Saturday, August 26, 2017

Other than those few bugs, how do you like the technology?
PoS Flaws Allow Hackers to Steal Card Data, Change Prices
Researchers at ERPScan discovered that SAP’s POS product, which is part of the company’s SAP for Retail offering, was affected by several flaws.  Specifically, the system’s server component, Xpress Server, lacked important authorization checks for critical functionality.
This allows an attacker with access to the system to send malicious configuration files to Xpress Server and gain complete control of both the frontend and backend of the PoS system.
A hacker can abuse tens of commands, allowing them to steal data from all the credit and debit cards used at the targeted store, and apply special prices and discounts to specified items.  These discounts can be applied for specified times so that an item has a small price only when fraudsters go to purchase it.  Fraudsters can also set up the system so that their purchases are charged to the previous customer’s card.
   the connections between POS workstation and the store server turn out to be the weakest link. They lack the basics of cybersecurity - authorization procedures and encryption, and nobody cares about it. So, once an attacker is in the Network, he or she gains full control of the system.”

Probably not the best way to convince the judge that you are not part of a vast criminal conspiracy.  Should the lawyer have made this public?  
Fraud Forces WannaCry Hero's Legal Fund To Refund All Donations
The vast majority of money raised to pay for the legal defense of beloved [? Bob] British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says.
Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser.  He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those.

If this is easy for Facebook, imagine what Intelligence Agencies can do.
Rebecca Porter and I were strangers, as far as I knew.  Facebook, however, thought we might be connected.  Her name popped up this summer on my list of “People You May Know,” the social network’s roster of potential new online friends for me.
The People You May Know feature is notorious for its uncanny ability to recognize who you associate with in real life.  It has mystified and disconcerted Facebook users by showing them an old boss, a one-night-stand, or someone they just ran into on the street.
   On any given day, it tended to recommend about 160 people, some of them over and over again; over the course of the summer, it suggested more than 1,400 different people to me.  About 200, or 15 percent of them, were, in fact, people I knew, but the rest appeared to be strangers.
And then there was Rebecca Porter.  She showed up on the list after about a month: an older woman, living in Ohio, with whom I had no Facebook friends in common.  I did not recognize her, but her last name was familiar.  My biological grandfather is a man I’ve never met, with the last name Porter, who abandoned my father when he was a baby.  My father was adopted by a man whose last name was Hill, and he didn’t find out about his biological father until adulthood.
   I sent the woman a Facebook message explaining the situation and asking if she was related to my biological grandfather.
“Yes,” she wrote back.
Rebecca Porter, we discovered, is my great aunt, by marriage.  She is married to my biological grandfather’s brother; she met him 35 years ago, the year after I was born.  Facebook knew my family tree better than I did
“I didn’t know about you,” she told me, when we talked by phone.  “I don’t understand how Facebook made the connection.”  
   Facebook is known to buy information from data brokers, and a person who previously worked for the company and who is familiar with how the tool works suggested the familial connection may have been discerned that way.  But when asked about that scenario, a Facebook spokesperson said, “Facebook does not use information from data brokers for People You May Know.”
What information had Facebook used, then?  The company would not tell me what triggered this recommendation, citing privacy reasons.  A Facebook spokesperson said that if the company helped me figure out how it made the connection between me and my great aunt, then every other user who got an unexpected friend suggestion would come around asking for an explanation, too.  
   Now, when I look at my friend recommendations, I’m unnerved not just by seeing the names of the people I know offline, but by all the seeming strangers on the list.  How many of them are truly strangers, I wonder—and how many are connected to me in ways I’m unaware of.  They are not people I know, but are they people I should know?

Probably not soon, but eventually.
The Next Big Thing: Energy-Saving Graphene Computers with 1,000x Speed and Efficiency
Today, researchers from Northwestern University, University of Texas at Dallas, University of Illinois at Urbana-Champaign, and University of Central Florida have joined minds together in the development of a graphene-based transistor.
   Transistors function as on and off switches, forming logic gates in computers when placed in various arrangements.  These logic gates enable microprocessors to solve complex logic and arithmetic problems.  But, since 2005, the speed of computer microprocessors which utilize silicon transistors have clock speeds mostly in the 3 to 4 gigahertz range only.
   According to the team, with a cascading series of graphene transistor-based logic gates, a computer could have clock speeds near the terahertz range, thus making it a thousand times faster and more efficient than today’s computers.
Graphene computers also use lesser energy, only a hundredth of the power consumed by silicon-based ones.  Moreover, computers could be designed smaller in size


No comments: