Friday, November 07, 2014
What kind of third-party vendor would need access to Home Depot's self-checkout machines? Have they never heard of separation of duties?
Home Depot Hackers Got in Via a Vendor, Took E-Mails, Too
No one expected the news to get better on the Home Depot (HD) hack, and it hasn’t. Providing further details on Thursday of the playbook that hackers used to break into its systems, Home Depot disclosed that hackers stole 53 million e-mail addresses, on top of the data for 56 million credit cards...
The hackers used stolen credentials from a third-party vendor to enter the retailer’s network, Home Depot said in a press release. A third-party vendor was also the point of entry in last year’s breach at Target (TGT), which exposed some 40 million cards.
The hackers navigated Home Depot’s system to get to its self-checkout machines [which apparently had no firewalls or other access controls... Bob] in the U.S. and Canada and then deployed malicious software to steal card numbers, the statement said.
… Home Depot confirmed a breach of credit-card information at its stores on Sept. 8, six days after security blogger Brian Krebs reported signs of a hack. [Two months later, and they are still finding more problems? Bob]
… The hackers went for the 7,500 self-checkout lanes because those machines’ reference names in the computer system clearly identified them as payment terminals, [Why make it hard for the hackers? Bob] while some 70,000 standard registers were identified only by number, according to the Journal.
Read this article! I need someone to help me make sense of it. Will lawyers like this (since apparently I'll need a few just to access the Internet)
If current leaks are correct, the Federal Communications Commission (FCC) may be on the brink of not only undermining hope for strong, enforceable and legally sound network neutrality rules, but may also be taking steps that would ultimately disrupt the very principles that have governed the way the Internet has always worked.
The press reports do not explain what the new proposal would fully entail (in part because the ideas from which the latest proposal appears to be derived are complicated and new), but it could mean that Internet users would be swept into new relationships with Internet service providers (ISPs) they've never interacted with in the past. Based on what we do know from the press reports, we are deeply concerned about this new proposal in several respects: its ability to actually protect against blocking, discrimination and fees for prioritized access; the relative strength of the legal underpinnings the FCC would use to implement those protections; and, importantly, the ripple effects that such a proposal might have across the Internet and around the globe.
For Internet users, this approach would place their ability to access the legal content of their choosing on the shakiest of legal grounds, using a legal theory that can only incidentally afford that protection. Moreover, every piece of traffic sent (an email to a friend, a response to a click on a website, a streaming video on YouTube) could trigger a new legal relationship with an ISP on the other side of the world.
Reports suggest that the proposal flows from one or more ideas in the record. One begins with the recognition that two separate and legally distinct relationships exist in the exchange of traffic
… But the FCC may also be looking toward a second, similar proposal in the record that would recognize a simultaneous and congruous relationship among "remote hosts" and end users, and would leave the relationship between broadband providers and end users unregulated, while imposing protections instead on the relationship between the broadband providers and these newly defined "remote hosts." In contrast to the relationship created by the first proposal, the much more esoteric one created here would not be directional, and would cover every interaction on the Internet where traffic is exchanged.
I'll need some student “volunteers” to test the functionality...
Office Apps on iOS Are Now Free, Sort of
Microsoft finally brings real functionality to Office programs to iOS and Android devices for free. That means, starting today (Nov. 6), you won't need an Office 365 subscription to edit documents in the cloud.
The update breaks out each program (Word, Excel and Powerpoint) into its own app. All the apps are compatible with Dropbox integration for cloud storage. While iOS users can take advantage of the new apps today, Android fans will have to wait until early 2015 for Microsoft to bring over the new Office apps.
… What's the catch, you ask? Some advanced features such as adding columns and custom tables are still only available to Office 365 subscribers. In Word, you can change fonts, but changing a document from portrait to landscape format requires a subscription, as does Presenter view in PowerPoint.
(Related) Apparently, so does Microsoft.
Microsoft seeks testers for Office on Android tablets
Microsoft today began taking registration requests from Android tablet users for a beta of Office for Google's mobile operating system.
The final version, which Microsoft dubs "general availability," will be available in early 2015, Microsoft said, without naming a specific date or month. Meanwhile, the preview will be offered to those invited to the beta program within the next 7 days.
On the form potential preview participants were asked to fill out, Microsoft said that users must have an Android tablet with a screen size between 7-in. and 10.1-in. be running Android 4.4, aka KitKat; and forgo any OS updates during the time they use the preview.
For my students who read with their ears... Competition in good!
Scribd Adds Audiobooks To All-You-Read Library, Piling Pressure On Amazon
Scribd doesn’t take kindly to being cribbed.
In July, the San Francisco company woke up to find that Amazon.com had imitated one of its core services, introducing an all-you-can-read book subscription service that rivaled the “Netflix for books” model pioneered by Scribd and fellow competitor Oyster. With “Kindle Unlimited,” the Seattle retailer made it a selling point that it had more titles than the little guys, as well as something the others didn’t have: more than 2,000 audiobooks.
On Thursday, that distinction is no more as Scribd launched its own audiobook vertical, a collection that will feature 30,000 titles at no extra charge to subscribers.
(Related) Meanwhile, Amazon is headed off in another (Privacy ignoring) direction... Perhaps this speaker will read your books to you. If this device starts talking with other IoT devices, it could control your house! “I'm sorry Bob, I can't allow you to open the refrigerator door.”
Amazon Takes on Siri With 'Echo,' a Speaker You Can Talk To
… Amazon.com (AMZN) has launched "Amazon Echo," a speaker you leave on all day and give it voice directions, like Siri on an Apple (AAPL) iPhone.
As well as taking commands such as "Play music by Bruno Mars" or "Add gelato to my shopping list," Amazon said the device accesses the Internet to answer questions such as "When is Thanksgiving?" and "What is the weather forecast?"
Amazon said the speaker, which runs on Amazon Web Services, continually learns a user's speech patterns and preferences.
Users start the speaker up saying the wake up word, "Alexa."
TV over the Internet. CNN was first on Cable. Will being first help CBS win the market?
CBSN: About the streaming network
CBS News and CBS Interactive today launched CBSN, the first digital streaming news network that will allow Internet-connected consumers to watch live, anchored news coverage on their connected TV and other devices. At launch, the network is available 24/7 and makes all of the resources of CBS News available directly on digital platforms with live, anchored coverage 15 hours each weekday.