Thursday, November 26, 2015

Is this what infected Hilton and Starwood PoS terminals?
Sophisticated PoS Malware "ModPOS" Targets US Retailers
The malware, dubbed “ModPOS” due of its modular architecture, uses modules that are packed kernel drivers, which makes them more difficult to detect by security products. The modules identified by iSIGHT Partners so far include one for logging keystrokes, one for uploading stolen data and downloading additional components, and one for collecting card data.
The “POS Scraper” module is designed to collect payment card track data from memory. Researchers believe the attackers target specific PoS software processes, such as “credit.exe.”
This [process] is unique to POS vendors that use this executable as a part of their software. iSIGHT Partners is confident that the actors customize the malware based on the targeted environment,” the security firm noted in its report on ModPOS.
According to Trustwave’s 2015 Global Security Report, 40 percent of the data breaches reported in 2014 were PoS-related, such systems being targeted by 70 individual variants of malware. A large majority of PoS breaches occurred due to a combination of remote access and weak passwords.

Was it the plane or Putin ordering in missiles? Either way, this is what you have to expect when even teenagers can “join the fight.”
Waqas writes:
Turkish hackers just took down the official website of Russian Central Bank amid tension near Syrian-Turkey border.
A group of Turkish hacktivist going with the handle of Turk Hack Team has conducted a powerful DDoS attack on the official website of Russian Central Bank earlier today forcing it to go offline for over 10 minutes.
While talking to HackRead, the Black-Spy attacker from THT explained that the reason for targeting the Russian bank was to send a message to Russia.
Read more on HackRead.

Not sure I like this one. I'll have to think about it for a bit.
New Technology, New Information Privacy: Social-Value-Oriented Information Privacy Theory
by Sabrina I. Pacifici on Nov 25, 2015
Chang, Chen-Hung, New Technology, New Information Privacy: Social-Value-Oriented Information Privacy Theory (September 30, 2015). Available for download at SSRN:
“Today’s innovative technologies offer remarkable advantages in our daily lives, but they also give rise to concerns that these technological advancements will adversely impact individuals’ privacy. The traditional notions of information privacy were based on personal control over data about oneself, an antiqued notion in a time where pervasive surveillance has rendered it nearly impossible for individuals to protect information privacy on their own. Key privacy concerns arise because it is nearly impossible to be left out of the intertwined digital and Internet world. Those who choose not to use the Internet, smartphones, tablet computers, electronic mail and online social network platforms, nevertheless remain trapped in the inescapable digital net, with others able to track their personal data. This essay includes suggestions for reconstructing traditional privacy theories. The traditional notice-and-choice principle has failed to protect the information privacy. Privacy should be determined by both individuals’ subjective feelings and objective social norms. The government has a constitutional obligation to protect the right to privacy by constructing basic information privacy protection principles. Furthermore, this essay proposes an approach to constructing a social-value-oriented information privacy theory. Among others, in determining the context of privacy, if no social precedents are available, the particular social activity’s consequences, purposes, and values may first be identified, and then these results may be used to trace back to the starting point and consider how to regulate social activities.” [Huh? Bob]

Have I mentioned that I love Google? All of my (so far unpublished) studies prove Google is a giant in the areas of privacy protection, consumer rights and PAC donations.
Google’s insidious shadow lobbying: How the Internet giant is bankrolling friendly academics—and skirting federal investigations
In June 2011, Google had a problem. The Federal Trade Commission (FTC) had opened multiple investigations into whether the tech giant illegally favored its own shopping and travel sites in search engine queries; restricted advertisers from running ads on competing sites; and copied rival search engines’ results.
To fight this threat, Google turned to a key third-party validator: academia, and in particular one university with a long history as an advocate for corporate interests.
From the beginning of the FTC investigation through the end of 2013, Google gave George Mason University’s Law and Economics Center (LEC) $762,000 in donations, confirmed by cancelled checks obtained in a public records request. In exchange, the LEC issued numerous studies supporting Google’s position that they committed no legal violations, and hosted conferences on the same issues where Google representatives suggested speakers and invitees.

Is this how the FTC works? Make a deal then stand by as it is ignored?
Albertsons buys back stores feds forced it to sell
Less than a year after federal regulators forced Albertsons Co. to sell off more than a 146 grocery stores as part of a $9.2 billion merger with Safeway, the grocery chain has started buying them back for pennies on the dollar.
And, in some cases, for only $1.
A federal bankruptcy judge on Tuesday approved Albertsons' purchase of 33 stores, including three in Arizona, from Haggen Holdings LLC, a Pacific Northwest grocery chain that failed spectacularly months after it took over Albertsons stores in five states.
The buyback appears to erode a Federal Trade Commission order that required Albertsons and Safeway to divest 168 total stores to prevent the new company from having a monopoly in dozens of markets.
… Haggen sold 55 stores at a bankruptcy auction this month for about $47 million, court records show.
Albertsons paid $14.3 million for the 33 stores. Albertsons’ bid price for nearly half of the stores was $1 each, according to a story in The Wall Street Journal. It also assumed liabilities as part of the purchase price.

