by Sam Borden | The New York Times
World Cup 2014: Controversies Highlight Players' Use of Social Media
RIO DE JANEIRO - Zinedine Zidane of France did not apologize on MySpace after his infamous head butt in the 2006 World Cup final. Diego Maradona of Argentina did not address his 1986 knuckle-assisted Hand of God goal on America Online, a digital community that did not become prominent for another five years.
Controversies have arisen in World Cups since a referee inadvertently blew the final whistle six minutes early during a match at the inaugural tournament, in 1930, but the dramas of this year's event - including a bizarre bite and a backbreaking tackle - have played out with a remarkable immediacy on social media.
Over the last month, players like Neymar, Luis Suárez and the United States reserve forward Chris Wondolowski have offered confessions, explanations, interpretations and amplifications using services like Twitter, YouTube, Facebook and Instagram.
"If they can jump online, say something, and see it traverse the world in real time, it makes life that much easier," said Peter Shankman, a social media consultant in New York.
Most recently, fans have been fretting over an injury to Neymar, Brazil's spindly star striker, who crumpled late in the second half of a quarterfinal match against Colombia after being kneed in the lower back.
Screaming and crying, Neymar was taken off the field on a stretcher, and it was later revealed that he had a fractured vertebra. He will miss the rest of the tournament, which has four teams remaining from the original 32.
The player who kneed him, Juan Camilo Zúñiga, made only a fleeting comment or two as he rushed past members of the news media after the game. It did not take long for Zúñiga to begin receiving death threats and racist taunts from Brazilian fans on Twitter - one of the more printable comments was that Zúñiga was "the biggest villain in the history of football" - and he took to social media a day later to explain himself.
"There was no bad intention, malice or negligence on my part," he wrote in a letter posted on his Facebook page. Zúñiga also addressed Neymar personally, telling him: "I admire you, respect you and consider you one of the best players in the world. I hope you recover and return quickly."
Grainy footage circulated of Neymar being rushed into an emergency room, being comforted by teammates on an airport tarmac and being loaded on a gurney into a helicopter. He did not publicly engage with Zúñiga on social media, but he did address his nation of frothing fans directly.
In a YouTube video, Neymar - looking rakish in a sideways hat despite his temporary incapacitation - spoke emotionally about how his "dream has not ended yet" because his teammates could go on to win the World Cup without him. "Another dream of mine was to play in the World Cup final, but I won't be able to do that now," he added.
While some professional sports teams place limits on what their athletes should share on the Internet, the Brazilian players - even before Neymar's medical journey became available for consumption - have not been shy. Instagram in particular is popular with the Brazilians, and pictures such as Dani Alves's selfie with a milk bottle and David Luiz's underwater homage to heavy-metal music have made fans feel that their beloved stars are accessible.
Neymar's injury was hardly the only story to play out on the web. When Suárez, a Uruguayan striker, sank his teeth into the left shoulder of Italy's Giorgio Chiellini during a group-stage game, theories about digitally enhanced pictures of the bite marks popped up almost immediately.
Suárez and Chiellini gave brief interviews after the game, but, as is often the case, the players took to social media to offer clarifications once the emotional level of the situation had calmed.
After FIFA, soccer's governing body, announced a heavy punishment for Suárez that included a suspension from nine international games and a four-month ban from all soccer activities, Chiellini, who had initially called Suárez a "sneak," took to his personal website to say that he felt for Suárez and his family and hoped that Suárez "will be allowed, at least, to stay close to his teammates during the games because such a ban is really alienating for a player."
Suárez, who at first claimed that no bite had taken place, then emerged with a Facebook post in which he apologized, somewhat, and said Chiellini had "suffered the physical result of a bite in the collision."
That prompted Chiellini to post a reply to Suárez on Twitter in which he absolved his assailant and said, "It's all forgotten."
Fortunately, the players at the World Cup have managed to avoid controversies like the one involving a Swiss athlete's dismissal from the 2012 London Olympics after a tweet that insulted South Koreans. Two airlines, however, have bumbled into problems with World Cup-related tweets.
After the United States beat Ghana, Delta posted a picture of the Statue of Liberty next to the Americans' score and a picture of a giraffe next to Ghana's - not realizing, apparently, that there are no giraffes in Ghana (the airline apologized).
In a post on the Dutch airline KLM's Twitter account after the Netherlands beat Mexico, the text "Adios Amigos!" was accompanied by a picture of a "Departures" board altered to include a caricature of a man with a mustache, a poncho and a sombrero. Again, the airline apologized.
Perhaps no social media post, though, had as much feeling as one from Wondolowski, the United States forward, who missed a seemingly unmissable shot from close range in the Americans' Round of 16 game against Belgium. If Wondolowski had scored, the United States probably would have won; instead, his shot went high and wide. The United States lost in extra time.
Wondolowski took to social media to say he was sorry to all American fans. There were no pictures or videos, just a moment of unreserved accountability. "I'm gutted to have let down everyone," he wrote, "but especially my teammates. It’s been an incredible ride, but I know this will make me stronger."
The TNS Group is a leading technology services company located in Stamford, CT committed to delivering IT innovation and excellence!
Wednesday, July 9, 2014
Wednesday, June 11, 2014
P.F. Chang's Investigating Possible Data Breach
Nicole Perlroth | The New York Times
P.F. Chang's China Bistro said Tuesday that it is investigating a potential security breach that may have led to the theft of information from thousands of customer credit cards.
The possible theft was first reported by Brian Krebs, a security blogger, who noted thousands of fresh credit cards appeared on Rescator, a so-called carding site that was used to sell payment data after last year’s Target network breach. Data from the magnetic strips of the latest stolen cards is selling for between $18 and $140 per card.
Mr. Krebs said representatives from affected banks had purchased several stolen credit cards from carding sites and discovered that many were used recently at P.F. Chang's.
"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," Anne Deanovic, a spokeswoman for the company, based in Scottsdale, Ariz., said in a written statement. "We will provide an update as soon as we have additional information."
Ms. Deanovic said the company had not yet tied fraudulent activity on customers' credit cards to the possible breach. The Secret Service, which has been conducting an inquiry into recent hacks at Target, Neiman Marcus and others, did not immediately return a request for comment.
P.F. Chang's was acquired by private-equity firm Centerbridge Partners LP in 2012 for $1.1 billion. It operated 200 Asian restaurant bistros and some 170 Pei Wei Asian Diners at the time of the deal.
It is the first significant appearance of information from stolen credit cards since March, when data from 282,000 cards was tied to a possible breach at Sally's Beauty.
If the breach is confirmed, P.F. Chang’s will be the fifth major retail chain - after Target, Neiman Marcus, Michaels and Sally's Beauty - to acknowledge that its systems were recently compromised. In those cases, criminals installed so-called malware on retailers' systems, which fed customers' payment details back to their computer servers.
A report from Bloomberg identified Sears as another company that had been breached, but the company and law enforcement officials have denied the reports.
The tally of customers affected by these recent breaches now exceeds one-third of the American population. The same group of criminals in Eastern Europe are believed to be behind the hacks, and to be part of a broader cyberattack directed at as many as six other retailers, according to two people investigating the breaches who were not authorized to speak publicly.
The entry point for each breach differed, according to one law enforcement official. At Target, it was believed to be a Pennsylvania company that provided heating, air-conditioning and refrigeration services to the retailer. Criminals were able to use the company's log-in credentials to gain access to Target's systems, and eventually to its point-of-sale systems.
On Tuesday, a joint report by the Ponemon Institute, an independent security research firm, and DB Networks, a database security firm, found that retail companies are still unprepared for such attacks.
In a survey of 595 computer-security experts in the United States, the majority - 64 percent - believed their organizations still lack the technology and tools to quickly detect database attacks. Only one-third said they do the kind of continuous database monitoring needed to identify irregular activity in their databases. Another 22 percent admitted that they do not scan at all.
"The best approach to avoid an attack on a retail organization is continuous monitoring, which helps you understand your environment to detect gratuitous or anomalous traffic," said Larry Ponemon, the founder of the Ponemon Institute in an interview Tuesday. "All it takes is one successful attack."
P.F. Chang's China Bistro said Tuesday that it is investigating a potential security breach that may have led to the theft of information from thousands of customer credit cards.
The possible theft was first reported by Brian Krebs, a security blogger, who noted thousands of fresh credit cards appeared on Rescator, a so-called carding site that was used to sell payment data after last year’s Target network breach. Data from the magnetic strips of the latest stolen cards is selling for between $18 and $140 per card.
Mr. Krebs said representatives from affected banks had purchased several stolen credit cards from carding sites and discovered that many were used recently at P.F. Chang's.
"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," Anne Deanovic, a spokeswoman for the company, based in Scottsdale, Ariz., said in a written statement. "We will provide an update as soon as we have additional information."
Ms. Deanovic said the company had not yet tied fraudulent activity on customers' credit cards to the possible breach. The Secret Service, which has been conducting an inquiry into recent hacks at Target, Neiman Marcus and others, did not immediately return a request for comment.
P.F. Chang's was acquired by private-equity firm Centerbridge Partners LP in 2012 for $1.1 billion. It operated 200 Asian restaurant bistros and some 170 Pei Wei Asian Diners at the time of the deal.
It is the first significant appearance of information from stolen credit cards since March, when data from 282,000 cards was tied to a possible breach at Sally's Beauty.
If the breach is confirmed, P.F. Chang’s will be the fifth major retail chain - after Target, Neiman Marcus, Michaels and Sally's Beauty - to acknowledge that its systems were recently compromised. In those cases, criminals installed so-called malware on retailers' systems, which fed customers' payment details back to their computer servers.
A report from Bloomberg identified Sears as another company that had been breached, but the company and law enforcement officials have denied the reports.
The tally of customers affected by these recent breaches now exceeds one-third of the American population. The same group of criminals in Eastern Europe are believed to be behind the hacks, and to be part of a broader cyberattack directed at as many as six other retailers, according to two people investigating the breaches who were not authorized to speak publicly.
The entry point for each breach differed, according to one law enforcement official. At Target, it was believed to be a Pennsylvania company that provided heating, air-conditioning and refrigeration services to the retailer. Criminals were able to use the company's log-in credentials to gain access to Target's systems, and eventually to its point-of-sale systems.
On Tuesday, a joint report by the Ponemon Institute, an independent security research firm, and DB Networks, a database security firm, found that retail companies are still unprepared for such attacks.
In a survey of 595 computer-security experts in the United States, the majority - 64 percent - believed their organizations still lack the technology and tools to quickly detect database attacks. Only one-third said they do the kind of continuous database monitoring needed to identify irregular activity in their databases. Another 22 percent admitted that they do not scan at all.
"The best approach to avoid an attack on a retail organization is continuous monitoring, which helps you understand your environment to detect gratuitous or anomalous traffic," said Larry Ponemon, the founder of the Ponemon Institute in an interview Tuesday. "All it takes is one successful attack."
Friday, June 6, 2014
FTC: Data Brokers Know You Better Than Mom Does
Information Week | Thomas Claburn
Federal Trade Commission report calls for restrictions on data brokers, finds companies gather billions of consumer transactions daily, largely without public knowledge.
Companies that silently gather data on consumers should be more transparent about what they do and should give consumers more control over the information they collect, a Federal Trade Commission report said Tuesday.
The report examines the practices of nine data brokers: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intellius, PeekYou, RapLeaf, and Recorded Future. It concludes that the data gathering industry in the US operates without meaningful transparency or public accountability and recommends that Congress consider legislation to address those deficiencies.
"The extent of consumer profiling today means that data brokers often know as much -- or even more -- about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," said FTC Chairwoman Edith Ramirez in a statement. "It's time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist."
The report finds that data brokers have information on almost every US consumer, collect billions of data points every month, and often share this information with other data brokers. The companies collect information about what people buy, their social media activity, product registrations, magazine subscriptions, religious and political affiliations, and a variety of other details. They combine online and offline information to create categorical profiles, some of which might offend those so characterized or might be considered sensitive because they focus on ethnicity, income, education level, or health conditions.
For example, categories such as "Urban Scramble" and "Mobile Mixers" include a high-concentration of Latinos and African Americans with low incomes. The category "Rural Everlasting" refers to "single men and women over the age of 66 with 'low educational attainment and low net worths.' " Other categories include those believed to be pregnant, those concerned about diabetes, and those concerned about high cholesterol.
The report notes these categorizations could create costs for consumers if, for example, insurance companies elect to use these profiles to evaluate individuals' health or injury risks.
Peggy Hudson, senior VP of government affairs for the Direct Marketing Association, said in an emailed statement that the DMA has long supported transparency and consumer choice through services like DMAchoice, for opting out of mailings, and through cooperation with the Digital Advertising Alliance.
Hudson contends that, despite thousands of pages of documentation and two years of investigation, the FTC report "finds no actual harm to consumers, and only suggests potential misuses that do not occur."
Daniel Castro, director of the Center for Data Innovation, a think data promoting data usage in business that's affiliated with the Information Technology and Innovation Foundation, said in an emailed statement that forcing companies to provide consumers with notice after every transaction would hinder commerce while doing little to promote consumer trust. "The FTC seems to be stuck in a notice-and-choice world while everyone else is trying to move on," he said.
In a follow-up email, Castro elaborated on why he believes notice-and-consent, the traditional privacy paradigm, is no longer relevant. He favors the term "notice-and-choice," perhaps because the absence of "consent" implies a transgression of some sort. The absence of choice merely suggests a more limited menu of options.
"The problem with notice-and-choice is it's disruptive to the free flow of data," said Castro. "For example, if Google had to serve up (in the words of the FTC) a 'prominent notice to consumers' every time somebody clicked 'search,' we wouldn't have things like Google Flu trends."
Castro argues that notice-and-choice worked for the world of paper records, but breaks in the digital world, in terms of online products and services. "You don't see a lot of petitions asking the government 'please require websites to give us more pop-up notices.' Or citizens calling their members of Congress saying they wish their hair stylists and plumbers would be like their doctors and give them a HIPAA-like privacy notice before providing them a service."
Castro, like Hudson, chides the FTC report for its focus on "speculative harms." Yet, such data gathering represents a speculative harm in part because there's so little transparency. How is an individual to know whether he or she has been harmed by a data transaction -- through a higher insurance premium, for example -- if the data broker does not reveal what data was sold and the data buyer does not explain the data's impact on decision making?
Perhaps more to the point, privacy is not measured by the absence of harm. An unknown person standing in your bedroom at night may not do any harm. But you would probably prefer more privacy, even with the assurance that your lurking guest merely wants to see if you're in the market for sleeping pills.
Federal Trade Commission report calls for restrictions on data brokers, finds companies gather billions of consumer transactions daily, largely without public knowledge.
Companies that silently gather data on consumers should be more transparent about what they do and should give consumers more control over the information they collect, a Federal Trade Commission report said Tuesday.
The report examines the practices of nine data brokers: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intellius, PeekYou, RapLeaf, and Recorded Future. It concludes that the data gathering industry in the US operates without meaningful transparency or public accountability and recommends that Congress consider legislation to address those deficiencies.
"The extent of consumer profiling today means that data brokers often know as much -- or even more -- about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," said FTC Chairwoman Edith Ramirez in a statement. "It's time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist."
The report finds that data brokers have information on almost every US consumer, collect billions of data points every month, and often share this information with other data brokers. The companies collect information about what people buy, their social media activity, product registrations, magazine subscriptions, religious and political affiliations, and a variety of other details. They combine online and offline information to create categorical profiles, some of which might offend those so characterized or might be considered sensitive because they focus on ethnicity, income, education level, or health conditions.
For example, categories such as "Urban Scramble" and "Mobile Mixers" include a high-concentration of Latinos and African Americans with low incomes. The category "Rural Everlasting" refers to "single men and women over the age of 66 with 'low educational attainment and low net worths.' " Other categories include those believed to be pregnant, those concerned about diabetes, and those concerned about high cholesterol.
The report notes these categorizations could create costs for consumers if, for example, insurance companies elect to use these profiles to evaluate individuals' health or injury risks.
Peggy Hudson, senior VP of government affairs for the Direct Marketing Association, said in an emailed statement that the DMA has long supported transparency and consumer choice through services like DMAchoice, for opting out of mailings, and through cooperation with the Digital Advertising Alliance.
Hudson contends that, despite thousands of pages of documentation and two years of investigation, the FTC report "finds no actual harm to consumers, and only suggests potential misuses that do not occur."
Daniel Castro, director of the Center for Data Innovation, a think data promoting data usage in business that's affiliated with the Information Technology and Innovation Foundation, said in an emailed statement that forcing companies to provide consumers with notice after every transaction would hinder commerce while doing little to promote consumer trust. "The FTC seems to be stuck in a notice-and-choice world while everyone else is trying to move on," he said.
In a follow-up email, Castro elaborated on why he believes notice-and-consent, the traditional privacy paradigm, is no longer relevant. He favors the term "notice-and-choice," perhaps because the absence of "consent" implies a transgression of some sort. The absence of choice merely suggests a more limited menu of options.
"The problem with notice-and-choice is it's disruptive to the free flow of data," said Castro. "For example, if Google had to serve up (in the words of the FTC) a 'prominent notice to consumers' every time somebody clicked 'search,' we wouldn't have things like Google Flu trends."
Castro argues that notice-and-choice worked for the world of paper records, but breaks in the digital world, in terms of online products and services. "You don't see a lot of petitions asking the government 'please require websites to give us more pop-up notices.' Or citizens calling their members of Congress saying they wish their hair stylists and plumbers would be like their doctors and give them a HIPAA-like privacy notice before providing them a service."
Castro, like Hudson, chides the FTC report for its focus on "speculative harms." Yet, such data gathering represents a speculative harm in part because there's so little transparency. How is an individual to know whether he or she has been harmed by a data transaction -- through a higher insurance premium, for example -- if the data broker does not reveal what data was sold and the data buyer does not explain the data's impact on decision making?
Perhaps more to the point, privacy is not measured by the absence of harm. An unknown person standing in your bedroom at night may not do any harm. But you would probably prefer more privacy, even with the assurance that your lurking guest merely wants to see if you're in the market for sleeping pills.
Wednesday, June 4, 2014
Malware creation breaks all records! 160,000 new samples every day
net-security.org
Malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.
Trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Similarly, infections by Trojans were once again the most common type of infection over this period, representing 79.90% of all cases.
In the area of mobile devices, there have been increasing attacks on Android environments. Many of these involve subscribing users to premium-rate SMS services without their knowledge, both through Google Play as well as ads on Facebook, using WhatsApp as bait.
Along these lines, social networks are still a favorite stalking ground for cyber-criminals, The Syrian Electronic Army group, for example, compromised accounts on Twitter and Facebook, and tried to gain control of the facebook.com domain in an attack that was foiled in time by MarkMonitor.
During the first three months of the year we have witnessed some of the biggest data thefts since the creation of the Internet, and as expected, Cryptolocker, the malicious file-encrypting ransomware which demands a ransom to unblock files, has continued to claim victims.
"Over these months, levels of cyber-crime have continued to rise. In fact, we have witnessed some of the biggest data thefts since the creation of the Internet, with millions of users affected”, explains Luis Corrons.
So far in 2014, Trojans are still the malware most commonly used by cyber-criminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by Trojans, that’s 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%.
Trojans also top the ranking of newly created malware, accounting for 71.85% of the total, followed by worms, at 12.25%, and viruses at 10.45%.
The global infection rate during the first three months of 2014 was 32.77%. China is once again the country with most infections, with a rate of 52.36%, followed by Turkey (43.59%) and Peru (42.14%). Although Spain is not in the top ten of this ranking, it is still above the global average with 33.57%.
European countries ranked high among the least infected countries, with the best figures coming from Sweden (21.03%), Norway (21.14%), Germany (24.18%) and Japan, which with a ratio of 24.21%, was the only non-European country in the top ten of this list.
Malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.
Trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Similarly, infections by Trojans were once again the most common type of infection over this period, representing 79.90% of all cases.
In the area of mobile devices, there have been increasing attacks on Android environments. Many of these involve subscribing users to premium-rate SMS services without their knowledge, both through Google Play as well as ads on Facebook, using WhatsApp as bait.
Along these lines, social networks are still a favorite stalking ground for cyber-criminals, The Syrian Electronic Army group, for example, compromised accounts on Twitter and Facebook, and tried to gain control of the facebook.com domain in an attack that was foiled in time by MarkMonitor.
During the first three months of the year we have witnessed some of the biggest data thefts since the creation of the Internet, and as expected, Cryptolocker, the malicious file-encrypting ransomware which demands a ransom to unblock files, has continued to claim victims.
"Over these months, levels of cyber-crime have continued to rise. In fact, we have witnessed some of the biggest data thefts since the creation of the Internet, with millions of users affected”, explains Luis Corrons.
So far in 2014, Trojans are still the malware most commonly used by cyber-criminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by Trojans, that’s 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%.
Trojans also top the ranking of newly created malware, accounting for 71.85% of the total, followed by worms, at 12.25%, and viruses at 10.45%.
The global infection rate during the first three months of 2014 was 32.77%. China is once again the country with most infections, with a rate of 52.36%, followed by Turkey (43.59%) and Peru (42.14%). Although Spain is not in the top ten of this ranking, it is still above the global average with 33.57%.
European countries ranked high among the least infected countries, with the best figures coming from Sweden (21.03%), Norway (21.14%), Germany (24.18%) and Japan, which with a ratio of 24.21%, was the only non-European country in the top ten of this list.
Thursday, May 29, 2014
Forget 'the Cloud'; 'the Fog' Is Tech's Future
By Christopher Mims | Wall Street Journal
I'm as big a believer in the transformational power of cloud computing as anyone you'll meet. Smartphones, which are constantly seeking and retrieving data, don't make sense without the cloud, and any business that isn't racing to push its data and software into someone else's data center is, in my view, setting itself up for disruption by a competitor who is.
But cloud advocates are fond of declaring that 100% of computing will someday reside in the cloud. And many companies are in business to sell you on that notion.
Here's the reality: Getting data into and out of the cloud is harder than most engineers, or at least their managers, often are willing to admit.
The problem is bandwidth. If you're a company simply seeking to save the cost and headache of storing data yourself, the cloud is great as long as all you need to do is transfer data back and forth via high-speed wiring.
But in the world of mass connectivity - in which people need to get information on an array of mobile devices - bandwidth is pretty slow. Any business that sends data to mobile devices, be it airline reservation systems for consumers or business data for a mobile sales force, grapples with the limitations of wireless networks. Overall, according to the World Economic Forum, the U.S. ranks 35th in the world in terms of bandwidth per user.
That's one reason that mobile apps have become a predominant way to do things on the Internet, at least on smartphones. Some of the data and processing power is handled within your device.
The problem of how to get things done when we're dependent on the cloud is becoming all the more acute as more and more objects become "smart," or able to sense their environments, connect to the Internet, and even receive commands remotely. Everything from jet engines to refrigerators is being pushed onto wireless networks and joining the "Internet of Things."
Modern 3G and 4G cellular networks simply aren't fast enough to transmit data from devices to the cloud at the pace it is generated, and as every mundane object at home and at work gets in on this game, it's only going to get worse.
Luckily there's an obvious solution: Stop focusing on the cloud, and start figuring out how to store and process the torrent of data being generated by the Internet of Things (also known as the industrial Internet) on the things themselves, or on devices that sit between our things and the Internet.
Marketers at Cisco Systems Inc. have already come up with a name for this phenomenon: fog computing.
I like the term. Yes, it makes you want to do a Liz Lemon eye roll. But like cloud computing before it - also a marketing term for a phenomenon that was already under way - it's a good visual metaphor for what's going on.
Whereas the cloud is "up there" in the sky somewhere, distant and remote and deliberately abstracted, the "fog" is close to the ground, right where things are getting done. It consists not of powerful servers, but weaker and more dispersed computers of the sort that are making their way into appliances, factories, cars, street lights and every other piece of our material culture.
Cisco sells routers, which aside from storage has got to be the least sexy business in tech. To make them more appealing, and to sell them to new markets before Chinese competitors disrupt Cisco's existing revenue streams, Cisco wants to turn its routers into hubs for gathering data and making decisions about what to do with it. In Cisco's vision, its smart routers will never talk to the cloud unless they have to - say, to alert operators to an emergency on a sensor-laden rail car on which one of these routers acts as the nerve center.
International Business Machines Corp. has a similar initiative to push computing out "to the edge," an effort to, as IBM executive Paul Brody puts it, turn the traditional, cloud-based Internet "inside out." (When people talk about "edge computing," what they literally mean is the edge of the network, the periphery where the Internet ends and the real world begins. Data centers are in the "center" of the network, personal computers, phones and surveillance cameras are on the edge.)
Just as the cloud physically consists of servers harnessed together, in IBM's research project, the fog consists of all the computers that are already around us, tied together. On one level, asking our smart devices to, for example, send software updates to one another, rather than routing them through the cloud, could make the fog a direct rival to the cloud for some functions.
The bottom line is, we just have too much data. And we're just getting started. Airplanes are a great example of this. In a new Boeing Co. 747, almost every part of the plane is connected to the Internet, recording and, in some cases, sending continuous streams of data about its status. General Electric Co. has said that in a single flight, one of its jet engines generates half a terabyte of data.
Cheap sensors generate lots of "big" data, and it's surprisingly useful. So-called predictive analytics lets companies like GE know which part of a jet engine might need maintenance, even before the plane carrying it has landed.
Why else do you think Google Inc. and Facebook Inc. are talking about alternate means of Internet access, including via balloons and drones? Existing carriers aren't getting the job done. Until the U.S. gets the fast wireless and wired Internet it deserves, computing things as close to the user as possible is going to be critical to making the Internet of Things responsive enough to be usable.
The future of much enterprise computing remains in the cloud, but the really transformative computing of the future? It's going to happen right here, in the objects that surround us - in the fog.
Contact The TNS Group TODAY to Discuss your Computing Needs
203-316-0112
www.thetnsgroup.com
I'm as big a believer in the transformational power of cloud computing as anyone you'll meet. Smartphones, which are constantly seeking and retrieving data, don't make sense without the cloud, and any business that isn't racing to push its data and software into someone else's data center is, in my view, setting itself up for disruption by a competitor who is.
But cloud advocates are fond of declaring that 100% of computing will someday reside in the cloud. And many companies are in business to sell you on that notion.
Here's the reality: Getting data into and out of the cloud is harder than most engineers, or at least their managers, often are willing to admit.
The problem is bandwidth. If you're a company simply seeking to save the cost and headache of storing data yourself, the cloud is great as long as all you need to do is transfer data back and forth via high-speed wiring.
