Eddie Bauer Is Latest Retailer Infected With Data Breach
Malware
Just days after hotel operator HEI said 20 of its hotels
had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and
Canada had also been the victim of a malware attack.
Cleaning up the mess won’t be cheap—Eddie Bauer said
Thursday that it had arranged for all customers who made purchases and returns
during this period to get free
identity protection services from Kroll for the next year.
… Eddie Bauer’s
terminals were infected on various dates between January 2 and July 17 of this
year. Since it discovered the infection,
it said, it has strengthened its security.
… “We have been
working closely with the FBI, cybersecurity experts and payment card
organizations, and want to assure our customers that we have fully identified and contained the incident and that
no customers will be responsible for any fraudulent charges to their accounts.”
At least it’s not Pokémon!
Catalin Cimpanu reports:
Data breach index service LeakedSource has told Softpedia
that it has received the full database and source of Leet.cc, a service for creating and running
Minecraft Pocket Edition servers.
According to a LeakedSource
spokesperson, the database includes records for 6,084,276 users that have
signed up with Leet.cc.
For each user, the data included
a username, a hashed password, the registration and last login dates, and a
user ID. For the vast majority of users,
but not for all, there was also an email address associated with their account.
Read more on Softpedia.
Be careful if you use this to keep track of your kids!
Maker of web monitoring software can be sued, says court
The maker of so-called spyware program WebWatcher can be
sued for violating state and federal wiretap laws, a U.S. appeals court has ruled, in a case that may have broader
implications for online monitoring software and software as a service.
… Awareness
pitches WebWatcher as monitoring software for parents and employers. "All WebWatcher products install easily
in 5 minutes or less, are undetectable (thus tamper proof) and all recorded
data is sent to a secure web-based account which allows you to monitor kids and
employees at your convenience from any computer," the company
says.
… The case also
may have implications for corporate monitoring of employees when those
employees correspond with people outside the company, added Braden Perry,
a regulatory and government investigations attorney with Kansas City-based Kennyhertz Perry.
"If services monitor in 'real-time' even with the
employees’ consent, those that the employee corresponds with may have a cause
of action," he said by email. "This
decision not only places potential liability on the individual using the
service but the service itself."
Hands off? That’s a
new idea in government. (I agree, but
now I’m also suspicious!)
The US government’s fix for airlines’ tech problems is to do
nothing
From the US to UK to India and elsewhere, technical
failures have been plaguing the commercial aviation industry in recent years. We’ve counted 24
major disruptions in the US since 2015. Yet, the US Department of Transportation has
no plans to try to regulate the industry into technical resiliency.
A spokesperson for the DOT told Quartz that the agency is
of the opinion that the high cost of glitches is the only needed deterrent to
prevent future outages.
… According to the
DOT, the combined incentives to avoid losing revenue, keep performance metrics
high and have happy customers are “likely a more effective incentive than
detailed regulations concerning the carriers’ IT systems.” [How Adam Smith-like. Bob]
… Other than
systems that are directly related to aviation safety the department “does not
inspect or regulate airlines’ IT systems,” according to the DOT’s statement.
Nonetheless,
the issues have attracted the attention of members of the US Congress. Two Senators, Edward Markey (D-Mass.) and
Richard Blumenthal (D-Conn.), have sent letters to US airlines requesting
information about what the carriers are doing to prevent future outages and
how it deals with them when they do.
(Related) Another version of “hands-off?” “We’re going to sanction them, but not really.”
U.S. Grants ZTE Another Extension of Trade-Sanctions Relief
The U.S. government extended a lifting of sanctions
against ZTE Corp. for
the second time, as the Chinese maker of telecommunications equipment works to
repair its reputation after allegedly violating U.S. trade rules.
In a statement Thursday, the U.S. Commerce Department said
its temporary sanctions relief will be extended to Nov. 28, which allows ZTE to
continue working with U.S. suppliers.
… The U.S.
Commerce Department added ZTE to its “Entity List,” a list of foreign groups or
individuals that present risks to U.S. national security or foreign policy
interests.
The department alleged that ZTE violated
rules restricting exports of U.S. technological goods to Iran.
… But just two
weeks after announcing its sanctions, the U.S. granted ZTE a temporary reprieve
through June 30, saying that the temporary license it was granting ZTE would be
renewable if the Chinese company cooperated fully. In June, the U.S. government extended the
temporary relief through Aug. 30.
Why?
Yik Yak completes a pivot away from anonymity with status
messages and a feed of nearby users
In March, the college-centric social network Yik Yak took
a step away from its origins in anonymity by asking users to
create "handles" that they could optionally attach to their posts.
Today the company is eliminating the last traces of anonymity from its app,
requiring users to create handles that will be attached to their activity on
Yik Yak.
… The result feels
much more like a chat app than the Yik Yak of old, which served as a kind of
(anonymous) community bulletin board for discussing in-jokes and campus events.
Droll and his co-founder, Brooks
Buffington, positioned the new version of Yik Yak as a way to help its users
feel more connected to the world around them. But it’s also an acknowledgement of what
founders of social networks have come to accept as a law of gravity: apps that don’t require users to establish a
persistent identity are doomed to fail. Secret,
Ask.fm,
Formspring — each app allowed users to post or send messages anonymously,
and each saw an early spike in users only to fade when their novelty wore off.
Another technique for my Crypto students.
This algorithm can hide messages in dance music
It's long been known that secret messages can be included
in music through techniques such as backmasking,
but now a Polish researcher has developed an entirely new approach. By subtly varying the tempo of a particular
type of dance music, he's managed to encode information in a way that's completely
inaudible to human listeners.
… His paper is now available
online.
No comments:
Post a Comment