Tuesday, July 12, 2016
My Computer Security students would never do this – at least not while I can determine their grade!
Omni Hotels Subtly Discloses Payment System Hack
In what I like to call a cowardly Friday afternoon data breach disclosure, Omni Hotels disclosed that several of its hotel properties were impacted by malware infecting its point-of-sale (PoS) systems.
In an attempt to miss the news cycle and fly below the radar, companies often make data breach incidents public on Friday afternoons. While Omni Hotels is not alone in this tactic, the company did go a bit further in an effort to bury the incident, despite claiming that the privacy and protection of their guests’ information is a matter they take very seriously.
In analyzing the page hosting the breach notice, SecurityWeek discovered lines of code that specifically instruct search engines such as Google to not index the page and not include it in search results.
For my Data Management students.
To succeed in IoT, hire a chief data officer
For many businesses, ownership of the Internet of Things (IoT) lies within a number of C-suite titles. At Coca-Cola Enterprises, the CIO oversees IoT. At Amazon, it’s the CTO. At GM, the Chief Infotainment Officer and CTO co-manage IoT.
But IoT demands an interdisciplinary approach, whether the desired outcome is to streamline internal processes, introduce new customer experiences or uncover new revenue. This requires collaboration among multiple business units, some of which traditionally work independently from each other, such as IT and operations.
… Whether the world will have 20 billion, 34 billion or 50 billion connected devices by 2020, the industry hasn’t reached a consensus. But analysts can agree that those devices generate massive amounts of data — to the tune of 44 trillion gigabytes — so the more important issue is what companies do with all the information, whether they harness it to develop new services, improve internal collaboration processes or find fresh ways to interact with customers.
(Related) Sometimes it takes a while for the laws/regulations/processes to catch up.
Tom Spring reports:
Late last month, TrapX Labs’ security team spotted an uptick in the prevalence of a new more virulent strain of malware targeting hospitals and their IoT equipment. Researchers discovered attackers targeting unpatched medical equipment running Windows XP and Windows 7 with variations of attacks such as the Conficker worm, long thought obsolete. The malware, TrapX said, now has an enhanced ability to laterally move within a network and target specific types of medical devices that have a strong likelihood of connecting to backend medical record systems.
But patching or ridding devices of malware is also complicated, for reasons many members of the public may not realize:
The logical fix for infected IoT gear is to scrub the equipment of the malware and add security software. But that’s rarely an option. In many cases, when hospitals become aware of malware infection on MRI machines, ultrasound equipment and drug pumps their hands are tied by Federal Drug Administration rules that prevent changes in equipment software. “The FDA has strict rules and regulations about medical devices and what updates, firmware or patches can be applied to those systems,” Chon said. “When an MRI machine gets approved by the FDA it’s considered a diagnostic equipment or a treatment. FDA rules state any changes made to that system have to go back through the FDA certification process,” he said.
Read more on Threatpost.
“If we like the decision, we’ll abide by it, if we don’t like the decision, it never happened.”
South China Sea: Hague rules in favor of Philippines over China
An international tribunal in the Hague ruled in favor of the Philippines in a maritime dispute Tuesday, concluding that there was no legal basis for China to claim historic rights to the bulk of the South China Sea.
China rejected the decision by the Permanent Court of Arbitration, which is likely to have lasting implications for the resource-rich hot spot, which includes one of the world's busiest sea lanes.
"China neither accepts nor recognizes it," the Ministry of Foreign Affairs said in a statement.
Perspective. Not sure how I would use this information.
We touch our phones 2,617 times a day, says study
We’re obsessed with our phones, a new study has found. The heaviest smartphone users click, tap or swipe on their phone 5,427 times a day, according to researcher Dscout.
That’s the top 10 percent of phone users, so one would expect it to be excessive. However, the rest of us still touch the addictive things 2,617 times a day on average. No small number.
… For more on how this study was conducted, you can download a PDF of the report.
Google’s response to Apple’s development University plan. (See Sunday’s blog)
Google Plans to Train 2 Million Developers for Android
Google launched a program to train 2 million developers in India for its Android platform as its fires up a race with Apple Inc. for the country’s developers to create innovative mobile apps.
The Android Skilling program will be introduced for free across hundreds of public and private universities and training schools through a specially designed, in-person program this year. The program would also be available through the government’s National Skills Development Corporation of India, the company said in a statement.