Friday, February 10, 2017

Another widespread, long lasting, high volume attack on credit card systems?  I thought they were completely safe now that cards have chips. 
Fast Food Chain Arby’s Acknowledges Breach
Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants.  Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.
A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.
   Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.
Arby’s has more than 3,330 stores in the United States, and roughly one-third of those are corporate-owned.
   The first clues about a possible breach at the sandwich chain came in a non-public alert issued by PSCU, a service organization that serves more than 800 credit unions.
The alert sent to PSCU member banks advised that PSCU had just received very long lists of compromised card numbers from both Visa and MasterCard.  The alerts stated that a breach at an unnamed retailer compromised more than 355,000 credit and debit cards issued by PCSU member banks.
“PSCU believes the alerts are associated with a large fast food restaurant chain, yet to be announced to the public,” reads the alert, which was sent only to PSCU member banks.
Arby’s declined to say how long the malware was thought to have stolen credit and debit card data from infected corporate payment systems.  But the PSCU notice said the breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017.


For my Computer Security students.  Who is responsible for finding and acting on these warnings?
Thomas Claburn reports:
Administrators of Hadoop Distributed File System (HDFS) clusters have evidently not heeded warnings that surfaced last month about securing software with insecure default settings.
Attacks on Hadoop clusters have wiped the data of at least 165 installations, according to GDI Foundation security researchers Victor Gevers, Niall Merrigan, and Matt Bromiley.  The trio report that 5,300 Hadoop clusters are presently exposed to the internet, some of which may be vulnerable.
Read more on The Register.


I told you this was inevitable.  (So is regulation before comprehension?) 
Lawmakers introduce the Blockchain Caucus
Reps. Jared Polis (D-Colo.) and David Schweikert (R-Ariz.) officially launched the Blockchain Caucus on Thursday.
The caucus will be focused on advocating for “sound public policy toward blockchain-based technologies and digital currencies.”


Irrational, thy name is politician?  What is really going on? 
N.C. wind farm goes live despite legislators' claims it's a national security threat
   Ten North Carolina legislators, including state House Speaker Tim Moore and Senate leader Phil Berger, however, asked the Trump administration to kill the project because of its proximity to the Navy's long-distance surveillance radar installation in Chesapeake, Va., according to an Associated Press report.
Last month, the Pentagon said the wind farm and radar station can operate without detriment to either.  For its part, Avangrid Renewables culled the size of the project, repositioned the turbines and worked with the military to avoid affecting the radar array.


Something for my fellow professors?
Tutorials to Help You Get Started Creating Apps in Your Classroom
The MIT App Inventor is a fantastic tool for any teacher who would like to have his or her students try their hands at creating a working Android app.
The MIT App Inventor works in your web browser (Chrome is recommended).  The only download that is required for App Inventor 2 is the optional emulator.  The emulator allows people who don't have Android devices to text their apps on their desktops.  If you have an Android device then the emulator is not required and you don't need to worry about installing it.  MIT provides excellent support documentation and curriculum for classroom use for new users of App Inventor.  Tutorials are available as videos and as written PDFs.  A couple of the videos are embedded below.