Wednesday, September 27, 2017

Like many breach victims, Sonic did not detect their own breach.
Fast-food chain Sonic notified of unusual credit card activity
Sonic Corp said Tuesday that its credit card processor notified the company of unusual credit card activity at its drive-in restaurants.
The chain was informed that the activity could have affected a number of its payment systems, according to Reuters.
The news was first reported by security blog, KrebsonSecurity, who also claimed that the activity could have led to massive amounts of stolen credit and debit card numbers.
Sonic has more than 3,600 locations in 45 states across America, but there is no word yet on how many people may have possibly been affected.

Crime is becoming automated and therefore easier.
Europol Warns Banks ATM Cyber Attacks on the Rise
Previously criminals used physical 'skimming' devices or USB sticks or CDs to install malware within ATMs but since 2015 "a new and unnerving trend... has been picking up speed," Europol said in a 40-page report on the latest ATM crime trends.
"The criminals have realised that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the (bank's) network," the report said, which was published in conjunction with the Trend Micro security software company.
One of the tricks used by hackers is to send a so-called phishing email to bank employees which once opened, contains software to penetrate the bank's internal computer network.
Once the ATM has been targeted and told to dispense the money "standby money 'mules' will pick up the cash and go."

We need an App. We’ll worry about security when and if it bites us?
Stock trading apps rife with security problems, says new research
Top stock-trading mobile apps have security problems that are easy to uncover and exploit, to the point that they could be used to hijack accounts or profile victims for other types of crime, according to new research.
Alejandro Hernandez at IOActive looked at 21 top trading apps, including TD Ameritrade, Charles Schwab, E-Trade, Fidelity and others.
“It’s certainly worse than I was expecting,” he told The Hill.
Twelve of the 21 apps did not validate the security certificate for, making it possible for an attacker to eavesdrop or even alter logins or transactions.
Two did not use encryption at all.
All but one of the apps would operate on a phone that had been “rooted,” meaning that core permissions for who could have full access to the phone. Banking apps commonly will not operate on rooted phones.
Many apps saved passwords and account data in unencrypted text on the phone, placed data that should be kept secret into the source code in ways attackers could find it or contained other security flaws.

Should you assume this is happening in all Chinese (and other) Apps?
Android App Siphons Data on 200 Million Users
A popular Android keyboard application with over 200 million downloads was found gathering user information sending the data a remote server, Adguard reveals.
The offending application, GO Keyboard, has two versions available in Google Play, namely GO Keyboard - Emoji keyboard, Swipe input, GIFs and GO Keyboard - Emoticon keyboard, Free Theme, GIF, each with over 100 million downloads to date.
The keyboard is developed by Chinese firm GOMO, which has numerous applications in the mobile app store, under two developer accounts, namely GOMO Dev Team and GOMO Apps.
According to Adguard security researchers, the applications were designed to siphon a large amount of user data, including Google account emails, device language, IMSI, location, network type, screen size, Android version and build, and device model.
The data is gathered and sent to a remote server without explicit user consent, the researchers reveal. Furthermore, the practice also contradicts the application’s privacy policy, which claims that the software will never collect user personal information.

I suppose this will help them find terrorists who talk a lot about being a terrorist, but what about those who don’t?
DHS planning to collect social media info on all immigrants
The Department of Homeland Security has moved to collect social media information on all immigrants, including permanent residents and naturalized citizens.
A new rule published in the Federal Register last week calls to include "social media handles and aliases, associated identifiable information and search results" in the department's immigrant files.
BuzzFeed News first reported the new rule on Monday. It is set to go into effect on Oct. 18 after a public comment period.

Will this mean fewer, but more understandable Tweets from President Trump? Somehow, I doubt it.
Twitter just doubled the character limit for tweets to 280
… Twitter said today that it has started testing 280-character tweets, doubling the previous character limit, in an effort to help users be more expressive. “Our research shows us that the character limit is a major cause of frustration for people tweeting in English,” the company said in a blog post. “When people don’t have to cram their thoughts into 140 characters and actually have some to spare, we see more people Tweeting — which is awesome!”

How to tweet with 280 characters right now

Strange and interesting.
The Coming Software Apocalypse
A small group of programmers wants to change how we code—before catastrophe strikes.
There were six hours during the night of April 10, 2014, when the entire population of Washington State had no 911 service. People who called for help got a busy signal. One Seattle woman dialed 911 at least 37 times while a stranger was trying to break into her house. When he finally crawled into her living room through a window, she picked up a kitchen knife. The man fled.
The 911 outage, at the time the largest ever reported, was traced to software running on a server in Englewood, Colorado. Operated by a systems provider named Intrado, the server kept a running counter of how many calls it had routed to 911 dispatchers around the country. Intrado programmers had set a threshold for how high the counter could go. They picked a number in the millions.
Shortly before midnight on April 10, the counter exceeded that number, resulting in chaos. Because the counter was used to generating a unique identifier for each call, new calls were rejected. And because the programmers hadn’t anticipated the problem, they hadn’t created alarms to call attention to it.
… software becomes unruly because the media for describing what software should do—conversations, prose descriptions, drawings on a sheet of paper—are too different from the media describing what software does do, namely, code itself. Too much is lost going from one to the other.

For the student toolkit.
Do you need to digitize any printed text so you can maintain a soft copy of it? After all, there are a lot of advantages to going paperless. If so, all you need is an optical character recognition (OCR) tool.
We’ve covered several online OCR tools in the past, but nothing really beats the convenience of being able to digitize documents right from your Android phone.

No comments: