Half the size of the T.J.Maxx or
Heartland data breaches, but the biggest one recently. I doubt it
will stay in the news for long.
Update:
Double-WOW. Their breach
notice is already up on the California Attorney General’s web
site. According to their submission to the state, the breach
occurred on April 5 and was discovered on April 12. Original post
follows:
Wow. AllThingsD.com is reporting:
LivingSocial, the
daily deals site owned in part by Amazon, has suffered a massive
cyber-attack on its computer systems, which an email — just sent to
employees and obtained by AllThingsD.com — said resulted in
“unauthorized access to some customer data from our servers.”
The breach has
impacted 50 million customers of the Washington, D.C.-based company,
who will now be required to reset their passwords. All of
LivingSocial’s countries across the world appear to have been
affected, except in Thailand, Malaysia, Indonesia and the
Philippines, as LivingSocial units Ticketmonster and Ensogo there
were on separate systems.
One positive note
in a not-so-positive situation: The email sent to employees and
customers noted that neither customer credit card nor
merchant financial information was accessed in the
cyberattack.
Read more on AllThingsD.com,
where they’ve posted the text of the internal message and provide
additional details.
This has 'Bad' written all over it.
Someone's security procedures missed something that would have
alerted them two years ago, and no one noticed the weak procedure.
No one will emerge from this garbage smelling fresh.
OneWest Bank has been notifying
customers of a breach that occurred back in 2011.
According to their letter,
a copy of which they submitted to California under the state’s
breach reporting requirements, the bank
recently learned
that one of our service providers, was the victim of an illegal and
unauthorized intrusion into its network (“Network Intrusion”)
during the first quarter of 2011. In response, the service provider
enhanced the security of its network systems, cooperated with law
enforcement including the United States Secret Service (“USSS”),
and investigated using leading outside security firms.
Information that was accessed included
customer information such as name, address,
birthdate, phone number, drivers license number, passport number, and
Social Security Number. The bank does not believe that
the data were downloaded or copied, but offered customers free credit
monitoring services.
The letter does not state when the
unnamed vendor first learned of the breach or how it learned of it.
I emailed the bank on Wednesday to inquire, and although they
indicated they would get back to me with information, I have not
heard back from them with answers to those questions. So… did the
vendor know about this years ago or months ago and first informed
them now, or did the vendor first learn of the breach now, and in any
event, how did the vendor learn of the intrusion?
Somewhat surprisingly – particularly
in light of the delayed discovery and notification – I do not
see any apology from the bank in their notification letter or even
recognition that customers might be dismayed or angry about the
delayed notice.
Just keep your thumb off the scales of
Justice!
CISPA
Is Dead. Now Let’s Do a Cybersecurity Bill Right
The controversial Cyber Intelligence
Sharing and Protection Act (CISPA) now appears to be dead
in the Senate, despite having passed
the House by a wide margin earlier this month. Though tech, finance,
and telecom firms with a combined $650
million in lobbying muscle supported the bill, opposition from
privacy groups, internet activists, and ultimately the White House
(which threatened to veto the law) seem to have proven fatal for now.
… Americans have grown so
accustomed to hearing about the problem of “balancing privacy and
security” that it sometimes feels as though the two are always and
forever in conflict — that an initiative to improve security can’t
possibly be very effective unless it’s invading privacy. Yet the
conflict is often illusory: A cybersecurity law could
easily be drafted that would accomplish all the goals of both tech
companies and privacy groups without
raising any serious civil liberties problems. [Might make for some
interesting arguments at a Privacy Foundation seminar... Bob]
From the “Kick 'em while they're
down” school of public service...
"New York City Police
Commissioner Ray Kelly thinks that now is a great
time to install even more surveillance cameras hither and yon
around the Big Apple. After the Boston Marathon bombing, the
Tsarnaev brothers were famously captured on security camera footage
and thereby identified. That just may soften up Americans
to the idea of the all-seeing glass eye. 'I think the
privacy issue has really been taken off the table,' Kelly gloats."
[From the article:
Kelly dismisses critics who argue that
increased cameras threaten privacy rights, giving governments the
ability to monitor people in public spaces.
“The people who complain about it, I
would say, are a relatively small number of folks, because the genie
is out of the bottle,” Kelly said. “People realize that
everywhere you go now, your picture is taken.” [From
the “Hey, the knife was already in his chest, I just wiggled it
around a bit” school of phoney justifications Bob]
… As Reason's own Brian
Doherty has pointed out, surveillance advocates conveniently forget
that it was private security cameras from which footage is
shared with authorities only in emergencies, like the aftermath of
the bombing, that did the honors in Boston
(Related)
Meet
the Stalkers
Behind the mysterious world of data
brokers, who have access to a lot more of your life than you think
Unless of course, this helps them make
a lot of money...
