Attention hackers!
Pretend to be eBay and the phishing is great!
By
E-Mailing Hacking Victims, EBay Opens Users Up to More Risk of Attack
After hackers stole
e-mail addresses and other user data from EBay's network, the company
announced today that it would e-mail
users to suggest they change their passwords. That doesn't make
a whole lot of sense.
The problem with this
approach is that the hours immediately following a breach are prime
time for hackers. Cyber-criminals are consummate opportunists. They
scrutinize the news looking for ways to craft fraudulent and timely
messages to trick people into clicking on them. The millions of EBay
users who may have caught wind of the breach after seeing a
headline today are more likely to fall for an e-mail scam
prompting them to click a link and input their log-in information. A
similar
technique was used by Chinese military officers to hack into U.S.
companies, showing that in cyber-security, people are their own worst
enemies.
Instead of e-mailing
the auction site's more than 145 million active buyers worldwide,
EBay could have immediately done something that Adobe Systems,
LinkedIn and Evernote all did after their recent high-profile hacks:
change users' passwords. Automatically resetting accounts is
becoming a "common courtesy" after many breaches, says Lysa
Myers, a researcher with Slovakian security firm ESET.
Ignorance is not bliss.
Should I buy an emergency generator because my electric utility was
hacked? Or should I stock up on firewood because I could lose gas
service? Will my sewer back up? And don't give me that, “There
are some things man was not meant to know!”
An
American Utility's Control System Was Hacked
The control system for
a U.S. public utility was compromised. The Department of Homeland
Security did not specify which utility was affected in the agency's
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
report.
… Details of these
cyber attacks are rarely revealed to the public, and even more rarely
do they provide details into the matter. What we do know: this
particular attack was on a utility that was previously hacked
and the hackers used the employee access portal to get in.
Perspective
Most
2013 Data Breaches Affected E-Commerce and POS Systems: Trustwave
The new study is based
on data gathered from 691 breach investigations and focuses on
security threats, cybercrime and data breaches. Payment card data
continues to be the top type of data that's compromised in breaches.
However, the percentage of data thefts involving confidential,
non-payment card data has reached 45 percent in 2013. This
represents a 33 percent increase compared to the previous year.
Around 54 percent of
the attacks that took place in 2013 targeted e-commerce systems.
Point-of-sale (POS) attacks are next with 33 percent. In fact,
experts believe that these two types of breaches will dominate the
landscape in the upcoming years.
… You
can download
the full 2014 Trustwave Global Security Report from Trustwave’s
website.
Please send your
“Money-like things” to Bob, care of this Blog.
The
Future of Money-Like Things
While we rarely think
of it in this way, the
payment system we use every day is among the most widespread and
functional examples of an Internet of Things. It is an
array of objects embedded with chips, magnetic stripes, scanners, and
touchpads. These things are coordinated through networking protocols
used to move information and, ultimately, monetary value.
In payment systems, as
flights of imagination get grounded in real infrastructures,
interoperability has gone hand in hand with technological inertia.
Payment systems have to work, and they have to work everywhere. When
you swipe your credit card, it works. No matter where you are in the
U.S., if you have money or credit in physical or electronic form, you
can pay for stuff.
Who wants your data?
Just about everyone! ...and it's easy to see why.
Your
Banker Wants To Know If You Are Pregnant
Your banker wants to
know if your wife has thrown you out of the house. Or if one of your
parents has died. Or if you are expecting a child.
Because banks typically
make more money when they know clients better, they are stepping up
efforts to learn more personal information. For example, in recent
weeks HSBC has been writing its Premier clients and encouraging them
to share details about themselves.
… According to
Wells
Fargo presentations earlier this week, “building relationships
around individuals” leads to 65%
higher revenue. Active customers there are 2.2
times more profitable than less active ones, the bank
estimates.
(Related)
McKinsey
– The seven habits of highly effective digital enterprises
by Sabrina
I. Pacifici on May 22, 2014
“The age of
experimentation with digital is over. In an often bleak landscape of
slow economic recovery, digital continues to show healthy growth.
E-commerce is growing at double-digit rates in the United States and
most European countries, and it is booming across Asia. To take
advantage of this momentum, companies need to move beyond experiments
with digital and transform themselves into digital businesses. Yet
many companies are stumbling as they try to turn their digital
agendas into new business and operating models. The reason, we
believe, is that digital transformation is uniquely challenging,
touching every function and business unit while also demanding the
rapid development of new skills and investments that are very
different from business as usual. To succeed, management teams need
to move beyond vague statements of intent and focus on “hard
wiring” digital into their organization’s structures, processes,
systems, and incentives. There is no blueprint for success, but
there are plenty of examples that offer insights into the approaches
and actions of a successful digital transformation. By studying
dozens of these successes—looking beyond the usual suspects—we
discovered that highly effective digital enterprises share these
seven habits…”
“'Tis a puzzlement”
The King of Siam Facebook Users
Is
Facebook taking privacy more seriously?
… Facebook
is worried that you will start sharing less - or maybe even move to
more anonymous services - unless it helps you better manage your
private information. On Thursday, the company announced that it
would give a privacy checkup to every one of its 1.28 billion users
worldwide.
Facebook, which is
based in Menlo Park, California, will also change how it treats new
users by initially setting their posts to be seen only by friends.
Previously, those posts were accessible to anyone.
And it will explain to
both current and new users that setting their privacy to "public"
means that anyone can see their photos and posts.
The change in default
settings and the person-by-person review is a sharp reversal for
Facebook, whose privacy
settings are famously complicated. Some users may be shocked
when they see just how widely their personal information has been
shared.
Microsoft challenged,
that's good. But only once and only because it made no difference?
Microsoft
Challenged Secret FBI Request for Data About Business Customer
Microsoft Corp. last
year challenged a secret request for data about a business customer
from the Federal Bureau of Investigation. The government backed
down—but only after it
got the information it sought without the software giant’s help,
according to documents unsealed Thursday.
… Little is known
about the facts behind the request Microsoft challenged. On a
still-secret date last year, the FBI asked Microsoft for user
information on a single employee at a large business customer,
according to court records. The customer, whose name was redacted,
used Microsoft’s Office 365 service, which stores customer data in
Microsoft data centers—not servers controlled by the customer.
… After Microsoft
objected, the FBI obtained the data it wanted by approaching
Microsoft’s customer directly, according to court documents.
See? It can be done.
But why would a monopoly want to?
Cox
to offer residential gigabit speeds
Cox Communications –
the third-ranked US cable MSO – has revealed plans to roll out
gigabit Internet speeds across its markets nationwide. The company
will start with new residential construction projects and new and
existing neighbourhoods in Phoenix, Las Vegas and Omaha. In all Cox
locations, the company will begin market-wide deployment of gigabit
speeds by the end of 2016.
No comments:
Post a Comment