Monday, August 24, 2009

More pieces are fitting into place.

http://www.databreaches.net/?p=6847

Hacking ring linked to theft at Citibank ATMs

August 23, 2009 by admin Filed under Breach Incidents, Business Sector, Financial Sector, ID Theft, Of Note, Skimmers, U.S.

The hacking ring allegedly at the centre of the world’s largest identity theft [Heartlan, TJX, et alia Bob] last week was also involved in cracking a network of Citibank-branded ATMs in 7-Eleven stores and operated by a third company, a law enforcement source claimed.

[...]

In the case of the Citibank-branded ATMs, the perpetrators penetrated a network linking 2,200 kiosks inside 7-Eleven stores from late 2007 until at least February 2008, the law enforcement sources said.

The ATMs displayed Citibank’s logo. The network and the machines were owned by Texas-based CardTronics, which took in monthly fees from Citi.

[...]

CardTronics said its machines were the ones affected. Its chief marketing officer, Brian Archer, told the Financial Times that the breach occurred on a back-end system that had been outsourced by 7-Eleven, the prior owner of the machines, and had not yet been brought onto CardTronics’ internal network.

Read more on Financial Times.



Not all hacks are attempts at Identity Theft. Some are auditions for jobs at National Lampoon or the Onion.

http://www.theregister.co.uk/2009/08/21/sears_baby_roaster/

Baby-roasting BBQ pulled from Sears site

Red-faced retailer apologizes

By Dan Goodin in San Francisco Posted in Enterprise Security, 21st August 2009 19:20 GMT

In a blunder that might top the Baby Shaker app on Apple's App Store, retailing giant Sears.com has been caught offering a Bar-B-Que grill specially designed to roast infants and other human morsels.

The ad, which was spotted earlier by celebrity news site TMZ, showed a Kenmore natural-gas grill with five burners. A caption above the photo read: "Human cooking > Grills to cook babies and more > Body part roaster."

Sears quickly labeled the cannibal-themed grill a prank that was carried out by someone visiting the company's website.

"We discovered earlier today that someone visiting our site had defaced a limited number of product pages," the company said in a written statement to FOXNews.com. "We've already taken steps to prevent this from happening again."



I think these are a bit older than the article suggests.

http://it.slashdot.org/story/09/08/23/2015208/Real-Time-Keyloggers?from=rss

Real-Time Keyloggers

Posted by kdawson on Sunday August 23, @05:18PM from the taking-a-leaf-from-twitter dept.

The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted:

"By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."



The lawsuit is a strategic tool, which does not mean it is always used wisely.

http://yro.slashdot.org/story/09/08/24/1026205/Model-Drops-Lawsuit-After-Outing-Anonymous-Blogger?from=rss

Model Drops Lawsuit After Outing Anonymous Blogger

Posted by kdawson on Monday August 24, @08:09AM from the you-can-pull-your-pants-up-now dept.

JumperCable writes

"The NY Daily News is reporting that model Liskula Cohen, who was suing the 'Skanks of NYC' blogger for defamation, is dropping the lawsuit now that she has outed the anonymous blogger, who is a Fashion Institute of Technology student named Rosemary Port. This brings up the question of potential abuse of the legal system to 'out' anonymous authors even if there is no intention [probably not easy to prove. Bob] actually to pursue a case against an anonymous individual. Also, according to the article, the outed blogger intends to sue Google for $15 million because it 'breached its fiduciary duty to protect her expectation of anonymity.' Do Web hosting services even have a fiduciary duty to protect their clients, or is this all legal bluff and bluster?"

Should such anonymity-busting court rulings include a provision for penalties if the plaintiff does not follow through with legal action after outing their target?



If it's not important, outsource it. In business this means any task that is not critical to your competitive position. (ATMs, janitorial services, the legal department, etc.) In government, it means anything not currently popular with the voters. (The military)

http://science.slashdot.org/story/09/08/23/180257/NASA-May-Outsource?from=rss

NASA May Outsource

Posted by kdawson on Sunday August 23, @02:57PM from the let-a-thousand-rockets-bloom dept.

The Wall Street Journal is running a piece about the growing momentum behind the idea of NASA outsourcing to private companies everything from transporting astronauts to ferrying cargo into orbit. Quoting:

"Proposals gaining momentum in Washington call for contractors to build and run competing systems under commercial contracts, according to federal officials, aerospace-industry officials and others familiar with the discussions. While the Obama administration is still mulling options and hasn't made any final decisions, such a move would represent a major policy shift away from decades of government-run rocket and astronaut-transportation programs such as the current space-shuttle fleet. ... In the face of severe federal budget constraints and a burgeoning commercial-space industry eager to play a larger role in exploring the solar system and perhaps beyond, ...a consensus for the new approach seems to be building inside the White House as well as [NASA]. ... Under this scenario, a new breed of contractors would take over many of NASA's current responsibilities, freeing the agency to pursue longer-term, more ambitious goals such as new rocket-propulsion technology and manned missions to Mars. ...[T]hese contractors would take the lead in servicing the International Space Station from the shuttle's planned retirement around 2011 through at least the end of that decade."