But in the world of mass connectivity - in which people need to get information on an array of mobile devices - bandwidth is pretty slow. Any business that sends data to mobile devices, be it airline reservation systems for consumers or business data for a mobile sales force, grapples with the limitations of wireless networks. Overall, according to the World Economic Forum, the U.S. ranks 35th in the world in terms of bandwidth per user.
That's one reason that mobile apps have become a predominant way to do things on the Internet, at least on smartphones. Some of the data and processing power is handled within your device.
The problem of how to get things done when we're dependent on the cloud is becoming all the more acute as more and more objects become "smart," or able to sense their environments, connect to the Internet, and even receive commands remotely. Everything from jet engines to refrigerators is being pushed onto wireless networks and joining the "Internet of Things."
Modern 3G and 4G cellular networks simply aren't fast enough to transmit data from devices to the cloud at the pace it is generated, and as every mundane object at home and at work gets in on this game, it's only going to get worse.
Luckily there's an obvious solution: Stop focusing on the cloud, and start figuring out how to store and process the torrent of data being generated by the Internet of Things (also known as the industrial Internet) on the things themselves, or on devices that sit between our things and the Internet.
Marketers at Cisco Systems Inc. have already come up with a name for this phenomenon: fog computing.
I like the term. Yes, it makes you want to do a Liz Lemon eye roll. But like cloud computing before it - also a marketing term for a phenomenon that was already under way - it's a good visual metaphor for what's going on.
Whereas the cloud is "up there" in the sky somewhere, distant and remote and deliberately abstracted, the "fog" is close to the ground, right where things are getting done. It consists not of powerful servers, but weaker and more dispersed computers of the sort that are making their way into appliances, factories, cars, street lights and every other piece of our material culture.
Cisco sells routers, which aside from storage has got to be the least sexy business in tech. To make them more appealing, and to sell them to new markets before Chinese competitors disrupt Cisco's existing revenue streams, Cisco wants to turn its routers into hubs for gathering data and making decisions about what to do with it. In Cisco's vision, its smart routers will never talk to the cloud unless they have to - say, to alert operators to an emergency on a sensor-laden rail car on which one of these routers acts as the nerve center.
International Business Machines Corp. has a similar initiative to push computing out "to the edge," an effort to, as IBM executive Paul Brody puts it, turn the traditional, cloud-based Internet "inside out." (When people talk about "edge computing," what they literally mean is the edge of the network, the periphery where the Internet ends and the real world begins. Data centers are in the "center" of the network, personal computers, phones and surveillance cameras are on the edge.)
Just as the cloud physically consists of servers harnessed together, in IBM's research project, the fog consists of all the computers that are already around us, tied together. On one level, asking our smart devices to, for example, send software updates to one another, rather than routing them through the cloud, could make the fog a direct rival to the cloud for some functions.
The bottom line is, we just have too much data. And we're just getting started. Airplanes are a great example of this. In a new Boeing Co. 747, almost every part of the plane is connected to the Internet, recording and, in some cases, sending continuous streams of data about its status. General Electric Co. has said that in a single flight, one of its jet engines generates half a terabyte of data.
Cheap sensors generate lots of "big" data, and it's surprisingly useful. So-called predictive analytics lets companies like GE know which part of a jet engine might need maintenance, even before the plane carrying it has landed.
Why else do you think Google Inc. and Facebook Inc. are talking about alternate means of Internet access, including via balloons and drones? Existing carriers aren't getting the job done. Until the U.S. gets the fast wireless and wired Internet it deserves, computing things as close to the user as possible is going to be critical to making the Internet of Things responsive enough to be usable.
The future of much enterprise computing remains in the cloud, but the really transformative computing of the future? It's going to happen right here, in the objects that surround us - in the fog.
Contact The TNS Group TODAY to Discuss your Computing Needs
203-316-0112
www.thetnsgroup.com
Friday, May 23, 2014
Sophisticated Google Drive Phishing Campaign Persists
Zeljka Zorz | Help Net Security
Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users.
The victims are hit with fake emails sporting a subject line that simply says "Documents" and carry a link to the phishing page.
"This scam is more effective than the millions of phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself," they warn.
The corrupted language names in the bottom right drop-down menu are not enough to alert most users to the spoofed nature of the page, as they will most likely believe that it's simply a bug - if they notice the menu at all.
"This script has the same name (performact.php) that we saw in the original Google Docs and Google Drive phishing scam, suggesting that the same group of attackers (or at least the same phishing kit) is involved," the researchers noted.
The danger is even bigger now than before. "Shortly after we published our original blog post, Google reduced prices for Google Drive significantly which surely increased the number of people at risk. Smartphones are now also being sold with premium Google Drive accounts pre-installed, making Google Drive an even more enticing phishing target," they added.
Users who enter their login credentials in this phishing page will not only have them compromised, but will also be redirected to compromised Brazilian website hosting a Trojan, and possibly get infected with malware, too.
Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users.
The victims are hit with fake emails sporting a subject line that simply says "Documents" and carry a link to the phishing page.
"This scam is more effective than the millions of phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself," they warn.
The corrupted language names in the bottom right drop-down menu are not enough to alert most users to the spoofed nature of the page, as they will most likely believe that it's simply a bug - if they notice the menu at all.
"This script has the same name (performact.php) that we saw in the original Google Docs and Google Drive phishing scam, suggesting that the same group of attackers (or at least the same phishing kit) is involved," the researchers noted.
The danger is even bigger now than before. "Shortly after we published our original blog post, Google reduced prices for Google Drive significantly which surely increased the number of people at risk. Smartphones are now also being sold with premium Google Drive accounts pre-installed, making Google Drive an even more enticing phishing target," they added.
Users who enter their login credentials in this phishing page will not only have them compromised, but will also be redirected to compromised Brazilian website hosting a Trojan, and possibly get infected with malware, too.
Wednesday, May 14, 2014
Clouds Are Convenient, But Be Paranoid To Protect Personal Data
NPR Transcript | Listen to the Story
MICHEL MARTIN, Host
NICOLE PERLROTH, Technology Report, NY Time, Interviewee
For many of us, data clouds like Google Drive and Dropbox have replaced clunky hard-drives and easy-to-lose USB sticks. But how secure is our data in these clouds?
MICHEL MARTIN, HOST:
Switching gears now. You're probably seeing a lot of ads for smartphones and other gadgets that a graduate might like. There are a lot out there, and they're changing all the time. And that made us think that technology is not the only thing changing quickly. There are also new ways to store information. We're no longer storing documents and photos on hard drives or USB sticks or even CDs or floppy disks, if you remember those.
Many people today rely on clouds like Google Drive or Dropbox. And these allow us to access important documents anywhere on almost any device. But we wanted to know just how secure are clouds, and what should we know before we use them? Joining us to tell us more is Nicole Perlroth. She is technology reporter for The New York Times, and she's with us now. Nicole, thanks so much for joining us.
NICOLE PERLROTH: My pleasure. Thanks for having me.
MARTIN: For people who are not familiar with the term, can you just tell us what a cloud is?
PERLROTH: So the cloud is a really nebulous term - no pun intended - for computing done remotely. So you're using the cloud if you are working off of your Google Drive and you're creating a document in Google Drive, you're working from the cloud. You are using the cloud when you do online banking. You're using the cloud when you store something in a Dropbox account. And you're even using the cloud when you're watching Netflix because Netflix outsources its data storage to Amazon's Web Services, which is a cloud-computing provider.
MARTIN: Do you even have a choice anymore about whether you use the cloud?
PERLROTH: You do have a choice, but it's getting - people are moving to the cloud at a very fast rate. So gone are the days for small companies when most of their data is stored down the hall in a computing room. A lot of small and medium-sized businesses now outsource their data storage and data security to services like Amazon and Google and Rackspace and a number of cloud providers.
And, yes, you can still store documents on your computer or on your hard drive or on a time machine, but a lot of people are now migrating to the cloud because it's cheap. It's easy to access your documents from different devices, which is very convenient. And in a lot of businesses' cases, it's cheaper for them to sort of outsource their data storage and data security to someone like Amazon than to go build out their own warehouses to store their data themselves.
MARTIN: And of course, if you lose that particular device or if it breaks, of course people are just, you know, they're stuck. They're lost. It's almost like losing that old address book. And this way you - it's automatically sort of available somewhere else.
PERLROTH: Right.
MARTIN: But is there a downside? I mean, a lot of people are familiar with those big security breaches at the retailers that became known at the end of last year - right? - after the kind of Christmas or even in the middle of the Christmas shopping season. A lot of people were just terrified that they were suddenly exposed and all their personal data was exposed. Is there something that people should know or be aware of about this?
PERLROTH: Yeah, there are definitely risks. And one of them is, say, your cloud provider goes out of business. Say they're having financial troubles and they go out of business, and they take all your data with them. Say that there is an outage - and this has actually happened several times, usually due to storms. But Amazon has a huge data warehouse in Virginia, and there's been a couple times where it's had an outage. And suddenly you saw all these services they interface with, like Instagram and Pinterest and Netflix, all suddenly have problems because so much of their businesses are dependent on Amazon's - Amazon Web Services.
So, you know, you want to make sure that whoever you're storing your data within the cloud isn't likely to go out of business tomorrow and same for security. You know, all - what we're doing now with the cloud is we're sort of aggregating so much different data from so many different services in one cloud storage provider. And so if that cloud storage provider is not handling their infrastructure correctly or is not devoting enough resources to their security or hiring the right personnel or ensuring that they're not going to go out of business anytime soon or that a storm at one of their facilities doesn't affect all of their data, then you're certainly putting your data at risk.
MARTIN: So what are some of the common sense things that you do to insulate or protect yourself from these negative consequences? We have a about a minute and a half left. Can you just give us some things that people can be doing on a commonsense basis 'cause you surely can't - you can't, you know, go and check their hiring records and say are you sure you got the right people here?
PERLROTH: Right.
MARTIN: What can you do?
PERLROTH: Right. So I am notoriously paranoid because I am a cybersecurity reporter, and we have - ourselves here at the New York Times - dealt with a breach from a foreign nation state. So I'm notoriously paranoid. So I won't put anything very crucial - I won't put any of my sources' information in my Dropbox account, for example, or on Google Drive. But I do use it for things like my photos. I will - you know, I don't just want my photos saved on my phone. I will save them to my computer, and then I'll save them to my Dropbox account so that if I lose my phone or my computer crashes, at least I can access my photos from my Dropbox account.
But for things like my Social Security number or things that, you know, if a cybercriminal got a hold of them or the NSA got a hold of them, I would be in deep trouble, I don't put that stuff in the cloud. And I would say that I'm very much on the paranoid side of the spectrum. But if you want to be very secure, I would be very careful about what you're storing where.
MARTIN: Nicole Perlroth is technology reporter for The New York Times. She covers cybersecurity issues, as she just mentioned. And she was kind enough to join us from New York City. Nicole, thanks so much for joining us.
PERLROTH: Thanks so much for having me.
MICHEL MARTIN, Host
NICOLE PERLROTH, Technology Report, NY Time, Interviewee
For many of us, data clouds like Google Drive and Dropbox have replaced clunky hard-drives and easy-to-lose USB sticks. But how secure is our data in these clouds?
MICHEL MARTIN, HOST:
Switching gears now. You're probably seeing a lot of ads for smartphones and other gadgets that a graduate might like. There are a lot out there, and they're changing all the time. And that made us think that technology is not the only thing changing quickly. There are also new ways to store information. We're no longer storing documents and photos on hard drives or USB sticks or even CDs or floppy disks, if you remember those.
Many people today rely on clouds like Google Drive or Dropbox. And these allow us to access important documents anywhere on almost any device. But we wanted to know just how secure are clouds, and what should we know before we use them? Joining us to tell us more is Nicole Perlroth. She is technology reporter for The New York Times, and she's with us now. Nicole, thanks so much for joining us.
NICOLE PERLROTH: My pleasure. Thanks for having me.
MARTIN: For people who are not familiar with the term, can you just tell us what a cloud is?
PERLROTH: So the cloud is a really nebulous term - no pun intended - for computing done remotely. So you're using the cloud if you are working off of your Google Drive and you're creating a document in Google Drive, you're working from the cloud. You are using the cloud when you do online banking. You're using the cloud when you store something in a Dropbox account. And you're even using the cloud when you're watching Netflix because Netflix outsources its data storage to Amazon's Web Services, which is a cloud-computing provider.
MARTIN: Do you even have a choice anymore about whether you use the cloud?
PERLROTH: You do have a choice, but it's getting - people are moving to the cloud at a very fast rate. So gone are the days for small companies when most of their data is stored down the hall in a computing room. A lot of small and medium-sized businesses now outsource their data storage and data security to services like Amazon and Google and Rackspace and a number of cloud providers.
And, yes, you can still store documents on your computer or on your hard drive or on a time machine, but a lot of people are now migrating to the cloud because it's cheap. It's easy to access your documents from different devices, which is very convenient. And in a lot of businesses' cases, it's cheaper for them to sort of outsource their data storage and data security to someone like Amazon than to go build out their own warehouses to store their data themselves.
MARTIN: And of course, if you lose that particular device or if it breaks, of course people are just, you know, they're stuck. They're lost. It's almost like losing that old address book. And this way you - it's automatically sort of available somewhere else.
PERLROTH: Right.
MARTIN: But is there a downside? I mean, a lot of people are familiar with those big security breaches at the retailers that became known at the end of last year - right? - after the kind of Christmas or even in the middle of the Christmas shopping season. A lot of people were just terrified that they were suddenly exposed and all their personal data was exposed. Is there something that people should know or be aware of about this?
PERLROTH: Yeah, there are definitely risks. And one of them is, say, your cloud provider goes out of business. Say they're having financial troubles and they go out of business, and they take all your data with them. Say that there is an outage - and this has actually happened several times, usually due to storms. But Amazon has a huge data warehouse in Virginia, and there's been a couple times where it's had an outage. And suddenly you saw all these services they interface with, like Instagram and Pinterest and Netflix, all suddenly have problems because so much of their businesses are dependent on Amazon's - Amazon Web Services.
So, you know, you want to make sure that whoever you're storing your data within the cloud isn't likely to go out of business tomorrow and same for security. You know, all - what we're doing now with the cloud is we're sort of aggregating so much different data from so many different services in one cloud storage provider. And so if that cloud storage provider is not handling their infrastructure correctly or is not devoting enough resources to their security or hiring the right personnel or ensuring that they're not going to go out of business anytime soon or that a storm at one of their facilities doesn't affect all of their data, then you're certainly putting your data at risk.
MARTIN: So what are some of the common sense things that you do to insulate or protect yourself from these negative consequences? We have a about a minute and a half left. Can you just give us some things that people can be doing on a commonsense basis 'cause you surely can't - you can't, you know, go and check their hiring records and say are you sure you got the right people here?
PERLROTH: Right.
MARTIN: What can you do?
PERLROTH: Right. So I am notoriously paranoid because I am a cybersecurity reporter, and we have - ourselves here at the New York Times - dealt with a breach from a foreign nation state. So I'm notoriously paranoid. So I won't put anything very crucial - I won't put any of my sources' information in my Dropbox account, for example, or on Google Drive. But I do use it for things like my photos. I will - you know, I don't just want my photos saved on my phone. I will save them to my computer, and then I'll save them to my Dropbox account so that if I lose my phone or my computer crashes, at least I can access my photos from my Dropbox account.
But for things like my Social Security number or things that, you know, if a cybercriminal got a hold of them or the NSA got a hold of them, I would be in deep trouble, I don't put that stuff in the cloud. And I would say that I'm very much on the paranoid side of the spectrum. But if you want to be very secure, I would be very careful about what you're storing where.
MARTIN: Nicole Perlroth is technology reporter for The New York Times. She covers cybersecurity issues, as she just mentioned. And she was kind enough to join us from New York City. Nicole, thanks so much for joining us.
PERLROTH: Thanks so much for having me.
Friday, May 9, 2014
Meet The Man Who Invented The Browser Tab
Joseph Bernstein | BuzzFeed
Adam Stiles recalls 'the first tab' and how he came to create the atomic unit of internet navigation.
In the summer of 1997, a 25-year-old Pasadena software developer named Adam Stiles started working on a new web browser in his spare time. On January 4 of the following year, when Stiles published SimulBrowse, the first users would have noticed a peculiar feature at the bottom of the browser window: small grey boxes, each corresponding to a different webpage, which could be toggled between by clicking.
Those boxes were the first browser tabs, the now-standard unit of internet navigation.
SimulBrowse - which Stiles would soon change to NetCaptor and run until 2005 - was the first tabbed web browser in the contemporary sense. And it wasn't an evolutionary hiccup; it was directly responsible for the incorporation of the tabbed browsing standard into Mozilla in 2002; after that, the time of the tab was nigh.
The tab has had a profound influence on the way we experience the web. Its creation has directly contributed to the internet's collective attention problem and obsession with multi-tasking. Not only has the tab changed the way humans experience and organize the internet, it has changed the vernacular. The tab has rendered the term "webpage" quaint and, in some circles, has acquired its own loaded meaning (not to mention its own newsletter) as a unit of thoroughly dispensable and or aggravating content. BuzzFeed asked Stiles, now the CTO of the mobile commerce startup Tap Theory, about his role as the Father of the Tab.
Did you have an "aha!" moment, when you realized that tabbed browsing would be a good thing to put in NetCaptor?
Adam Stiles: NetCaptor (originally SimulBrowse) was built from the beginning to be a tabbed browser. The HTML editor I was using at the time (HomeSite) had tabs, so I was used to flipping between a bunch of HTML documents. I wanted the same thing in my browser, so I built it. At first it was just an experiment to see if I could do it.
Were there any major technical challenges inherent to adding tab functionality? Can you, in layman's terms, explain the process of adding tabs to a web browser?
Technically I didn't add tabs to a web browser - I built a web browser with tabs that embedded the Microsoft HTML rendering engine on each tab. There's no way a single developer could do this part-time if Microsoft hadn’t made it easy to embed the rendering engine from their browser in other applications. I focused most of my time on the user experience and "chrome" like toolbars, menus, tabs, and didn’t have to think much about how to render HTML. Things only got really complicated when I was implementing ad blocking, popup blocking, phishing detection, etc.
Do you remember what the first two tabs were?
I have no idea which the first two tabs would have been, though I was a big Slashdot.org fan, so I wouldn't be surprised if that was one of them.
Did you have any inkling when you made the tabbed browser that the feature would become so ubiquitous?
I don't think I did. I also didn't have any idea that it would become my full-time job from 1999 to 2004, and that it would fund my next startup.
Did you have a moment when you realized that the feature you invented was in fact becoming a standard?
I don't remember a specific moment, because it took many years (1997 through 2005 or so). There were IE-shells like NetCaptor, then Mozilla/Firefox, followed by Opera, Safari and IE.
Do you see any downsides to tabbed browsing, particularly the way we use it today? Other than the obvious, how do you think tabbed browsing has changed the way we use the internet?
I think tabbed browsing gets out of control when users don't have good bookmarking systems. I have friends who end up with 50 tabs open at a time. They want to return to a given page at some later date, but don't have a good method of saving those for later or remembering to return. On mobile, that's solved reasonably well with apps like Instapaper and Pocket. But on desktop, that problem doesn't seem to be solved. Bookmarking systems can feel to heavy or permanent. And if you have been around a while, you know bookmarking apps tend to come and go (ie Delicious and Kippt).
I wonder if you feel any sense of responsibility or ownership, good or bad, about the culture of tab proliferation that you described? Do you have any personal feelings about it?
I feel entirely neutral about it. Tabbed browsers are just tools. You can use them well, or you can use them poorly. Chrome is now my favorite browser, and I have a reasonable number of tabs open. I don’t have a personal problem with tab proliferation. If I did, maybe I'd try to solve that too.
Are you aware of the use of 'tab' as a slang for a disposable unit of internet content? Like, an annoying article or piece of grist for the discussion mill?
I've never heard it used that way - but I guess it makes sense. But the idea of disposable content makes sense - people want to keep tabs open so they can remember to visit or take action later, but not to go so far as to bookmark a site. And so for many, tabs are used as ephemeral containers of pages they may need later.
Do you wish you'd gotten more credit for the creation of tabbed browsing?
If you'd asked me ten years ago, I probably would have been sad that I didn't get more credit for it, or that I didn’t make more money off the idea. But now, so many years later, I realize that if I hadn't done it, someone else would have built a tabbed browser, probably around the same time. So "tabbed browsing" is a fun part of my story, but I have no regrets.
Thursday, May 8, 2014
Will Investors Regret Target's CEO Ouster? Compare to Sears, JCP
Forbes | Adam Hartung
There was much press this week about Target's CEO and Chairman, Gregg Steinhafel, being forced out. Blame reached the top job after the successful cyber attack on Target last year. But investors, and customers, may regret this somewhat Board level over-reaction to a mounting global problem. Cyber security is a problem for every company.
Richard Clark is probably the USA's foremost authority on cyber attacks. He was on America's National Security Council, and headed the counter-terrorism section. Since leaving government he has increasingly focused on cyber attacks, and advised corporations.
In early 2013 I met Mr. Clark after hearing him speak at a National Association of Corporate Directors meeting. He was surprisingly candid in his comments at the meeting, and after. He pointed out that EVERY company in America was being randomly targeted by cyber criminals, and that EVERY company would have an intrusion. He said it was impossible to do business without working on-line, and simultaneously it was impossible to think any company - of any size - could stop an attack from successfully getting into the company. The only questions one should focus on answering were "How fast can you discover the attack? How well can you contain it? What can you learn to at least stop that from happening again?"
Target was a crime victim, as can happen to any company. So, while the Target attack was large, and not discovered as early as anyone would like, to think that Target is in some way wildly poor at security or protecting its customers is simply naive. Several other large retailers have also had attacks, include Nieman Marcus and Michael's, and it was probably bad luck that Target was the first to have such a big problem happen, and at such a bad time, than anything particularly weak about Target.
We now know that all retailers are trying to learn from this, and every corporation is raising its awareness and actions to improve cyber security. But some company will be next. Target wasn't the first, and won't be the last. Companies everywhere, working with law enforcement, are all reacting to this new form of crime. So firing the CEO, 2 months after firing the CIO (Chief Information Officer), makes for good press, but it is more symbolic than meaningful. It won’t stop the hackers.
Investors and customers have a lot to lose given Target's competitive performance. Where this decision does have great importance is to shareholders and customers. Target has been a decent company for its constituents under this CEO, and done far better than some of its competitors. The share price has doubled in the last 5 years, and Target has proven a capable competitor to Wal-Mart while other retailers have been going out of business (Filene’s Basement, Circuit City, Linens & Things, Dots, etc.) or losing all relevancy (like Abercrombie and Fitch and Best Buy.) And Target has been at least holding its own while some chains have been closing stores like crazy (Radio Shack 1,100 stores, Family Dollar 370 stores, Office Depot 400 stores, etc.)
Just compare Target's performance to JCPenney, who's CEO was fired after screwing up the business far worse than the cyber attack hurt Target. And he was a former hero running Apple's retail stores.
Or, look at Sears Holdings. CEO Ed Lampert was heralded as a hero 6 years ago, but since then the company he leads has had 28 straight quarters of declining sales, and closed 305 stores since 2010. The Kmart division has become a complete non-competitor in discounting, and Sears has lost all relevancy as a chain as it has been outflanked on all sides. CEO Lampert has constantly whittled away at the company's value, and just this week told shareholders that they can simply plan on more store closings in the future.
And vaunted Wal-Mart is undergoing a federal investigation for bribing government officials in Mexico to prop up its business. Wal-Mart is constantly under attack by its employees for shady business practices, and this year lost a National Labor Relations Board case regarding its hours and pay practices. And Wal-Mart remains a lightning rod for controversy as it fights with big cities like Chicago and Washington, DC about its ability to open stores, while Target has flourished in communities large and small with work practices considered acceptable.
Finding a good replacement for Steinhafel will not be easy. CEO's and Boards of Directors, across the nation have been seriously addressing cyber security for the last couple of years. Awareness and protective measures, are up considerable. But there will be future attacks, and some will succeed. It is unclear blaming the CEO for these problems makes any sense - unless there is egregious incompetence.
Now finding a CEO that can grow a business like Target, in a tough retail market, is not easy.
The TNS Group
How Can I protect my business?
Contact The TNS Group to determine where your network is vulnerable to attack and we will recommend the best solution for your business.
Contact TNS today!
There was much press this week about Target's CEO and Chairman, Gregg Steinhafel, being forced out. Blame reached the top job after the successful cyber attack on Target last year. But investors, and customers, may regret this somewhat Board level over-reaction to a mounting global problem. Cyber security is a problem for every company.
Richard Clark is probably the USA's foremost authority on cyber attacks. He was on America's National Security Council, and headed the counter-terrorism section. Since leaving government he has increasingly focused on cyber attacks, and advised corporations.
In early 2013 I met Mr. Clark after hearing him speak at a National Association of Corporate Directors meeting. He was surprisingly candid in his comments at the meeting, and after. He pointed out that EVERY company in America was being randomly targeted by cyber criminals, and that EVERY company would have an intrusion. He said it was impossible to do business without working on-line, and simultaneously it was impossible to think any company - of any size - could stop an attack from successfully getting into the company. The only questions one should focus on answering were "How fast can you discover the attack? How well can you contain it? What can you learn to at least stop that from happening again?"
Target was a crime victim, as can happen to any company. So, while the Target attack was large, and not discovered as early as anyone would like, to think that Target is in some way wildly poor at security or protecting its customers is simply naive. Several other large retailers have also had attacks, include Nieman Marcus and Michael's, and it was probably bad luck that Target was the first to have such a big problem happen, and at such a bad time, than anything particularly weak about Target.
We now know that all retailers are trying to learn from this, and every corporation is raising its awareness and actions to improve cyber security. But some company will be next. Target wasn't the first, and won't be the last. Companies everywhere, working with law enforcement, are all reacting to this new form of crime. So firing the CEO, 2 months after firing the CIO (Chief Information Officer), makes for good press, but it is more symbolic than meaningful. It won’t stop the hackers.
Investors and customers have a lot to lose given Target's competitive performance. Where this decision does have great importance is to shareholders and customers. Target has been a decent company for its constituents under this CEO, and done far better than some of its competitors. The share price has doubled in the last 5 years, and Target has proven a capable competitor to Wal-Mart while other retailers have been going out of business (Filene’s Basement, Circuit City, Linens & Things, Dots, etc.) or losing all relevancy (like Abercrombie and Fitch and Best Buy.) And Target has been at least holding its own while some chains have been closing stores like crazy (Radio Shack 1,100 stores, Family Dollar 370 stores, Office Depot 400 stores, etc.)
Just compare Target's performance to JCPenney, who's CEO was fired after screwing up the business far worse than the cyber attack hurt Target. And he was a former hero running Apple's retail stores.
