Tiny, compared to
Target.
Associated Press
reports
that retailer Neiman Marcus now says that up to 1.1 million
customers’ card may be compromised by a breach that occurred
between July and October.
In their updated
statement on their website, CEO Karen Katz writes:
We
deeply regret and are very sorry that some of our customers’
payment cards were used fraudulently after making purchases at our
stores. [Note that they can not say, “We have no
evidence that the information was used illegally.” Unusual. Bob]
We have taken steps to notify those affected customers for whom we
have contact information. We aim to protect your personal and
financial information. We want you always to feel confident shopping
at Neiman Marcus, and your trust in us is our absolute priority.
Here
is the information we have learned so far, based on the ongoing
investigations:
•
Social security numbers and birth dates were not compromised.
• Our Neiman Marcus card has not seen any fraudulent activity.
• Customers that shopped online do not appear to have been impacted.
• PINs were never at risk because we do not use PIN pads in our stores.
• Our Neiman Marcus card has not seen any fraudulent activity.
• Customers that shopped online do not appear to have been impacted.
• PINs were never at risk because we do not use PIN pads in our stores.
We
have also provided a Question and Answer section for additional
information.
While
the forensic and criminal investigations are ongoing, we know that
malicious software (malware) was clandestinely
installed on our system. It appears that the malware
actively attempted to collect or “scrape” payment card data from
July 16, 2013 to October 30, 2013. During those months,
approximately 1,100,000 customer payment cards could have been
potentially visible to the malware. To date, Visa, MasterCard and
Discover have notified us that approximately 2,400 unique customer
payment cards used at Neiman Marcus and Last Call stores were
subsequently used fraudulently.
We
are notifying ALL customers for whom we have addresses or email who
shopped with us between January 2013 and January 2014, and offering
one free year of credit monitoring and identity-theft protection.
There is also an FAQ
on the breach.
(Related) Is the FBI
telling us, “The sky is falling?” How does it help to say,
“We're so cool, we are investigating crimes against you that you
don't even know about yet!”
The
FBI has warned U.S. retailers to prepare for more cyber attacks after
discovering about 20 hacking cases in the
past year that involved the same kind of malicious software used
against Target Corp in the holiday shopping season.
The
U.S. Federal Bureau of Investigation distributed a confidential,
three-page report to retail companies last week describing the risks
posed by “memory-parsing” malware that infects point-of-sale
(POS) systems, which include cash registers and credit-card swiping
machines found in store checkout aisles.
Read more of this
report on Reuters.
[From
the article:
"The accessibility of the malware on underground forums, the
affordability of the software and the huge potential profits to be
made from retail POS systems in the United States make this type of
financially motivated cyber crime attractive to a wide range of
actors," the FBI said.
… The United States Secret Service usually takes the lead in
credit card breach investigations for the federal government, though
the FBI sometimes opens its own cases or asked to assist. The
Secret Service is leading the investigations into the breaches at
Target and Neiman Marcus. [Because my students thought the
FBI did everything! Bob]
“We improved security
by changing the password from “OK” to “OkeyDokey” No doubt
someone will report that this “bug” was mandated by the Chinese
version of the NSA.
Bug
Exposes IP Cameras, Baby Monitors
A bug in the software
that powers a broad array of Webcams, IP surveillance cameras and
baby monitors made by Chinese camera giant Foscam
allows anyone with access to the device’s Internet address to view
live and recorded video footage, KrebsOnSecurity has learned.
The issue came
to light on the company’s support forum after camera experts
discovered that the Web interface for many Foscam cameras can be
accessed simply by pressing “OK” in the dialog box when prompted
for a username and password. Reached via email, the company’s tech
support division confirmed that the bug exists in MJPEG
cameras running .54 version of the company’s firmware.
Foscam said it expects
to ship an updated version of the firmware (Ver. 55) that
fixes the bug by Jan. 25. The new firmware will be published on the
company’s website.
Remember what you learn
here when you read the next report...
Predictive
Modeling With Big Data: Is Bigger Really Better?
by Sabrina
I. Pacifici on January 23, 2014
Junqué de
FortunyEnric, MartensDavid, and ProvostFoster. Big
Data. December 2013, 1(4): 215-226. doi:10.1089/big.2013.0037.
Published in Volume: 1 Issue 4: January 7, 2014 Online Ahead of
Print: October 24, 2013.
“With the
increasingly widespread collection and processing of “big data,”
there is natural interest in using these data assets to improve
decision making. One of the best understood ways to use data to
improve decision making is via predictive analytics. An
important, open question is: to what extent do larger data actually
lead to better predictive models? In this article we empirically
demonstrate that when predictive models are built from sparse,
fine-grained data—such as data on low-level human behavior—we
continue to see marginal increases in predictive performance even to
very large scale. The empirical results are based on data drawn
from nine different predictive modeling applications, from book
reviews to banking transactions. This study provides a clear
illustration that larger data indeed can be more valuable assets for
predictive analytics. This implies that institutions with larger
data assets—plus the skill to take advantage of them—potentially
can obtain substantial competitive advantage over institutions
without such access or skill. Moreover, the results suggest that it
is worthwhile for companies with access to such fine-grained data, in
the context of a key predictive task, to gather both more data
instances and more possible data features. As an additional
contribution, we introduce an implementation of the multivariate
Bernoulli Naïve Bayes algorithm that can scale to massive, sparse
data.”
(Related) I give you
part of a typical “Case Study” from an Intelligence Analyst
school. The first indication of a terrorist active in the United
States comes from an intercepted phone call to a known terrorist
organization in a terrorist-supporting country. The message is, “We
are ready to strike.” What information would you like to have
available to help you find these guys?
Privacy
and Civil Liberties Oversight Board Issues Report on NSA Massive
Metadata Surveillance
by Sabrina
I. Pacifici on January 23, 2014
Report
on the Telephone Records Program Conducted under Section 215 of the
USA PATRIOT Act and on the Operations of the Foreign Intelligence
Surveillance Court. January 23, 2014.
“The PCLOB is an
independent bipartisan agency within the executive branch established
by the Implementing Recommendations of the 9/11 Commission Act of
2007.6 The Board is comprised of four part-time members and a
full-time chairman, all appointed by the President and confirmed by
the Senate. The Board’s authorizing statute gives it two primary
responsibilities: 1) To analyze and review actions the executive
branch takes to protect the Nation from terrorism, ensuring that the
need for such actions is balanced with the need to protect privacy
and civil liberties; and 2) To ensure that liberty concerns are
appropriately considered in the development and implementation of
laws, regulations, and policies related to efforts to protect the
Nation against terrorism….”
“The
Section 215 bulk telephone records program lacks a viable legal
foundation under Section 215, implicates constitutional concerns
under the First and Fourth Amendments, raises serious threats to
privacy and civil liberties as a policy matter, and has shown only
limited value. As a result, the Board recommends that the government
end the program… Based on the information provided to the Board,
including classified briefings and documentation, we have not
identified a single instance involving a threat to the United States
in which the program made a concrete difference in the outcome of a
counterterrorism investigation. Moreover, we are aware of no
instance in which the program directly contributed to the discovery
of a previously unknown terrorist plot or the disruption of a
terrorist attack…”
This is one of those
“Privacy invaders” that improves human abilities, but does not
create new ones (like the bite of a radioactive spider).
Woodrow Hartzog and
Evan Selinger write:
Privacy
concerns have been ignited by “NameTag,”
a facial-recognition app designed to reveal personal information
after analyzing photos taken on mobile devices. Many are concerned
that Google
Glass will abandon its prohibition on facial recognition apps.
And, there are open questions about the proper protocols for opting
customers in and out of services that identify people through
facial comparisons in real time. These kinds of services are
technically “face matching” services, though they are
colloquially referred to here as “facial-recognition technologies.”
Ultimately,
the coming wave of consumer facial-recognition technologies brings
bad and good news. The bad news is obvious: Automatically
identifying one of our most unique and personal traits raises serious
privacy concerns ranging from stalking to loss of obscurity
in public.
The
good news is that facial-recognition technology—at least the kind
that could be used at scale to identify most people in any given
place—has an Achilles heel that buys society enough time to respond
appropriately.
Read more on The
Atlantic.
More for my lawyer
friends than my students, but you can never have too many tools!
– is a desktop
application for sending and receiving files. It’s easy to use, can
transmit files of any size very fast, and uses end-to-end
encryption. WireOver’s end-to-end encryption ensures that
only your recipient can access the files you send, making it much
more secure than most file sending tools. WireOver can transfer over
your local network and the Internet.
Well, I find it
interesting...
The
2013 Survey Of Online Learning
The report quantified
many things that those involved in education already knew (or at
least, suspected). Participation in online learning is increasing.
Learning outcomes are largely positive. Interestingly, what this
study does show is something that I hadn’t quite expected – that
many of the numbers that had been continually rising over the past
years were starting to show a slight decline. For example, the
proportion of chief academic leaders that say online learning is
critical to their long-term strategy dropped from 69.1 percent to
65.9 percent. Many believe that MOOCs are not a sustainable form of
online learning for higher education institutions to pursue.
Please
click here for a PDF of the full findings of the report.
I may have a few
students who could do this. Many more with a bit of help. Would
look good on their resume.
How
To Get Published On MakeUseOf
Have you ever wanted to
reach thousands of people with your words? If you love technology,
enjoy explaining it to others, and can express yourself well, you
should give writing for MakeUseOf a try.
We are now accepting
applications. The Infographic below explains everything you need
to know, so please read it thoroughly. We are happy to answer
additional questions in the comments.
No comments:
Post a Comment