"'It's
a deal with the devil,' one studio executive [said]. 'Cinedigm is
being used as their pawn.' Cinedigm announced this weekend that
it would offer the first
seven minutes of the Emily Blunt-Colin Firth indie Arthur
Newman exclusively to BitTorrent users, which number up
to 170 million people.... Hollywood studios have spent years and
many millions of dollars to protect their intellectual property and
worry that by teaming up with BitTorrent, Cinedigm has embraced a
company that imperils the financial underpinnings of the film
business and should be kept at arm's length. 'It's great for
BitTorrent and disingenuous of Cinedigm,' said the executive. 'The
fact of the matter is BitTorrent is in it for themselves, they're not
in it for the health of the industry.' [Note:
BitTorrent is not in the movie industry Bob]
Other executives including at Warner Brothers
and Sony echoed those comments, fretting that Cinedigm had
unwittingly opened a Pandora's box in a bid to
get attention [If
we were not so mad, we'd call that 'advertising' Bob]
for its low-budget release. ... 'Blaming BitTorrent for piracy is
like blaming a freeway for drunk drivers, ' Jill Calcaterra,
Cinedigm's chief marketing officer said. 'How people use it can be
positive for the industry or it can hurt the industry. We want it
help us make this indie film successful.' ... 'We'll be working with
all of [the studios] one day,' [Matt Mason, BitTorrent's vice
president of marketing] said. ' It's really up to them how quickly
they come to the table and realize we're not the villain, we're the
heroes.'"
For my Computer Forensics class. Copy
(steal?) files easily. Plant evidence! What else could you desire.
… Even though most modern laptops
let you create Wi-Fi hotspots, not all phones allow you to easily
setup sharing permissions that enable file transfer between the
computer and phone. While there are phone applications that help you
find a work around or solution for this, they are usually limited to
a singular type of phone and computer operating system. In that
situation, the problem becomes that you are unable to transfer files
to all types of handheld devices and computers. Here to be the
ultimate solution for all of these inconveniences is the user
friendly tool called Sharable.
Sharable is a free to use smartphone
and computer application that brilliantly facilitates file sharing
between multiple operating system types. Using this app, you can
share files between phone running iOS and Android; file can be share
amongst phone or to and from computer running Mac as well as Windows.
You can install the app on each of your devices and view the
connected ones in your app’s dashboard.
… Remember that the devices you use
for transfer should all be connected over the same local WI-FI
network.
Youtube also has many Math tutorial
videos, so I'm sure my students will want to string a bunch of them
together... (Yeah, I don't believe that either.)
YouTube is a highly popular video
streaming website that people use for streaming various websites.
Music videos are the most common type of videos streamed by people on
YouTube. You will find an amazing collection of old and modern music
on YouTube, enough to fill your music quota for the day. This is why
people create playlists on YouTube. But to make those playlists you
need to add tracks after signing into the YouTube; the same applies
to checking out those playlists. Here to help you create music
playlists from YouTube songs without requiring you to sign into
YouTube is an excellent website called Jiggyape.
(Related) Okay, this is more likely
than Math videos...
Everyone could use this...
… With Prey, you’ll never have to
worry about absentmindedness or theft ever again, at least when it
comes to your mobile
devices.
Prey is great for three main reasons –
it’s easy to set up, it’s easy to use, and you won’t ever have
to pay a cent to use it. There’s no trial period or crippled
feature set here – the free version is enough to keep your devices
adequately protected. Of course, there’s a premium version but its
features are mostly for power users ...
… In order to use Prey, you’ll
need to create a free account on their
website. Why, you ask? Because the individual installations on
each device (PC, Mac, Android, etc.) only provide the capabilities
for tracking those particular devices. The actual control panel, or
dashboard, is entirely web-based for your convenience. In other
words, no matter which device you lose, you’ll always be able to
track them down as long as you have Internet access.
… Prey is available on the
following platforms: Windows, Mac, Linux, iOS, and Android. For the
desktop OSes, all you need to do is download the installer files (or
packages) from the website and run them like any other installer.
For the mobile apps, you can find them in the Apple Store or Google
Play.
… When a device is set to Missing,
it will begin sending Reports to the central Prey servers.
How often does the device send a report? You can set it in the
dashboard. You can also set the activation and deactivation
phrases. If you have Prey set up on a phone, send these phrases by
SMS to your device in order to wake up or shut down Prey.
… Each Prey report can contain as
much or as little data as you choose and these options can be toggled
in the dashboard.
For example -
- Geo will include geological data based on GPS in the report.
- Network will include information such as the device’s current IP address and nearby WiFi networks.
- Webcam will attempt to take a picture from the phone’s camera. If you have Prey installed on a laptop, you can also choose to include Session data (e.g., a screenshot to show what the thief is doing with the computer).
Prey can also perform a few actions on
the lost/stolen device -
- Alarm blasts a sound for 30-seconds to help you locate it.
- Alert will notify the thief that you are tracking the device.
- Lock the device with a password to prevent usage.
- Secure deletes sensitive data on the device so no one can ever access it.