For specific types of intelligence, it works. It is not going to solve all intelligence problems (answer every question and point to new ones)

http://news.cnet.com/8301-13639_3-10315748-42.html?part=rss&subj=news&tag=2547-1_3-0-20

Social networks--the new front in war on terror

by Mark Rutherford August 24, 2009 6:23 AM PDT

Unnamed intelligence agencies and certain academics have yet to give up on data mining to identify terrorists and predict attacks, despite a 352-page tome published last year pronouncing the practice a waste of time.



No comment. No! Seriously, no comment.

http://www.techcrunch.com/2009/08/23/twitt-sex-because-everything-popular-needs-a-sex-clone/

Twitt Sex: Because Everything Popular Needs A Sex Clone

by MG Siegler on August 23, 2009



Just in case someone (in Marketing) thought we weren't watching, here are ten ways to steal the market from existing companies... (Details omitted)

http://www.pcworld.com/article/170624/10_things_we_hate_about_wireless_carriers.html

10 Things We Hate About Wireless Carriers

The companies that provide cell phone voice and data make their billions by cheating. They must be stopped.

Mike Elgan, Computerworld Aug 21, 2009 2:32 pm

1. You overcharge for service

2. You're a global laggard in new technologies [My pet peeve Bob]

3. Handset discounts are a shell game, not a 'subsidy'

4. You seek new ways to get money for nothing

5. You want to lock me in

6. You aggressively oppose net neutrality

7. You want to lock out competition

8. Your solution to public opposition is more lobbying

9. You're growing too powerful

10. You've forgotten that we own the airwaves



I've been considering sites like these as tools to help students outline complex projects.

http://www.wisemapping.com/c/home.htm

WiseMapping

A mind map is a diagram used to represent words, ideas, tasks or other items linked to and arranged radially around a central key word or idea. It is used to generate, visualize, structure and classify ideas, and as an aid in study, organization, problem solving, and decision making.

It is an image-centered diagram that represents semantic or other connections between portions of information. By presenting these connections in a radial, non-linear graphical manner, it encourages a brainstorming approach to any given organizational task, eliminating the hurdle of initially establishing an intrinsically appropriate or relevant conceptual framework to work within.

[Related:

http://www.mindomo.com/

http://www.text2mindmap.com/



What my students are considering...

http://www.speedcine.com/default.aspx?l=numbers

SpeedCine [Speed-Sinny] makes it easy to find legal feature-length movies on your computer.



Tools & Techniques I can recommend a couple.

http://www.makeuseof.com/tag/20-must-have-bookmarklets-for-your-web-browser/

20 Must-Have Bookmarklets For Your Web Browser

Aug. 24th, 2009 By Ellie Harrison

To add a bookmarklet to your browser, click on the bookmarklet and drag and drop to your bookmarks toolbar. Want to save space? Organize your bookmarklets into a folder in your bookmarks toolbar.

  1. Share on Tumblr – A custom bookmarklet to clip pictures and quotes to a Tumblr tumblelog.

  2. MapThis – Highlight addresses and click on the bookmarklet to generate a Google map of the address.

  3. Bookmaplet – Similar to MapThis, highlight an address in your browser and click on the bookmarklet. It will automatically open a Google Map with the address.

  4. Share on Facebook – Quickly share websites, links and videos on Facebook.

  5. Spell Check – Activate Firefox’s built-in spell checker in any static website. Great for proofreading websites before they are published or double checking someone else’s work.

  6. twitthat! – Share websites, links and videos to your Twitter account.

  7. bit.ly – Shorten links and get great statistics on how many clicks they get with this handy URL shortener. (bit.ly is also the default URL shortener of Twitter.)

  8. Boxqueue – Add videos to your Boxee Queue for viewing later. You must have a Google account and Boxee account to make this bookmarklet work. Visit the My Feeds section in Boxee to watch your saved videos.

  9. Twitter Reactions – Read reactions on Twitter about the page you are currently viewing with this bookmarklet.

  10. Darken – Invert the colors on webpages with a simple click. Some people prefer dark backgrounds and light text, so this bookmarklet’s for you.

  11. BugMeNot – Stop registering for websites and use BugMeNot’s database of usernames and passwords to sign in to “registered users only” websites, like news sites.

  12. GmailThis! – Automatically share links via your Gmail account without having to copy/paste the link.

  13. getASIN – Make Amazon Affiliate links quickly. Just replace usernamehere with your affiliate ID.

  14. WordPress Comments – Fill in the comment form on WordPress powered sites. Change values to your name, email address and blog URL.

  15. Clip to Evernote – Save clips of websites to the popular notebook software Evernote.

  16. DiggThis! – Quickly add new sites to Digg.

  17. Remove Bloat – Remove bloat from websites such as music, background images and more.

  18. Subscribe in Google Reader – Subscribe to RSS feeds in Google Reader, skipping the “Google Reader or iGoogle” selection page.

  19. Google Bookmark – Bookmark websites to your Google Bookmarks account.

  20. Readability – Click on this bookmarklet to clean up websites and make them more readable. [Actually strips images and ads, leaving only the text! Bob]

No comments: