Yet another indication that “crafty” is not an adequate level of security.
http://www.databreaches.net/?p=19619
Class Slams Michaels for Data Breach
July 14, 2011 by admin
Chris Fry reports on yet another potential class action lawsuit against Michael’s Store – and it includes a timeliness of notification claim:
Michaels Stores took almost 3 months to warn customers that their debit cards’ PIN numbers may have been stolen by skimming devices in at least 20 states, a class action claims in Passaic County Court.
The class claims that between Feb. 8 and May 6 this year “an unidentified third-party or third-parties tampered with Michaels payment processing equipment and gained access to the extremely sensitive financial information of thousands of Michaels consumers in at least twenty states.”
The class claims the company “failed to take any commercially reasonable steps to safeguard its customers’ nonpublic, sensitive, personal and financial account information … making its consumers an easy target for third-party skimmers.”
And, the class adds: “After the security breach occurred, Michaels further harmed its customers by delaying notifying them for almost three months after the security breach began. … On May 5, 2011, almost three months after the security breach occurred, the company sent the belated email alert to some of its customers.”
What’s more, the email alert was less than honest, the class claims: “Despite knowing of the data breach for weeks, if not months, Michaels stated in the email alert, ‘Michaels has just learned that it may have been victim of PIN pad tampering in the Chicago area and that customer credit and debit card information may have been compromised.’”
Read more on Courthouse News. The New Jersey case is Rosenfeld v. Michaels Stores
(Related) And new victims are being recruited every day...
http://www.databreaches.net/?p=19622
Ankeny police: Review debit-card statements for fraud
July 14, 2011 by admin
And yet more reports of fraud coming from Iowa:
The Ankeny Police Department is asking area residents to review their bank statements for fraudulent charges related to use of debit cards and PIN numbers.
Ankeny police said in a news release Wednesday that although they cannot determine the exact date or time debit card and PIN numbers were compromised, use of this stolen information occurred last weekend. Credit cards were not involved in this scam, officials said.
Ankeny police have recorded nearly 60 reported incidents and financial institutions in the city are collectively reporting several hundred customers affected.
[...]
The Michael’s arts and crafts chain has said its Ankeny store was one of 84 nationwide where PIN terminals were tampered with, and at least two people who shopped there from February to May have said they recently noticed fraudulent spending or withdrawals from southern California. Ankeny police did not link their release to the Michael’s case, however.
Read more in the Des Moines Register.
Fortunately for them, they are under no obligation to inform customers. Neither do they need to retaliate? When does a Cyber-attack reach the level of “an act of war?”
Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy
A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors.
In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year.
A typical inadequate (and therefore unmanageable) security procedure...
http://www.databreaches.net/?p=19625
MT: Yellowstone County website hacked
July 14, 2011 by admin
Katrina Heser reports:
The State of Montana Technology Department told Yellowstone County [because Yellowstone had no clue anything happened. Bob] today their website has been hacked.
It’s possible that taxpayers who paid property taxes by electronic bank transfer may have had their account number exposed to the hacker. This does not include taxpayers who made payments by paper check or debit/credit cards. The county system has been taken off line at this time.
The extent of the intrusion has not yet been determined. [We have no clue what happened Bob]
Read more on KTVQ
[From the article:
County personnel are consulting with forensic security personnel to evaluate the extent of the intrusion. Information may or may not have been compromised. [We have no logs to tell us what was accessed. Bob]
...thus reducing the cost of computer security – think of it as your insurance policy against HUGE (Sony-like) bad publicity.
http://www.pogowasright.org/?p=23726
Capitalizing on Privacy Practices – Study Indicates Consumers Will Pay for Privacy
July 14, 2011 by Dissent
Nicole Friess writes:
Consumers are more likely to purchase products from online retailers who are protective of consumer privacy, according to researchers at Carnegie Mellon University. The study, entitled “The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study” found that the availability and accessibility of information regarding online retailers’ privacy practices can affect consumers’ decisions to purchase products online.
Read more on InformationLawGroup.
(Related) Speaking of which...
Sony Network chief calls PSN outage a "great experience"
The four-week long PSN outage was a "great experience," according to president of Sony Network Entertainment Tim Schaaff. The claim, made during an interview with VentureBeat on Wednesday at the MobileBeat conference, argued that the pressure of the breach made the PlayStation service stronger. Customers were also at least as interested as they were before.
"We're back online, everything's live again around the world, and the amazing thing through all of this is that the customers have all come back, and network performance is better than ever, sales are better than ever, and we've been very, very pleasantly surprised by the experience," Schaaff said. [I'll bet Bob]
This is what we used to call “Targeting Information”
Undersea Cable Map Shows Where The Data Pipes Are
overThruster writes with a report from TechCentral that
"Greg Mahlknecht has built a free map showing the world's submarine telecommunications cable systems. The map, which took Mahlknecht several months to complete, is free of charge and will remain so.'"
(At least until it gets shut down as a security threat.)
Fodder for my Ethical Hackers!
Vodafone Femtocells Rooted, Secret Keys Exposed
"Hackers have discovered the root password for Vodafone femtocells, devices that provide the user with a mobile phone signal piggybacked onto their home broadband. The root password was 'newsys.' [Wow thet must have taken Cyber-years to break.. Bob] Once root access is obtained, phones can be forced to connect to the cell and private keys captured, allowing the user to spoof the victim's phone and potentially make calls or send texts on their account, not to mention eavesdrop."
It is interesting when articles like this return a “404” Perhaps they will fix it when they get back from Guantanamo?
Meet the 'Keyzer Soze' of Global Phone-Tracking
(Posted on Wired: Politics at Fri, Jul 15, 2011 at 11:00AM)
Chances are you've never heard of TruePosition. If you're an AT&T or T-Mobile customer, though, TruePosition may have heard of you. The company can tell the cops where you are without you knowing. And now, it's starting to let governments around the world in on the search. (visit source article)
Look how easily you can “Big Brother” anyone! (Takes a bit of Social Engineering)
CreepSquash.com - Monitor Your Children On Facebook
Facebook is not really the kind of place to let your children roam freely, but as a contemporary father you just have to [You do? Bob] end up letting them create an account there to interact with all their friends who are already social network users. But that doesn't mean you are not going to keep a good watch on what they are doing once they have their own accounts up and running. There are applications that let parents discreetly monitor all that their children do on Facebook. And this is one of these.
Named CreepSquash, it can take care of delivering email alerts to parents when their children befriend new people, and also of highlighting communications that include inappropriate language. Additionally, CreepSquash can take care of notifying them whenever their children have been tagged on a photograph.
And CreepSquash can do something really interesting, which is determining which users are really genuine by looking at how many photos they have been tagged in. Those who have actually been tagged in images by others have what is termed a social proof quotient that goes into (somehow) ensuring who they are.
http://www.creepsquash.com/
Is it possible that the FBI could be mentioned in headlines like those in the UK? If so, they you bet they are looking into it. (Reprinting this story increases the probability that the investigation will be “major”)
http://www.pogowasright.org/?p=23733
FBI investigating News Corp.?
July 14, 2011 by Dissent
Tom Hays of Associated Press reports:
A law enforcement official says the FBI has opened an investigation into allegations that media mogul Rupert Murdoch’s News Corp. sought to hack into the phones of Sept. 11 victims.
The official spoke Thursday on condition of anonymity because he was not authorized to speak publicly.
Read more on Mercury News.
What would mainstream media do without all these anonymous sources? Was this “law enforcement official” an FBI official? How are we to evaluate the credibility of this report?
Something to start the discussion in my e-Commerce class.
http://www.bespacific.com/mt/archives/027770.html
July 14, 2011
New FTC Video Helps Businesses Comply with CAN-SPAM Rule
News release: "Say “spam” and most business executives think of annoying e-mail messages, like the ones that hold out a phony offer to split $50 million that’s sitting in a foreign bank. Of course, this type of message is covered by the Federal Trade Commission’s CAN-SPAM Rule, which is designed to protect consumers from deceptive commercial e-mail. But CAN-SPAM covers e-mails from legitimate businesses, too, such as e-mail notifying customers about a new product line or a special sale. To help explain what the CAN-SPAM Rule covers, the FTC has produced a new video for businesses with a seven-point checklist for sending commercial e-mail messages. For example, e-mail marketers must use accurate headers and subject lines and provide a method for consumers to stop getting e-mails. In addition to the video, the FTC also offers a brochure, The CAN-SPAM Act: A Compliance Guide for Business."
Keeping up with my vocabulary lessons...
http://www.wired.com/magazine/2011/06/st_jw_gladvertising/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29
Jargon Watch: Gladvertising, Photonic Hyperhighway, Quebecol, Flyjin
Gladvertising n. Outdoor advertising that uses cameras and facial-recognition software to read a consumer’s mood, then pushes products relevant to the target’s emotional state. The term was coined by the UK’s Centre for Future Studies, which predicts that flatscreen gladverts will begin to appear next year.
Photonic hyperhighway n. The future Internet, as envisioned by the British government. Researchers will devise ways to optimize fiber optics, aiming to create a network that’s 1,000 times speedier than today’s fastest broadband—even if hyperhighwaysounds like a leap back to the ’90s.
Quebecol n. A chemical compound discovered in Canadian maple syrup. Touted as the latest cancer-fighting agent by the Federation of Quebec Maple Syrup Producers—which funded the research—the supposed antioxidant has been ridiculed by a Vermont newspaper as nationalist hype.
Flyjin n. Japanese term of derision for foreigners (gaijin) who fled Japan to avoid the risk of exposure to radiation. Returning flyjin face ostracism by Japanese colleagues who place loyalty above personal safety.
Slide shows made easy..
Slide Staxx - Create Slideshows of Your Web Findings
Slide Staxx is a new service that allows you to create slideshows using videos, images, and webpages that you have found or created. To create a slideshow with Slide Staxx you simply specify the URLs for the content that you want to include in each of your slides. Each slide can contain a video, an image, or a webpage. You can caption each slide or let the slides speak for themselves. You can rearrange the sequence of your slides by simply dragging and dropping them into the order you like. Your finished Slide Staxx slideshow can be embedded into your blog or website.
(Related)
Knovio - Sync Your Slides to a Video Presentation
Knovio is a new service for delivering presentations online. To use Knovio you upload your slides to the site then use your webcam to record a video of yourself talking about the slides. When you're finished your video and slides will be synchronized and displayed side-by-side. Knovio presentations can be embedded into your blog or website. Knovio is currently in a private beta stage so you do have to register and wait for an invitation to the service.
Knovio appears to be similar to Slide Six and Slideshare's Zipcast service.