Update.
Nearly 100
Whole Foods Locations Affected by Card Breach
Amazon-owned
Whole Foods Market informed customers last week that a recent
hacker attack aimed at its payment systems affected nearly 100
locations across the United States.
Whole
Foods has set up a webpage where customers are being provided some
details about the breach. The page allows users to check if the
store they made purchases in has been hit.
According
to the company, cybercriminals may have stolen payment cards used at
taprooms and full table-service restaurants in various cities in
Alabama, Arizona, Arkansas, California, Colorado,
District of Columbia, Florida, Georgia, Hawaii, Idaho, Illinois,
Indiana, Kansas, Maine, Michigan, Minnesota, Missouri, Nevada, New
Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio,
Oregon, Pennsylvania, Tennessee, Texas, Virginia, Washington and
Wisconsin. The largest number of affected locations is in
California.
Whole
Foods said it had learned of unauthorized access to some payment
systems on September 23 and replaced affected point-of-sale (PoS)
devices by September 28. However, the investigation conducted by the
firm in collaboration with cybersecurity forensics experts revealed
that hackers had gained access to some
stores in as early as March 10.
… The
supermarket chain pointed out that the incident only impacted payment
systems at taprooms and restaurants within stores
A
different approach, but possibly not the best one.
Not the most technical/legal explanation of the
new EU regs, but this Daily Mail piece by Ben Ellery does
convey some of what is concerning businesses:
Computer
hacking victims will be able to claim thousands of pounds in
compensation under new laws – even if they do not lose any money.
The
‘distress’ they suffer will be enough to qualify for a payout
regardless of whether their accounts have actually been raided.
And
with the potential damages as high as £6,000 per person, companies
with millions of customers could be left crippled by a cyber-attack.
Read more on The
Daily Mail.
Now it would be great if businesses were so
concerned that they: (1) collected and stored less data, and (2)
provided better security for the data they do collect and store, but
as Ellery notes, what happens if companies just decide to take a risk
and not report breaches for fear of penalties? Hmmm…
A ‘toss away’ comment without context. How
many of these were critical to the prosecution? How many cases
involved terrorists?
Michael Balsamo reports:
The FBI hasn’t been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.
In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia.
Read more on Philly
Voice.
How would you regain trust after the DHS claims
you were spying?
Kaspersky
Really Wants People and Governments to Trust It Again
The U.S. Department of Homeland Security has
banned
federal agencies from using its products, due to its alleged ties
with Russian intelligence, and even the electronic retailer Best
Buy has pulled
Kaspersky’s antivirus.
… On Monday morning, the firm said it would
allow an independent review of its source code by “an
internationally recognized authority” in the first quarter of 2018,
along with an independent review of its internal processes to
determine their integrity.
The company also promised three “transparency
centers” in the U.S., Europe and Asia, to allow clients and
governments to review its code and the rules it uses to detect
threats. The centers will open between 2018 and 2020, it said.
… It is not uncommon for major software firms
with government contracts to allow those governments to inspect their
code—Microsoft
does it, for example, in order to assure agencies around the
world that Windows and other products do not contain backdoors.
An article for my Computer Security students.
How I
Socially Engineer Myself Into High Security Facilities
Continuing our “We don’t know what is
happening in our own business” discussion.
Bank of
America's Merrill Lynch fined £35m by UK watchdog
The US bank failed to report nearly 69 million
transactions over two years, the Financial
Conduct Authority said.
… The bank said it had reported the issue as
soon as it was discovered and was "wholly committed" to
following financial regulations.
… The types of trades involved, known as
derivatives, can create a "complex web of interdependence"
that then make it difficult to identify risks, according to the
watchdog.
Merrill Lynch said it had alerted authorities that
it had failed to report the financial trades between February 2014
and February 2016.
Mark Steward, the FCA's head of enforcement, said
firms needed to ensure
their reporting systems worked properly.
For my lawyer friends and the geeks who support
them.
Stay Up To
Date With These Legal Technology Blogs
The majority
of jurisdictions (28) now require lawyers to stay on top of legal
technology changes. This means that the majority of lawyers have an
ethical obligation to learn about and understand technology in order
to make informed decisions about whether to use technology in their
practices.
… Aside from attending on-point CLEs, one of
the easiest ways to learn about legal technology is to use an RSS
feed reader such as feedly (my feed
reader of choice), subscribe to number of legal technology blogs, and
spend a few minutes each day reading them and learning about the
latest legal technology trends.
(Related) Here are some of the best legal blogs
in the US.
The Expert
Institute's Best Legal Blog Contest
Every one of these blogs has earned its spot as a
leader in its category, but now it's time for our readers to select
the best of the best - creating the most definitive list of the
Internet's top legal blogs.
Perspective.
MasterCard
Says Signatures No Longer Required at the Checkout Counter
Checks are basically extinct. Cash
is almost gone. Credit cards are being replaced by phones. And
even the cards are changing — though that’s going
slower than originally planned.
… MasterCard just announced
it’s doing away with a policy where merchants must require
signatures from customers at checkout counters. The action concerns
all transactions in the U.S. and Canada.
The phase-out will be complete by April 2018
Marcus is a bit obsessive, but that just means he
lists EVERYTHING. You have to pick and choose.
New on LLRX
– Open Educational Resources (OER) Sources 2018
by Sabrina
I. Pacifici on Oct 22, 2017
Via LLRX – Open
Educational Resources (OER) Sources 2018 – Costs continue to
rise for students who are pursing college and post graduate degree
programs. By leveraging best practice sites, services and
non-traditional options to expand knowledge, skills and abilities in
many disciplines, students can choose from a wide range of options to
complete their respective goals. This guide by Marcus
Zillman is a comprehensive listing of useful open source
educational resources, sites, e-books and courses on the Internet
that can assist you in optimizing your learning opportunities.
For the toolkit, and my Computer Security
students. (Think of it as backup)
I’ll ask my students which is best.
At the start of 2012, the number of cable TV
subscriptions in the United States peaked at 103 million. The figure
has now dropped to 96 million, and by the end of 2018, experts
believe it will be down to about 92 million.
But all those people haven’t suddenly stopped
watching television. Instead, they’re increasingly finding ways to
watch TV online for free.
Clearly, there are lots of illegal ways to watch
your favorite shows, but there are also plenty of perfectly legal
(and free) ways. Here are some of the best…
Beware of passionate people!
No comments:
Post a Comment