Friday, December 18, 2015

So a vendor turned off the security and someone wandered into the “forbidden zone.” Unlikely to cost (or gain) anyone the election. It is amusing however.
DNC: Sanders campaign improperly accessed Clinton voter data
Officials with the Democratic National Committee have accused the presidential campaign of Sen. Bernie Sanders of improperly accessing confidential voter information gathered by the rival campaign of Hillary Clinton, according to several party officials.
Jeff Weaver, the Vermont senator’s campaign manager, acknowledged that a low-level staffer had viewed the information but blamed a software vendor hired by the DNC for a glitch that allowed access. Weaver said one Sanders staffer was fired over the incident.
The discovery sparked alarm at the DNC, which promptly shut off the Sanders campaign’s access to the strategically crucial list of likely Democratic voters.
… NGP VAN, the vendor that handles the master file, said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other campaigns, said the company’s chief, Stu Trevelyan.
… “Sadly, the DNC is relying on an incompetent vendor who on more than one occasion has dropped the firewall between the various Democratic candidates’ data,” he said.

(Related) Why Hillary will have the DNC crack down.
Bernie Sanders Can Still Catch Hillary Clinton In Iowa
… Sure, she’s almost certainly going to win the nomination. But if I were running the Clinton campaign, I’d still be a little nervous. C linton’s lead in Iowa isn’t safe; Bernie Sanders could win the caucuses. And with expectations for her as high as they are, a Clinton loss in Iowa (or even an underwhelming win) would cause her campaign a lot of heartache.

Another indication that the card readers (or payment processors) are being tapped?
Brian Krebs reports:
Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s.
Update, 2:57 p.m. ET: Landry’s has acknowledged an investigation. Their press release is available here (PDF).
[From Krebs:
Industry sources told this author that the problem appears to have started in May 2015 and may still be impacting some Landry’s locations.
… Restaurants are a prime target for credit card thieves, mainly because they traditionally have not placed a huge emphasis on securing their payment systems. The attackers typically exploit security vulnerabilities or weaknesses in point-of-sale devices to install malicious software that steals credit and debit card data.

Local. Probably not related to the Landry article above.
Brian Krebs reports:
Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores.
Read more on KrebsOnSecurity.
In at least two locations where skimmers were found in California, the skimmers did not compromise any customer data, according to a corporate spokesperson.

Not a lot of detail, but generally true.
That Wearable Device Under Your Tree Is Their Next Target
Wearables are atop gift lists this year as Fitbit continues to grow and Apple is expected to sell six million Watches in the next month alone. Wearable-renting company Lumoid says it receives at least one new wearable device each week saying they “sometimes can’t keep up, especially now with the holiday season coming up.”
There are more wearables on the market than ever before but experts like Good Technology’s John Herrema say manufacturers aren’t prepared to keep such a massive scale of users secure.

The pendulum swings again.
Over on TechDirt, Time Cushing writes:
It’s a lower-level decision but it still means something. Well, a couple of somethings. First off, it appears Connecticut law enforcement probably shouldn’t continue seeking “live” cell site location information without a warrant. It also appears the law enforcement agency involved doesn’t have access to a cell site simulator (Stingray, etc.).
Read more on TechDirt.
[From TechDirt:
This sort of collection is nothing new. Many law enforcement agencies act under the belief that location information is just another business record, subject to fewer restrictions and a lower level of privacy protections. Generally speaking, courts have found the acquisition of historical cell site location data without a warrant to have minimal impact on Fourth Amendment protections. Using this information as a tracking device, however, has generated plenty of friction in the judicial system, something that probably won't be resolved until the Supreme Court tackles it.

The FTC gets to brag, LifeLock get to keep on scamming?
Identity Theft Security Firm Fined $100 Million for Lapses
The US Federal Trade Commission said its settlement with LifeLock came after the company failed to comply with a 2010 federal court order requiring it to secure consumers' personal information and prohibiting deceptive advertising.
It is the largest monetary award obtained by the commission in an order enforcement action, the FTC said.
"This settlement demonstrates the Commission's commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data," said FTC Chairwoman Edith Ramirez.
A company statement Thursday said the settlement would "enable LifeLock to move forward with a singular focus on protecting our members from threats to their identity."
It said the allegations by the FTC related to ads and practices that have been discontinued.
"There is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise," the statement said.

Too many users (voters?) to lock them out for long.
Brazilian court reinstates WhatsApp
A Brazilian court dealt a legal victory Thursday to the popular app WhatsApp, hours after another judge suspended the messaging tool.
In the second ruling, the court found that it was unreasonable to cut off access to the app for tens of millions of people because the company failed to comply with a court order. Agence France-Presse said the service was working again in the country.