Worth reading. Tells me something I never would have suspected! For my App developing students.
How a Food-Ordering App Broke into a Crowded Market
It’s not easy to find companies that genuinely do things differently. But for the founders of the takeout-ordering app Eat24, doing things differently is what allowed them to build up their company into an attractive acquisition target – they recently completed a $134 million deal with Yelp.
… It’s true that the founders weren’t technical experts, they had no previous startup experience, and GrubHub already had impressive marketshare. But Eat24 managed to bootstrap their app anyway. Here’s how.
1. Go after “undesirable” customers.
2. Go after “undesirable” media. Oddly enough, Eat24’s biggest break came when they left Google and Facebook as marketing platforms after advertising rates rose. Eat24 instead turned to … porn websites. The marketing expense was 90% cheaper than on Google, Facebook, and Twitter – after all, lots of companies don’t want to advertise on porn sites – but the exposure was 200% higher. Moreover, return customers were four times higher. And they were also reaching new customers — nine out of 10 visitors to Eat24 from the sites were new, and conversion rates blew Facebook away. As Nadav told an Israeli newspaper, “we just let the numbers talk.”
Of course, this makes sense: the audience on porn sites is young, male, more inclined to order food online.

Clearly the Brits do things differently.
Barclays fined for lax crime checks in 'deal of century'
Britain's financial watchdog has fined Barclays (BARC.L) 72 million pounds ($109 million) for cutting corners in checking wealthy customers involved in a huge transaction described by one senior manager as potentially the "deal of the century."
Barclays arranged the 1.9 billion pound transaction in 2011 and 2012 for a number of rich clients deemed by the regulator to be politically exposed persons (PEPs), or people holding prominent positions that could be open to financial abuse.
That should require a bank to conduct more detailed checks on them, but Barclays failed to do so and in fact cut corners with its compliance procedures, Britain's Financial Conduct Authority (FCA) said in a damning report on Thursday.
"Barclays did not follow its standard procedures, preferring instead to take on the clients as quickly as possible and thereby generated 52.3 million pounds in revenue," the FCA said.
Barclays, which received a 30 percent discount on the fine for settling at an early stage in the investigation, said the FCA made no finding that the bank facilitated any financial crime in relation to the transaction or the clients on whose behalf it was executed.
… Just over 52 million pounds of the penalty on the bank comprised disgorgement, meaning clawing back the profit Barclays made on the transaction. That is the largest disgorgement penalty ever imposed by the FCA.
… FCA said Barclays kept details of the clients and transaction off its computer system, and had agreed that if their names were ever revealed it would have had to pay them 37.7 million pounds.
"Barclays restricted the number of its staff who were involved in the business relationship and sought to address the financial crime risks that were associated with it in an ad hoc way," the FCA said in a 37-page notice on the bank's failings.
… The bank also failed to establish adequately the purpose and nature of the deal and did not sufficiently corroborate the clients’ stated source of wealth and source of funds for the transaction, the FCA said.

Real lawyers don't get caught!
AAP reports:
A law student has been charged with hacking the University of Queensland‘s computer system to cheat his way to better marks.
The student allegedly used a staff ID card to break into a staff area and logged on to the private system to upgrade the marks on his papers ahead of graduation, according to News Corp.
Read more on Brisbane Times.

For years we lock ourselves out of this. Probably not a good thing.
Why Cuba Stands Tall in Health Care Metrics
Despite the decades long U.S. trade embargo, Cuba’s health care system has thrived, building a record on major health care metrics that is comparable with not only other countries in the same per capita income bracket, but also with the U.S. Cuba has also made remarkable advances in biotechnology, especially in pediatric vaccines.
… One vaccine developed in Cuba, called CimaVax, promises to be a cheap, safe, effective and easy to administer treatment for lung cancer, according to a recent Knowledge@Wharton report. The vaccine has been developed by the Havana-based Center for Molecular Immunology, and is now being tested for the U.S. market by the Roswell Park Cancer Institute of Buffalo, N.Y.

Perspective. We must look like a country of techies, but what percentage can program their toys?
Smartphone, computer or tablet? 36% of Americans own all three
by Sabrina I. Pacifici on Nov 25, 2015
“A new Pew Research Center analysis finds that 66% of Americans own at least two digital devices – smartphone, desktop or laptop computer, or tablet – and 36% own all three. Fueled in part by the rapid adoption of smartphones and tablets, the share of American adults who own a smartphone, computer and a tablet has doubled since 2012. At that time, only 15% of U.S. adults owned all three devices. The age group most likely to own multiple devices is 30- to 49-year-olds, half of whom report owning all three, according to our 2015 survey data. People who are more affluent and those with more formal education also are more likely to own multiple devices. Whites are a bit more likely than blacks to have all three gadgets, while men and women are equally likely to do so…”

Now do the same with textbooks!
Raspberry Pi Zero: The $5 computer has arrived
The Raspberry Pi Foundation has hit rock bottom. After years of working to lower the cost of hobbyist and educational computing, founder Eben Upton says it can go no further: at just $5 its latest creation is as cheap is it can make a computer.
The $5 Raspberry Pi Zero follows on from the wildly successful Raspberry Pi A, B and 2 computers, which cost $20 to $35.
But despite the staggeringly low price, it still has many of the same features, and runs about 40 percent faster than the Raspberry Pi 1.

No comments: