Application of Occam's razor would
suggest that hacking into a huge target like Walmat would be more
rewarding that hacking into hundreds of individual computers in
search of Walmart account info. If many non-Walmart accounts were
being accessed, I would tip the other way. (Of course, I'd expect this to
be much bigger if that was the case.)
I was surprised to read a news report
tonight that Walmart.com had been hacked. Part of my surprise was
due to the fact that mainstream media did not have the story but a
site called SandhillsExpress.com
in Nebraska was reporting it:
Ericka and Mike
Hunt of Broken Bow were reviewing their bank account online this week
and discovered a charge to Walmart.com for nearly $500.00 that they
had not made. The Hunt’s contacted their bank, Wal-Mart’s
Corporate Office, the Police Department in the town in Alabama where
the order was to be shipped, and the local Police Department in
Broken Bow. What they discovered is that someone has hacked in to
the Wal-Mart records and stolen card numbers and personal information
from several accounts. The Alabama Police Department
told the Hunt’s that they were approximately the 15th phone call
about the same problem. The Hunts were lucky to catch
this problem quickly and were able to cancel the shipment and hope to
have their money back soon. They also deleted their Wal-Mart
account, which they had not used since last fall and changed
passwords on all of their online accounts for precautionary reasons.
They asked us to tell their story in hopes that no one else will be
affected by this problem. We are awaiting a response from Wal-Mart’s
Media Relations Department to get a comment on this issue.
I contacted Walmart tonight, and they
promptly sent me the following statement by their spokesperson for
eCommerce:
Customer privacy
[no mention of security? Bob] is a top
priority to us. We’re aware of this particular matter and are
working with the customer to help them resolve the situation. To be
clear, there is no indication of an internal security
breach of the Walmart.com system or accounts. In these
situations, there are unrelated ways that third parties obtain user
names and passwords, such as a phishing attack or by planting malware
on users’ computers. Even in these situations, the full credit
card number is not visible in a customer’s account. When we become
aware of these matters, we work immediately with our customers to
help them protect their online security.
Reporting that a large e-commerce site
has been hacked when it hasn’t been can do unfair reputation harm
to the business and make customers leery of shopping online there.
I’m not sure how the Hunt’s “discovered” that someone had
hacked Walmart’s server, but sometimes 2 + 2= 5.
In the meantime, there’s nothing to
see here, so move along.
Sticking a “Trustworthy” label on
malware...
"Bit9, a company that provides
software and network security services to the U.S. government and at
least 30 Fortune 100 firms, has suffered
a compromise that cuts to the core of its business: helping
clients distinguish known 'safe' files from computer viruses and
other malicious software. A leading provider of 'application
whitelisting' services, Bit9's security technology
turns the traditional approach to fighting malware on its head.
Antivirus software, for example, seeks to identify and quarantine
files that are known bad or strongly suspected of being malicious.
In contrast, Bit9 specializes in helping
companies develop custom lists of software that they want to allow
employees to run, and to treat all other applications as potentially
unknown and dangerous. But in a blog post today,
the company disclosed that attackers
broke into its network and managed to steal the digital keys that
Bit9 uses to distinguish good from bad applications. The attackers
then sent signed malware to at least three of Bit9's customers,
although Bit9 isn't saying which customers were affected or to what
extent. The kicker? The firm said it failed
to detect the intrusion in part because the servers used to store its
keys were not running Bit9's own software."
It's not the Chinese? Interesting.
The
Lesson of the Bush Family Email Hack: Be Worried
… A hacker by the name of Guccifer
has apparently hacked into several Bush family AOL accounts, pilfered
private photos and messages and posted them online. The Smoking Gun,
pursuient to their mission, republished
it all. The stolen goods include a private letter from George W.
Bush to his family about planning the funeral of his father. They
include private correspondence from the Fox News journalist Brit Hume
on the “silver linings” in the 2012 election. They include a Jeb
Bush email about how how George H.W. Bush “helped restore” Bill
Clinton’s “sordid reputation.” There is more. You can read
about it off site. You can also look at the PG-rated pictures that
George W. Bush apparently painted of himself bathing.
There is a criminal investigation.
This guy may get caught, just like the guy who hacked Scarlett
Johansson’s cell phone got
caught. But that will be little consolation.
So how did they do it? Sounds more
like the police went behing the city council's back and the council
was not happy to be blindsided by news of the drones.
Wow.
Trevor Timm writes:
In an amazing
victory for privacy advocates and drone activists, yesterday,
Seattle’s mayor ordered
the city’s police agency to cease trying use surveillance
drones and dismantle its drone program. The police will return the
two drones they previously purchased with a Department of Homeland
Security grant to the manufacturer.
EFF has been
warning of the privacy dangers surveillance drones pose to US
citizens for more than a year now. In May of last year, we urged
concerned citizens to take their complaints to their local
governments, given Congress has been slow to act on any privacy
legislation. The events of Seattle proves this strategy can work and
should serve as a blueprint for local activism across the country.
Read more on EFF.
[From the EFF:
Back in early 2012, the Seattle city
council was told that the Seattle police agency had obtained an
authorization to fly drones from the Federal Aviation Administration
(FAA). But they did not find out from the police;
they found out from a reporter who called after the
council after he saw Seattle’s name on the list obtained by EFF as
part of our lawsuit
against the FAA.
City council was understandably not
happy, and the
police agency was forced to appear before the council and
apologize.
… After a townhall meeting held by
police, in
which citizens showed up in droves and angrily denounced the
city’s plans, some reporters insinuated that city
counsel members’ jobs could be on the line if they did
not pass strict drone legislation protecting its citizens privacy.
(Related)
2012
FAA List of Drone License Applicants
For my “Little Known Laws”
folder...
"In a not-so-unexpected move,
the Department of Homeland Security has concluded that travelers
along the nation's borders may
have their electronics seized and the contents of those devices
examined for any reason whatsoever — all in the name of
national security. According to legal precedent, the Fourth
Amendment — the right to be free from unreasonable searches and
seizures — does not apply along the border. The memo highlights
the friction between today's reality that electronic devices have
become virtual extensions of ourselves housing everything from e-mail
to instant-message chats to photos and our papers and effects —
juxtaposed against the government's stated quest for national
security. By the way, the government contends the
Fourth-Amendment-Free Zone stretches
100 miles inland from the nation's actual border."
What is the strategy for passing bad
laws? Wait a few months until the peasants put their pitchforks back
in the barn and extinguish their torches, then do it all over again?
I'm not sure that will work in a “connected world”
Presto
Vivace sends this news from the Hill:
"House
Intelligence Committee Chairman Mike
Rogers (R-Mich.) and ranking member Rep. Dutch
Ruppersberger (D-Md.) said Friday that they
plan to re-introduce the Cyber Intelligence Sharing and Protection
Act (CISPA) next week during a speech at the Center for Strategic
and International Studies in Washington. The bill is aimed at
improving information-sharing about cyber threats between government
and industry so cyberattacks can be thwarted in real time. ... It
would also encourage companies to share anonymous cyber-threat
information with one another, and provide liability protection for
businesses so they don't get hit with legal action for sharing data
about cyber threats. "
You may recall CISPA
from last year, when it was hailed as being
even worse than SOPA, the Stop Online Piracy Act. We
discussed why
it was a bad bill back then; the new version is reportedly
identical, so all of the same reasons will apply. The bill stalled
last year against White House plans to veto it. Congressman Rogers
said this about privacy fears: "We're talking about exchanging
packets of information, zeroes and ones, if you will, one hundred
millions times a second. So some notion that this is a horrible
invasion of content reading is wrong. It is not even close to that."
Don't worry folks; it's just zeroes and ones.
Global Warming! Global Warming! I
thought this was the weekly average as recently as World War II.
White
Russia
With over 85 inches of snow, this
winter is already the snowiest Moscow has seen in
a century -- and it's only February. "The snow this year
has already reached one and a half times the climactic norm,"
the city's deputy mayor for residential issues remarked
this week, as Russian news outlets breathlessly reported on the
"Storm
of the Century" and nightmarish traffic jams that, when
added up, spanned the distance from
Moscow to Madrid.
But not all of the country has
experienced the capital's record-setting snowfall. During a week
that marked the one-year
countdown to the 2014 Winter Olympics, the temperatures in the
Russian host city of Sochi reached as high as 60 degrees Fahrenheit.
Olympic organizers have guaranteed
snow for next year and have already begun stockpiling the little
they have, even as Moscow has been blanketed.
It's hard to play catch-up. 3D
printers are going to be very disruptive. (Do you have a copy?)
YouTube
yanks video of 3D-printed rifle magazine
A video showing a gun magazine created
by a 3D printer was pulled off YouTube today, only to reappear later
in the afternoon.
The removal notice for the popular
clip, which was posted by a Texas group known as Defense Distributed,
said the video was removed "as a violation of YouTube's policy
against spam, scams, and commercially deceptive content."
"Yes, YouTube removed this video
because permissive liberals flagged it as inappropriate," the
group said
in a Tumblr post. "Please steal this and put it everywhere
before it is again taken down."
One more for my Website students I
need to look at Twitter bootstrap more anyway...
… With Jetstrap, you can build a
beautiful information page about nearly anything, and you can do it
in the quickest, most efficient way possible.
… You don’t need to know much
about code to use this free website designer, as most of the page
elements are added by simply dragging and dropping items to the page.
… When finished, you can download
the HTML code and upload it to any web server of your choosing.
This could be useful at some point.
For my amusement...
… In a massively ironic online
disaster, the Coursera/Georgia Tech course
Fundamentals of Online Education was cancelled this week, following a
lot of technical and pedagogical hiccups. You can read more about
the class from students enrolled — Debbie Morrison’s “How
NOT to Design a MOOC: The Disaster at Coursera and How to Fix It,”
for example. Lots of finger-pointing here about whose fault this was
— the platform, the instructor, the university — and questions
about the lack of quality control as well as the lack of respect for
the students’ work that was already ongoing in the system but that
suddenly became unavailable when the course was closed.
… An Idaho state senator — and
chair of the state senate’s Education committee — has introduced
a bill mandating all Idaho students read Ayn Rand’s
Atlas Shrugged and pass a test on it before they
can graduate high school. [Insert joke here about how this violates
the 8th Amendment.]
… At the White House Tech
Inclusion Summit last week, 5 initiatives were unveiled to
help make sure everyone can learn tech skills, particularly girls and
women and those from historically underrepresented communities. I
mentioned one of the initiatives in last
week’s write up — the partnership between Starter League and
the Chicago Public Schools that will help train teachers on Web
development so they can in turn teach these skills to their students.
The
White House blog lists the other initiatives unveiled at the
meeting.
… The global market for
education is $4.4 trillion, according
to the investment bank IBIS Capital, which predicts that the
e-learning segment of this market will grow by 23% between now and
2017.