Isn't this similar to the Kim Dotcom argument?
Internet provider Cox Communications is responsible for the copyright infringements of its subscribers, a Virginia federal jury has ruled. The ISP is guilty of willful contributory copyright infringement and must pay music publisher BMG $25 million in damages.
Today marks the end of a crucial case that will define how U.S. Internet providers deal with online piracy in the future.
Following a two-week trial a Virginia federal jury reached a verdict earlier today (pdf), ruling that Cox is guilty of willful contributory copyright infringement.
The case was initiated by BMG Rights Management, which held the ISP responsible for tens of thousands of copyright infringements that were committed by its subscribers.
During the trial hearings BMG revealed that the tracking company Rightscorp downloaded more than 150,000 copies of their copyrighted works directly from Cox subscribers.
It also became apparent that Cox had received numerous copyright infringement warnings from Rightscorp which it willingly decided not to act on.
… A week before the trial started Judge O’Grady issued an order declaring that Cox was not entitled to DMCA safe-harbor protections, as the company failed to terminate the accounts of repeat infringers.
BMG also argued that the ISP willingly profited from pirating subscribers, but the jury found that there was not enough evidence to back this up.
The verdict is bound to cause grave concern among various other U.S. Internet providers. At the moment it’s rare for ISPs to disconnect pirating users and this case is likely to change that position.

Perspective. Gee, the TV Ads make it sound so much faster. Reality: The US isn't in the top 10.
Akamai: Global average Internet speed grew 14% to 5.1 Mbps, only 5.2% of users have broadband
Global average connection speeds rose 14 percent year over year to 5.1 Mbps in Q3 2015. Unfortunately, just over 5 percent of users now have broadband speeds of at least 25.0 Mbps. The latest figures come from Akamai, which today published its quarterly State of the Internet Report for Q3 2015.

12 Social Media Facts and Statistics You Should Know in 2016

Obey the law, become a victim? Should we program them to break the law when they think they can get away with it? With some simple analysis (which may already exist) we will know when humans are likely to “cheat” and just add that to their software.
Humans Are Slamming Into Driverless Cars and Exposing a Key Flaw
The self-driving car, that cutting-edge creation that’s supposed to lead to a world without accidents, is achieving the exact opposite right now: The vehicles have racked up a crash rate double that of those with human drivers.
The glitch?
They obey the law all the time, as in, without exception.
… “It’s a constant debate inside our group,” said Raj Rajkumar, co-director of the General Motors-Carnegie Mellon Autonomous Driving Collaborative Research Lab in Pittsburgh. “And we have basically decided to stick to the speed limit. But when you go out and drive the speed limit on the highway, pretty much everybody on the road is just zipping past you. And I would be one of those people.”

This may explain a lot…
Former top Clinton aide: 'I want to avoid FOIA'
A former top aide to Hillary Clinton appeared to joke with reporters that he wanted to avoid open records laws, years before his and other Clinton aides’ use of private email accounts became an issue for her presidential campaign.
“I want to avoid FOIA,” Philippe Reines, Clinton’s combative former adviser, wrote in an email to journalists Mark Halperin and John Heilemann in February 2009, referring to the Freedom of Information Act.
The email was revealed Thursday as part of a lawsuit launched by Gawker earlier this year.
The message was apparently sent before Reines took a job at the State Department and is being dismissed by his lawyers as a joke.
Yet critics of Clinton are likely to view it more seriously, given long concerns that the use of personal email accounts by Reines, Clinton and other top officials not only skirted government recordkeeping laws but may have jeopardized national security.

(Related) Maybe? Could this be a common practice?
Pentagon Chief Admits 'Mistake' in Using Personal Email
US Defense Secretary Ashton Carter acknowledged Thursday making a "mistake" when he used his personal email for government business in the early part of his tenure, triggering concerns hackers could access sensitive information.

Interesting App, but my wife, the “power shopper” has “Buy now, have husband pay later” as her operative philosophy.
Pinterest Launches A New Way To Track Price Drops On Buyable Pins
Pinterest has a new way to entice users to come back and buy things: keeping tabs on the price.
That comes in the form today of a new tool that helps Pinterest users monitor price drops on products they’ve pinned. When users save pins, they’ll get a heads up when a price drops in the form of an in-app notification and an email. They can then jump straight to that pin and make the purchase.
… In the end, this is likely about getting Pinterest users to come back and buy products on Pinterest. Though the company might not treat commerce as a strong monetization channel just yet alongside its advertising business, it helps get users to come back to Pinterest over and over again. That, in general makes the service more sticky — giving it an opportunity to better monetize its user base.

For my students who read!
Shelfie Helps You Find Ebook and Audiobook Versions of Books
Shelfie is a neat Android and iOS app that can help you find audiobook and ebook versions of your favorite books. To use Shelfie simply take a picture of a book and the app will search for an ebook or audiobook version of a book. Some of the ebooks and audiobooks that the app locates are free and others require a purchase. The app also allows you to create a shelf of your books.

No comments: