Saturday, February 09, 2013

Application of Occam's razor would suggest that hacking into a huge target like Walmat would be more rewarding that hacking into hundreds of individual computers in search of Walmart account info. If many non-Walmart accounts were being accessed, I would tip the other way. (Of course, I'd expect this to be much bigger if that was the case.)
I was surprised to read a news report tonight that Walmart.com had been hacked. Part of my surprise was due to the fact that mainstream media did not have the story but a site called SandhillsExpress.com in Nebraska was reporting it:
Ericka and Mike Hunt of Broken Bow were reviewing their bank account online this week and discovered a charge to Walmart.com for nearly $500.00 that they had not made. The Hunt’s contacted their bank, Wal-Mart’s Corporate Office, the Police Department in the town in Alabama where the order was to be shipped, and the local Police Department in Broken Bow. What they discovered is that someone has hacked in to the Wal-Mart records and stolen card numbers and personal information from several accounts. The Alabama Police Department told the Hunt’s that they were approximately the 15th phone call about the same problem. The Hunts were lucky to catch this problem quickly and were able to cancel the shipment and hope to have their money back soon. They also deleted their Wal-Mart account, which they had not used since last fall and changed passwords on all of their online accounts for precautionary reasons. They asked us to tell their story in hopes that no one else will be affected by this problem. We are awaiting a response from Wal-Mart’s Media Relations Department to get a comment on this issue.
I contacted Walmart tonight, and they promptly sent me the following statement by their spokesperson for eCommerce:
Customer privacy [no mention of security? Bob] is a top priority to us. We’re aware of this particular matter and are working with the customer to help them resolve the situation. To be clear, there is no indication of an internal security breach of the Walmart.com system or accounts. In these situations, there are unrelated ways that third parties obtain user names and passwords, such as a phishing attack or by planting malware on users’ computers. Even in these situations, the full credit card number is not visible in a customer’s account. When we become aware of these matters, we work immediately with our customers to help them protect their online security.
Reporting that a large e-commerce site has been hacked when it hasn’t been can do unfair reputation harm to the business and make customers leery of shopping online there. I’m not sure how the Hunt’s “discovered” that someone had hacked Walmart’s server, but sometimes 2 + 2= 5.
In the meantime, there’s nothing to see here, so move along.


Sticking a “Trustworthy” label on malware...
"Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known 'safe' files from computer viruses and other malicious software. A leading provider of 'application whitelisting' services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software."


It's not the Chinese? Interesting.
The Lesson of the Bush Family Email Hack: Be Worried
… A hacker by the name of Guccifer has apparently hacked into several Bush family AOL accounts, pilfered private photos and messages and posted them online. The Smoking Gun, pursuient to their mission, republished it all. The stolen goods include a private letter from George W. Bush to his family about planning the funeral of his father. They include private correspondence from the Fox News journalist Brit Hume on the “silver linings” in the 2012 election. They include a Jeb Bush email about how how George H.W. Bush “helped restore” Bill Clinton’s “sordid reputation.” There is more. You can read about it off site. You can also look at the PG-rated pictures that George W. Bush apparently painted of himself bathing.
There is a criminal investigation. This guy may get caught, just like the guy who hacked Scarlett Johansson’s cell phone got caught. But that will be little consolation.


So how did they do it? Sounds more like the police went behing the city council's back and the council was not happy to be blindsided by news of the drones.
Wow.
Trevor Timm writes:
In an amazing victory for privacy advocates and drone activists, yesterday, Seattle’s mayor ordered the city’s police agency to cease trying use surveillance drones and dismantle its drone program. The police will return the two drones they previously purchased with a Department of Homeland Security grant to the manufacturer.
EFF has been warning of the privacy dangers surveillance drones pose to US citizens for more than a year now. In May of last year, we urged concerned citizens to take their complaints to their local governments, given Congress has been slow to act on any privacy legislation. The events of Seattle proves this strategy can work and should serve as a blueprint for local activism across the country.
Read more on EFF.
[From the EFF:
Back in early 2012, the Seattle city council was told that the Seattle police agency had obtained an authorization to fly drones from the Federal Aviation Administration (FAA). But they did not find out from the police; they found out from a reporter who called after the council after he saw Seattle’s name on the list obtained by EFF as part of our lawsuit against the FAA.
City council was understandably not happy, and the police agency was forced to appear before the council and apologize.
… After a townhall meeting held by police, in which citizens showed up in droves and angrily denounced the city’s plans, some reporters insinuated that city counsel members’ jobs could be on the line if they did not pass strict drone legislation protecting its citizens privacy.

(Related)
2012 FAA List of Drone License Applicants


For my “Little Known Laws” folder...
"In a not-so-unexpected move, the Department of Homeland Security has concluded that travelers along the nation's borders may have their electronics seized and the contents of those devices examined for any reason whatsoever — all in the name of national security. According to legal precedent, the Fourth Amendment — the right to be free from unreasonable searches and seizures — does not apply along the border. The memo highlights the friction between today's reality that electronic devices have become virtual extensions of ourselves housing everything from e-mail to instant-message chats to photos and our papers and effects — juxtaposed against the government's stated quest for national security. By the way, the government contends the Fourth-Amendment-Free Zone stretches 100 miles inland from the nation's actual border."


What is the strategy for passing bad laws? Wait a few months until the peasants put their pitchforks back in the barn and extinguish their torches, then do it all over again? I'm not sure that will work in a “connected world”
Presto Vivace sends this news from the Hill:
"House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) said Friday that they plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA) next week during a speech at the Center for Strategic and International Studies in Washington. The bill is aimed at improving information-sharing about cyber threats between government and industry so cyberattacks can be thwarted in real time. ... It would also encourage companies to share anonymous cyber-threat information with one another, and provide liability protection for businesses so they don't get hit with legal action for sharing data about cyber threats. "
You may recall CISPA from last year, when it was hailed as being even worse than SOPA, the Stop Online Piracy Act. We discussed why it was a bad bill back then; the new version is reportedly identical, so all of the same reasons will apply. The bill stalled last year against White House plans to veto it. Congressman Rogers said this about privacy fears: "We're talking about exchanging packets of information, zeroes and ones, if you will, one hundred millions times a second. So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that." Don't worry folks; it's just zeroes and ones.


Global Warming! Global Warming! I thought this was the weekly average as recently as World War II.
White Russia
With over 85 inches of snow, this winter is already the snowiest Moscow has seen in a century -- and it's only February. "The snow this year has already reached one and a half times the climactic norm," the city's deputy mayor for residential issues remarked this week, as Russian news outlets breathlessly reported on the "Storm of the Century" and nightmarish traffic jams that, when added up, spanned the distance from Moscow to Madrid.
But not all of the country has experienced the capital's record-setting snowfall. During a week that marked the one-year countdown to the 2014 Winter Olympics, the temperatures in the Russian host city of Sochi reached as high as 60 degrees Fahrenheit. Olympic organizers have guaranteed snow for next year and have already begun stockpiling the little they have, even as Moscow has been blanketed.


It's hard to play catch-up. 3D printers are going to be very disruptive. (Do you have a copy?)
YouTube yanks video of 3D-printed rifle magazine
A video showing a gun magazine created by a 3D printer was pulled off YouTube today, only to reappear later in the afternoon.
The removal notice for the popular clip, which was posted by a Texas group known as Defense Distributed, said the video was removed "as a violation of YouTube's policy against spam, scams, and commercially deceptive content."
"Yes, YouTube removed this video because permissive liberals flagged it as inappropriate," the group said in a Tumblr post. "Please steal this and put it everywhere before it is again taken down."


One more for my Website students I need to look at Twitter bootstrap more anyway...
… With Jetstrap, you can build a beautiful information page about nearly anything, and you can do it in the quickest, most efficient way possible.
… You don’t need to know much about code to use this free website designer, as most of the page elements are added by simply dragging and dropping items to the page.
… When finished, you can download the HTML code and upload it to any web server of your choosing.


This could be useful at some point.


For my amusement...
… In a massively ironic online disaster, the Coursera/Georgia Tech course Fundamentals of Online Education was cancelled this week, following a lot of technical and pedagogical hiccups. You can read more about the class from students enrolled — Debbie Morrison’s “How NOT to Design a MOOC: The Disaster at Coursera and How to Fix It,” for example. Lots of finger-pointing here about whose fault this was — the platform, the instructor, the university — and questions about the lack of quality control as well as the lack of respect for the students’ work that was already ongoing in the system but that suddenly became unavailable when the course was closed.
… An Idaho state senator — and chair of the state senate’s Education committee — has introduced a bill mandating all Idaho students read Ayn Rand’s Atlas Shrugged and pass a test on it before they can graduate high school. [Insert joke here about how this violates the 8th Amendment.]
… At the White House Tech Inclusion Summit last week, 5 initiatives were unveiled to help make sure everyone can learn tech skills, particularly girls and women and those from historically underrepresented communities. I mentioned one of the initiatives in last week’s write up — the partnership between Starter League and the Chicago Public Schools that will help train teachers on Web development so they can in turn teach these skills to their students. The White House blog lists the other initiatives unveiled at the meeting.
… The global market for education is $4.4 trillion, according to the investment bank IBIS Capital, which predicts that the e-learning segment of this market will grow by 23% between now and 2017.

No comments: