Kmart Payment Systems Infected With Malware
Big box department store
chain Kmart informed customers on Wednesday that cybercriminals may have stolen
their credit or debit card data after installing malware on
the company’s payment processing systems.
Kmart, a subsidiary of Sears Holdings, has not provided
any information on which stores are affected and for how long hackers had
access to its systems. The retailer
operates more than 700 stores, but blogger Brian
Krebs learned from his sources in the financial industry that the
breach does not appear to impact all locations.
It’s unclear what point-of-sale (PoS) malware has been
used in the attack, but the retailer has described it as “a new form of
malware” and “undetectable by current antivirus systems.”
The company’s investigation showed that names, addresses,
social security numbers, dates of birth, email addresses and other personally
identifiable information (PII) have not been compromised. Kmart believes the attackers may have only
accessed payment card numbers.
… This is not the first time Kmart discloses a data breach. In October 2014, the company told customers
that their credit and debit cards may have been stolen after hackers
installed malware on payment systems.
Don’t knock Social Security. At least they did something! Maybe in a few years they will catch up to
NIST.
Social Security Administration Adopts What NIST is
Deprecating
As of June 10 2017, users of the Social Security Administration (SSA)
website will be required to use two-factor (2FA) authentication to gain access.
Potentially, this could affect a vast
number of American adults, who will be required to enter both their password
and a separate code sent to them either by SMS or email text.
What is surprising is that in July 2016, NIST deprecated
SMS-based 2FA in special publication 800-63B: Draft Digital Identity
Guidelines. It should be noted this is
still a draft, and not yet a formal standard that government agencies are
required to meet; but nevertheless, it specifically says, "OOB [2FA] using
SMS is deprecated, and may no longer be allowed in future releases of this
guidance." It seems strange, then,
that the SSA should introduce precisely what NIST deprecates.
Silicon Valley jumps on this every year, so it is probably
worth a look.
Annual Internet Trends Presentation from Mary Meeker – 2017
by Sabrina
I. Pacifici on May 31, 2017
“Here are a few initial takeaways via TechCrunch:
- Smartphone sales and Internet penetration growth are both slowing
- It’s not really a “shift to mobile” as much as “the addition of mobile”, since desktop usage hasn’t declined much while mobile usage has skyrocketed to over three hours per day per person in the US
- There’s still more time spent on mobile than ad spend, indicating forthcoming windfalls for mobile ad platforms
- Google and Facebook control 85% of online ad growth
- Internet ad spend will surpass TV spend within six months
- Streaming music led by Spotify surpassed physical music sales, giving recorded music its first revenue growth in 16 years
- eSports are exploding, with viewing time up 40% year over year, and an equal number of millennials strongly preferring eSports vs traditional sports
- Email spam with malicious attachments is exploding as cloud usage increases, so be careful what you click
- Tech companies drive wealth creation in China, where people pay for livestreaming, and bike sharing usage is skyrocketing
- Falling data costs are driving increasing Internet adoption in India, but smartphone prices remain too high
- 60% of the most-highly valued tech companies in America were founded by first or second generation Americans while 50% of the top private startups were founded by first-gen immigrants…”
The start of a trend?
Rebecca Yergin writes:
On May 16, 2017, Governor Jay
Inslee signed into law H.B.
1493—Washington’s first statute governing how individuals and non-government
entities collect, use, and retain “biometric identifiers,” as defined in the
statute. The law prohibits any “person”
from “enroll[ing] a biometric identifier in a database for a commercial
purpose, without first providing notice, obtaining consent, or providing a
mechanism to prevent the subsequent use of a biometric identifier for a
commercial purpose.” It also places
restrictions on the sale, lease, and other disclosure of enrolled biometric
identifiers. With the new law,
Washington has become only the third state after Illinois
and Texas
to enact legislation that regulates business activities related to biometric
information. Although the three laws
seek to provide similar consumer protections around the collection, use, and
retention of biometric data, the Washington law defines the content and
activity it regulates in different terms, and, similar to Texas, but unlike
Illinois, the Washington law does not provide
a private right of action.
Read more on Covington & Burling Inside
Privacy.
Not intended to be amusing.
China’s New Cybersecurity Law Leaves Foreign Firms Guessing
As China moves to start
enforcing a new cybersecurity law, foreign companies face a major problem: They
know very little about it.
… The law would
require that companies store their data within China, and would impose security
checks on companies in sectors like finance and communications. Individual users, meanwhile, would have to
register with their real names to use messaging services.
But Mr. Chang
said that officials had conveyed “less than half” of the specifics of how the
law would be implemented.
“A wide range of
companies are doing data transfers — it’s the lifeblood of their business,” he said.
Executives have complained that the wording of the law is
ambiguous, fearing that it gives China’s ruling Communist Party substantial
leeway to target them.
(Related). Perhaps
this will eventually help.
The Global Law Search Engine
by Sabrina
I. Pacifici on May 31, 2017
“Global-Regulation Inc. Vision: To make all of the world’s
laws accessible to users in a way that’s as easy as a Google search. The Global Law Search Engine –
Search 1,610,446 laws from 90 countries, in English. Find, compare and analyse more than 825,000
laws translated into English from 26 languages. If our database was a book it would be
approximately 7.67 million pages (2,108,193,898 words).”
Perspective. I had
not considered the impact on organ donation. A good article to start the debate.
How Robo Cars Will Impact Everything Else
• Programmers will be forced to make life-and-death
decisions in advance, until regulators create guidelines. For example, if a pedestrian darts out in
front of a passenger-carrying robo-car, should the computer prioritize the life
of the passenger or the pedestrian? Does
it matter if there are two pedestrians and one passenger? Will consumers embrace self-driving cars that
don’t give their lives, and their lives of their families, top priority in all
cases?
• Waiting lists for organ donations will grow longer, as
car accidents, especially fatal ones, become rarer.
Okay, Blockchain has arrived.
$35 Million in 30 Seconds: Token Sale for Internet Browser
Brave Sells Out
Brave, the upstart web browser founded by Mozilla
co-founder Brendan Eich, completed an initial coin offering (ICO) today that is
likely to be distinguished for its speed and earnings.
Overall, the sale for Brave's ethereum-based
Basic Attention Token (BAT) generated about $35m and was sold out within blocks, or under 30 seconds.
Somehow, I have little sympathy for anyone who could not
out poll Donald Trump. This seems far
more like “sour grapes” than I would have expected. How long will we need to listen to this
whining?
Hillary Clinton Was the First Casualty in the New Information
Wars
The former presidential nominee made her case that a Russian-backed
“conspiracy” to “weaponize” social media took down her campaign.
… “I take
responsibility for every decision I made,” Clinton said, “but that is not why I
lost.”
No comments:
Post a Comment