 EDT, a U.S. Secret Service spokesman said. Gonzales ignored commands to stop and was ultimately caught, unarmed, just inside the North Portico doors of the White House, one of the building's main entrances.

My weekly giggle...
Rolling Jubilee, a group that grew out of the Occupy Movement, announced this week that it has purchased “for about three cents on the dollar, of nearly four million dollars’ worth of private debt from Everest College, which is part of the for-profit Corinthian Colleges system. The debts had been incurred by more than two thousand students.” The group then notified students that some of their debt had been canceled. [For three cents on the dollar, there may be a viable business opportunity here. Or does that only work with failing schools? Bob]
Coursera is pursuing MOOCs-on-demand.
We find the number of people who enroll for a class and immediately start taking it are twice as likely to complete it as those who enroll a month or two before it begins,” Koller explained.
A 95-page report from the American Institutes for Research (AIR) has evaluated LAUSD’s “Common Core Technology Project.” Only 1 teacher out of 245 classrooms reported using the Pearson curriculum. (It’s costing the district about $200 per device for a three-year licensing deal.) 80% of high schools reported they “rarely used the tablets.” The report found that the district was so busy dealing with the distribution of the iPads, it never really addressed using them in the classroom.
Spotify has data-mined what music college students listen to. [Was this necessary? Bob]

No comments: