For
my Intro to Computer Security students. Why wait for banks to issue
the “Next Generation” of credit cards? Use the security of
“Chip-enabled” cards to guarantee payment.
‘Replay’
Attacks Spoof Chip Card Charges
An
odd new pattern of credit card fraud emanating from Brazil and
targeting U.S. financial institutions could spell costly trouble for
banks that are just beginning to issue customers more secure
chip-based credit and debit cards.
Over
the past week, at least three U.S. financial institutions reported
receiving tens of thousands of dollars in fraudulent credit and debit
card transactions coming from Brazil and hitting card accounts stolen
in recent retail heists, principally cards compromised as part of the
breach at Home Depot.
The
most puzzling aspect of these unauthorized charges? They were all
submitted through Visa and MasterCard‘s
networks as chip-enabled transactions, even
though the banks that issued the cards in question haven’t even yet
begun sending customers chip-enabled cards.
The
most frustrating aspect of these unauthorized charges? They’re far
harder for the bank to dispute.
…
However, banks are
responsible for all of the fraud costs that occur from any fraudulent
use of their customers’ chip-enabled credit/debit cards — even
fraudulent charges disguised as these pseudo-chip transactions.
(Related)
I can see how this could be used to suck cash from your bank
account. (I can create my own QR code and tie it to my account in
Brazil.) Since it comes through your phone, will you be liable?
Dirty
Tactics Thwart Mobile Payments
…
Rite
Aid and CVS
have actively disabled NFC (near-field
communication) card readers in their stores to prevent customers
from using Apple Pay, Google Wallet, and other mobile payments
platforms. It has to be assumed this is a bid to keep CurrentC from
being surplus to requirements even before it launches in 2015.
CurrentC
works differently from Apple
Pay, with the customer
scanning a QR
code into their phone to have the payment taken directly from
their bank account. This is designed to cut credit card
companies (and their processing fees) out of the equation. Which is
why no banks are backing CurrentC.
Also
for my Computer Security students. This will be a big concern for
most companies. The article suggests a couple of approaches, but
consider what would work for you.
What
Employees Want vs. What IT Wants - The Venn Diagram that Doesn't
Overlap
…
A
large part of what employees want is the ability to do their jobs
more efficiently. They want to be able to collaborate internally and
externally, and share content. They want to use the devices they
need to get their jobs done, and they want to work from Starbucks,
from their kid’s soccer field practice and in a hotel room.
…
IT,
on the other hand is responsible and accountable for the availability
and security of the business, and the easiest way to do that is to
limit the avenues of risks. But, sometimes, this backfires. Locking
down corporate mobile devices encourages employees to use their own
mobile devices in search of productivity. Forcing users to access
cloud services through a VPN defeats the agility of these services by
making them slow and thus also encourages circumvention.
For
my Ethical Hackers: This is not a replacement for Uber! (Strange
that data on how the reprogramming equipment is used is not reported
back to the manufacturer, like all other IoT devices.)
Keyless
cars 'increasingly targeted by thieves using computers'
Organised criminal gangs are increasingly targeting high-end cars
with keyless security systems, a motoring industry group has warned.
The
thieves are acquiring equipment intended only for legitimate
mechanics, the Society of Motor Manufacturers and Traders (SMMT)
said.
Manufacturers
are trying to stay ahead of the thieves by updating software.
It
has
been reported that some London-based owners of Range Rovers have
been denied insurance over the issue.
…
"The challenge remains that the equipment being used to steal a
vehicle in this way is legitimately used by workshops to carry out
routine maintenance," a spokesman said.
"As
part of the need for open access to technical information to enable a
flourishing after-market, this equipment is available to independent
technicians. However a minority of individuals are exploiting this
to obtain the equipment to access vehicles fraudulently.
A
challenge for my Computer Forensics students.
Devices
being remotely wiped in police custody
All the data on some of the tablets and phones seized as evidence is
being wiped out, remotely, while they are in police custody, the BBC
has learned.
Cambridgeshire,
Derbyshire, Nottingham and Durham police all told BBC News handsets
had been remotely "wiped".
And
Dorset police said this had happened to six of the seized devices it
had in custody, within one year.
The
technology used was designed to allow owners to remove sensitive data
from their phones if they are stolen.
"If
a device has a signal, in theory it is possible to wipe it remotely,"
said Ken Munro, a digital forensics expert with Pen Test Partners.
This
sounds a bit like a straight line, but it is clearly another “Big
Data can make new businesses” story.
Big
Data, Dumpster Diving and the New Ethics of Waste Management
New
York Times: “Rubicon,
based in Atlanta, isn’t in the business of hauling waste. It
doesn’t own a single truck or landfill. Rather, companies hire it
as a kind of waste consultant. It begins by holding an online
bidding process for its clients’ waste contracts, fostering
competition among waste management businesses and bringing down their
prices…. Though unscientific, Dumpster-diving remains the primary
way that those in waste management analyze their customers’ trash.
“It’s literally: Here’s paper, here’s a cup, here’s books,
here’s e-waste,” explained Ms. Beason, who has spent 25 years
rummaging around Dumpsters in various waste management jobs… Mr.
Morris says he believes that the future of the trash business lies in
data. And Rubicon collects all sorts of it: the value per
ton and per cubic yard of various materials, in various regions; the
volume of clients’ waste; how often that waste is removed; which
haulers are servicing which locations for which clients, and so on.
The data lives in Rubicon’s proprietary software platform, called
Caesar. (Mr. Morris, a fan of the classics, sees in Julius Caesar’s
irrevocable river crossing “a fantastic story of disruption.”)
One of Rubicon’s most basic data applications is simply to
determine whether a client can have its garbage picked up less often.
Because haulers traditionally charge per visit, they have an
incentive to empty Dumpsters even when they’re only half full.
Rubicon sees emerging technologies as creating opportunities to
reduce such inefficiencies. It is experimenting, for instance, with
a sonar-equipped device that measures whether a Dumpster is full….
Even more grandly, Mr. Morris has said he would like all of his
clients to divert 100 percent of their waste from landfills by 2022.
Reaching such a goal would seem a threat to companies like Waste
Management that are heavily invested in landfills. Yet Waste
Management doesn’t appear to be worried about Rubicon, or to think
a future without landfills is near.”
Not
all of this is free.
Elsevier
Adds Five New Subject Areas to Legacy eBook Collection
News
release: “Elsevier,
a world-leading provider of scientific, technical and medical
information products and services, today announced it added five new
subject areas to its Legacy
eBook Collection on ScienceDirect.
The Legacy Collection consists of digitized, classic scholarly book
content, now including nearly 13,000 books. The
new subject areas are arts and humanities; computer science;
economics, econometrics and finance; immunology and microbiology; and
mathematics. In addition, there are newly digitized books
in the engineering and the biochemistry, genetics, and molecular
biology collections. The Legacy Collection includes books with
contributions from notable authors like leading business management
thinker Peter Drucker, and Nobel Laureates such as Lev Davidovich
Landau, George Olah, Peter Diamond and Sir Frank McFarlane Burnet.
For the first time, the books in the Elsevier’s Legacy Collection
are also being made available to more than 70 third-party ebook
distributors. Customers can purchase these revived titles through
online retailers or through library ebook service providers.”
No comments:
Post a Comment