Or, look at Sears Holdings. CEO Ed Lampert was heralded as a hero 6 years ago, but since then the company he leads has had 28 straight quarters of declining sales, and closed 305 stores since 2010. The Kmart division has become a complete non-competitor in discounting, and Sears has lost all relevancy as a chain as it has been outflanked on all sides. CEO Lampert has constantly whittled away at the company's value, and just this week told shareholders that they can simply plan on more store closings in the future.
And vaunted Wal-Mart is undergoing a federal investigation for bribing government officials in Mexico to prop up its business. Wal-Mart is constantly under attack by its employees for shady business practices, and this year lost a National Labor Relations Board case regarding its hours and pay practices. And Wal-Mart remains a lightning rod for controversy as it fights with big cities like Chicago and Washington, DC about its ability to open stores, while Target has flourished in communities large and small with work practices considered acceptable.
Finding a good replacement for Steinhafel will not be easy. CEO's and Boards of Directors, across the nation have been seriously addressing cyber security for the last couple of years. Awareness and protective measures, are up considerable. But there will be future attacks, and some will succeed. It is unclear blaming the CEO for these problems makes any sense - unless there is egregious incompetence.
Now finding a CEO that can grow a business like Target, in a tough retail market, is not easy.
The TNS Group
How Can I protect my business?
Contact The TNS Group to determine where your network is vulnerable to attack and we will recommend the best solution for your business.
Contact TNS today!
Tuesday, May 6, 2014
What To Do About Windows XP And The IE Browser Flaw
By Roger Kay | forbes.com
Last week, I noted that the timing of the discovery of a major flaw in Microsoft Internet Explorer coming, as it did, three weeks after the company formally withdrew support for Windows XP (XP), the 13-year-old operating system (OS) that still runs on an estimated 300 million PCs worldwide - would likely drive a wave of upgrades.
Today, I am laying out the choice landscape for Windows users and recommending various alternatives based on different scenarios.
For those people stuck with XP - for economic, corporate policy, or other reasons - the best thing to do is switch to another browser, either Google Chrome or Mozilla's Firefox. I personally use Chrome.
Microsoft did issue an XP patch for the flaw, primarily because it is major (conferring admin rights on enterprising hackers), its effect is widespread (affecting the approximately 55% of the browser market that uses IE on all platforms), and exploits have occurred in the wild, notably the mysteriously named Operation Clandestine Fox, which seems to be targeting defense and financial organizations to gather "broad-spectrum" intelligence.
However, no one expects Microsoft to continue nursing Windows XP for much longer. Using stupid math, 55% of 300 million (XP users who browse with IE) represents 165 million highly vulnerable systems. So, the real choice for XP/IE users is get off IE or get off XP, with the former being a free, quick fix and the latter being a better long-term solution that costs money, potentially an entirely new system.
For those who can afford it, upgrading from XP to Windows 7 (Win7) or Windows 8 (Win8) is the right move, particularly if the user wants to keep using IE. Win7 is familiar, looking and acting a lot like XP. Win8 is better for systems with touchscreens. In general, Win7 is the right choice for commercial users, while Win8 may be better for consumers.
Whatever else they decide to do, people who use IE should download the patch, which is simple enough. Use Windows Update, which can be invoked from the Control Panel if it is not set to download and install patches automatically. By now, most users should have received a notification that the new bits are available. Once in Update, check everything that says Internet Explorer on it and follow the instructions.
Some users might want to take this moment to move from XP to an entirely different platform. Doing a zero-based assessment could yield a non-Microsoft recommendation. After all, if the upgrade involves buying new hardware, it's worth looking at the entire field. For example, if an individual or company can do all right with Google Docs, a switch to a Chromebook might be a good move. Chrome OS users store their data and do most of their computing in the cloud. Alternatively, Apple's ecosystem holds appeal for many, particularly consumers. Mac OS is robust, and Safari has not been plagued by the level of intrusion visited upon IE.
At this point, it is worth noting that all browsers are vulnerable, and that the main reason IE has been targeted more often is that most of the valuable data moving around the Internet is still coming from Windows systems with IE. That having been said, developers who work in all environments have noted that IE is more complex and brittle than other browsers, creating plenty of opportunities for exploiters.
To summarize, then, first off, install the patch; second, get off XP if possible; if not, get off IE; finally, while contemplating an upgrade, look at all the alternatives.
Last week, I noted that the timing of the discovery of a major flaw in Microsoft Internet Explorer coming, as it did, three weeks after the company formally withdrew support for Windows XP (XP), the 13-year-old operating system (OS) that still runs on an estimated 300 million PCs worldwide - would likely drive a wave of upgrades.
Today, I am laying out the choice landscape for Windows users and recommending various alternatives based on different scenarios.
For those people stuck with XP - for economic, corporate policy, or other reasons - the best thing to do is switch to another browser, either Google Chrome or Mozilla's Firefox. I personally use Chrome.
Microsoft did issue an XP patch for the flaw, primarily because it is major (conferring admin rights on enterprising hackers), its effect is widespread (affecting the approximately 55% of the browser market that uses IE on all platforms), and exploits have occurred in the wild, notably the mysteriously named Operation Clandestine Fox, which seems to be targeting defense and financial organizations to gather "broad-spectrum" intelligence.
However, no one expects Microsoft to continue nursing Windows XP for much longer. Using stupid math, 55% of 300 million (XP users who browse with IE) represents 165 million highly vulnerable systems. So, the real choice for XP/IE users is get off IE or get off XP, with the former being a free, quick fix and the latter being a better long-term solution that costs money, potentially an entirely new system.
For those who can afford it, upgrading from XP to Windows 7 (Win7) or Windows 8 (Win8) is the right move, particularly if the user wants to keep using IE. Win7 is familiar, looking and acting a lot like XP. Win8 is better for systems with touchscreens. In general, Win7 is the right choice for commercial users, while Win8 may be better for consumers.
Whatever else they decide to do, people who use IE should download the patch, which is simple enough. Use Windows Update, which can be invoked from the Control Panel if it is not set to download and install patches automatically. By now, most users should have received a notification that the new bits are available. Once in Update, check everything that says Internet Explorer on it and follow the instructions.
Some users might want to take this moment to move from XP to an entirely different platform. Doing a zero-based assessment could yield a non-Microsoft recommendation. After all, if the upgrade involves buying new hardware, it's worth looking at the entire field. For example, if an individual or company can do all right with Google Docs, a switch to a Chromebook might be a good move. Chrome OS users store their data and do most of their computing in the cloud. Alternatively, Apple's ecosystem holds appeal for many, particularly consumers. Mac OS is robust, and Safari has not been plagued by the level of intrusion visited upon IE.
At this point, it is worth noting that all browsers are vulnerable, and that the main reason IE has been targeted more often is that most of the valuable data moving around the Internet is still coming from Windows systems with IE. That having been said, developers who work in all environments have noted that IE is more complex and brittle than other browsers, creating plenty of opportunities for exploiters.
To summarize, then, first off, install the patch; second, get off XP if possible; if not, get off IE; finally, while contemplating an upgrade, look at all the alternatives.
Tuesday, April 1, 2014
ATM malware, controlled by a text message, spews cash
The malware can cause a cash machine to start churning out bills
By Jeremy Kirk, IDG News Service
networkworld.com
IDG News Service - A group of enterprising cybercriminals have figured out how to get cash from a certain type of ATM -- by text message.
The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.
The malware is engineered to plunder a certain type of standalone ATM, which Symantec has not identified. The company obtained one of the ATMs to carry out a test of how Ploutus works, but it doesn't show a brand name.
Ploutus isn't the easiest piece of malware to install, as cybercriminals need to have access to the machine. That's probably why cybercriminals are targeting standalone ATMs, as it is easy to get access to all parts of the machine.
Early versions of Ploutus allowed it to be controlled via the numerical interface on an ATM or by an attached keyboard. But the latest version shows a remarkable new development: it is now controllable remotely via text message.
In this variation, the attackers manage to open up an ATM and attach a mobile phone, which acts as a controller, to a USB port inside the machine. The ATM also has to be infected with Ploutus.
"When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable," wrote Daniel Regalado, a Symantec malware analyst, in a blog post on Monday.
Ploutus has a network packet monitor that watches all traffic coming into the ATM, he wrote. When it detects a valid TCP or UDP packet from the phone, the module searches "for the number "5449610000583686 at a specific offset within the packet in order to process the whole package of data," he wrote.
It then reads the next 16 digits and uses that to generate a command line to control Ploutus.
So, why do this? Regalado wrote that it is more discrete and works nearly instantly. The past version of Ploutus required someone to either use a keyboard or enter a sequences of digits into the ATM keypad to fire up Ploutus. Both of those methods increase the amount of time someone spends in front of the machine, increasing the risk of detection.
Now, the ATM can be remotely triggered to dispense cash, allowing a "money mule," or someone hired to do the risky job of stopping by to pick up the cash, to swiftly grab their gains. It also deprives the money mule of information that could allow them to skim some cash off the top, Regalado wrote.
"The master criminal knows exactly how much the money mule will be getting," he wrote.
Symantec warned that about 95 percent of ATMs are still running Windows XP, Microsoft's 13-year-old OS. Microsoft is ending regular support for Windows XP on April 8, but is offering extended support for Windows XP embedded systems, used for point-of-sale devices and ATMs, through January 2016.
Still, Symantec warned that "the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet."
The IDG News Service is a Network World affiliate.
By Jeremy Kirk, IDG News Service
networkworld.com
IDG News Service - A group of enterprising cybercriminals have figured out how to get cash from a certain type of ATM -- by text message.
The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.
The malware is engineered to plunder a certain type of standalone ATM, which Symantec has not identified. The company obtained one of the ATMs to carry out a test of how Ploutus works, but it doesn't show a brand name.
Ploutus isn't the easiest piece of malware to install, as cybercriminals need to have access to the machine. That's probably why cybercriminals are targeting standalone ATMs, as it is easy to get access to all parts of the machine.
Early versions of Ploutus allowed it to be controlled via the numerical interface on an ATM or by an attached keyboard. But the latest version shows a remarkable new development: it is now controllable remotely via text message.
In this variation, the attackers manage to open up an ATM and attach a mobile phone, which acts as a controller, to a USB port inside the machine. The ATM also has to be infected with Ploutus.
"When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable," wrote Daniel Regalado, a Symantec malware analyst, in a blog post on Monday.
Ploutus has a network packet monitor that watches all traffic coming into the ATM, he wrote. When it detects a valid TCP or UDP packet from the phone, the module searches "for the number "5449610000583686 at a specific offset within the packet in order to process the whole package of data," he wrote.
It then reads the next 16 digits and uses that to generate a command line to control Ploutus.
So, why do this? Regalado wrote that it is more discrete and works nearly instantly. The past version of Ploutus required someone to either use a keyboard or enter a sequences of digits into the ATM keypad to fire up Ploutus. Both of those methods increase the amount of time someone spends in front of the machine, increasing the risk of detection.
Now, the ATM can be remotely triggered to dispense cash, allowing a "money mule," or someone hired to do the risky job of stopping by to pick up the cash, to swiftly grab their gains. It also deprives the money mule of information that could allow them to skim some cash off the top, Regalado wrote.
"The master criminal knows exactly how much the money mule will be getting," he wrote.
Symantec warned that about 95 percent of ATMs are still running Windows XP, Microsoft's 13-year-old OS. Microsoft is ending regular support for Windows XP on April 8, but is offering extended support for Windows XP embedded systems, used for point-of-sale devices and ATMs, through January 2016.
Still, Symantec warned that "the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet."
The IDG News Service is a Network World affiliate.
Tuesday, March 25, 2014
Google Encrypts All Gmail Connections
by Dennis Fisher | Threatpost.com
Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections.
The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure. This makes life much more difficult for anyone-including the NSA-who is trying to snoop on those Gmail sessions.
"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers-no matter if you are using public WiFi or logging in from your computer, phone or tablet," Nicolas Lidzborski, Gmail Security Engineering Lead, wrote in a blog post.
"In addition, every single email message you send or receive-100 percent of them-is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers-something we made a top priority after last summer's revelations."
Google was in the process of encrypting the links between its data centers last year before the news broke that the NSA had the ability to tap those links and gather email messages and other data. That revelation enraged Google security engineers, and the company accelerated its plans to encrypt the links between data centers.
Gmail users have had the option to enable HTTPS only as the default connection option for more than four years. But the typical user may not have known that option was available. Now, users don't need to think about it; they're connections to Gmail will always be encrypted by default.
Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections.
The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure. This makes life much more difficult for anyone-including the NSA-who is trying to snoop on those Gmail sessions.
"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers-no matter if you are using public WiFi or logging in from your computer, phone or tablet," Nicolas Lidzborski, Gmail Security Engineering Lead, wrote in a blog post.
"In addition, every single email message you send or receive-100 percent of them-is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers-something we made a top priority after last summer's revelations."
Google was in the process of encrypting the links between its data centers last year before the news broke that the NSA had the ability to tap those links and gather email messages and other data. That revelation enraged Google security engineers, and the company accelerated its plans to encrypt the links between data centers.
Gmail users have had the option to enable HTTPS only as the default connection option for more than four years. But the typical user may not have known that option was available. Now, users don't need to think about it; they're connections to Gmail will always be encrypted by default.
Tuesday, March 11, 2014
XP End of Life is Coming...Is Your Business Prepared?
Microsoft is about to take Windows XP off Life Support
By Adrian Covert NEW YORK (CNNMoney)
On April 8, Windows XP's life is coming to an end. On that day, Microsoft will stop issuing security updates to the 12-year-old operating system, and it will end nearly all technical support as well.
You wouldn't think that killing off an operating system that debuted in the first year of the Bush administration would ruffle too many feathers. But an amazing 29% of computers across the globe are still running Windows XP, according to NetMarketShare. That makes it the world's second most widely used operating system, just behind Windows 7.
Microsoft's plan to end support for XP doesn't mean that a third of the world's PCs will just stop functioning on April 8. But there are some very real consequences of continuing to use the operating system.
After April 8, Windows XP computers will be more susceptible to malware and viruses beginning, since Microsoft will no longer address major holes in the software. Although antivirus software will continue to fend off some malicious attacks, Microsoft's security updates provide an essential line of defense.
For Windows XP users, the best course of action is to bite the bullet and buy a copy of Windows 8. The problem is that most older computers won't be able to upgrade to Windows 8. Many of those consumers will have to buy a new PC. Microsoft has an upgrade assistant allows people to determine whether their computers are compatible with the latest version of Windows.
For those who are able to upgrade but aren't ready to make the jump to the fully redesigned Windows 8, Windows 7 is an option. It's still on sale, offers a more familiar PC experience and will be supported until 2020.
The Windows XP impact will be felt more by companies than by consumers. Forrester Research estimates that 20% of North American and European corporate computers are still running Windows XP. But that will soon change: Forrester forecasts that only 6% of those companies' PCs will be running Windows XP by April.
That remaining 6% will predominately be small and medium-sized companies and government agencies, where budget restraints may pose a problem, according to Scott Dowling, a Microsoft software consultant for En Pointe Technologies. The vast majority of large Western businesses have already upgraded to Windows 7 or Windows 8, but small businesses have been slower at catching up.
In China, however, XP-related problems will likely be much more pronounced. About three-quarters of Chinese PCs are running XP, according to NetMarketShare.
Thousands of ATMs will also potentially be exposed after Microsoft ends Windows XP's life support. A recent Bloomberg Businessweek story revealed that 95% of ATMs in the US are still running Windows XP, and only about 15% of them will be upgraded before April 8.
ATMs have already proven vulnerable to malware attacks, and without Microsoft around to patch things up, it's going to be a slow, costly endeavor for ATM companies to get their machines updated or replaced. (It's worth noting that Microsoft has been warning them of this deadline for years.)
So why is Microsoft killing off Windows XP? The operating system has lasted far longer than Windows versions of the past, and patching the ancient-by-tech-standards OS is exhausting valuable Microsoft resources. Microsoft has pushed back the death date of XP for several years after initially planning to kill it off by 2010.
To soften the blow for its corporate and ATM customers, Microsoft will sell custom support that will allow companies to receive additional security patches. But Dowling have heard reports from customers that the cost of custom support is prohibitive.
For the rest of the world, it's time to get updating.
The TNS Group
What Other Options are Available for my Business?
Get current with Windows and Office and protect the operations and security of your business. This means updating your current system. Contact The TNS Group to learn how to eliminate risk and keep your business running efficiently.
Contact TNS today!
By Adrian Covert NEW YORK (CNNMoney)
On April 8, Windows XP's life is coming to an end. On that day, Microsoft will stop issuing security updates to the 12-year-old operating system, and it will end nearly all technical support as well.
You wouldn't think that killing off an operating system that debuted in the first year of the Bush administration would ruffle too many feathers. But an amazing 29% of computers across the globe are still running Windows XP, according to NetMarketShare. That makes it the world's second most widely used operating system, just behind Windows 7.
Microsoft's plan to end support for XP doesn't mean that a third of the world's PCs will just stop functioning on April 8. But there are some very real consequences of continuing to use the operating system.
After April 8, Windows XP computers will be more susceptible to malware and viruses beginning, since Microsoft will no longer address major holes in the software. Although antivirus software will continue to fend off some malicious attacks, Microsoft's security updates provide an essential line of defense.
For Windows XP users, the best course of action is to bite the bullet and buy a copy of Windows 8. The problem is that most older computers won't be able to upgrade to Windows 8. Many of those consumers will have to buy a new PC. Microsoft has an upgrade assistant allows people to determine whether their computers are compatible with the latest version of Windows.
For those who are able to upgrade but aren't ready to make the jump to the fully redesigned Windows 8, Windows 7 is an option. It's still on sale, offers a more familiar PC experience and will be supported until 2020.
The Windows XP impact will be felt more by companies than by consumers. Forrester Research estimates that 20% of North American and European corporate computers are still running Windows XP. But that will soon change: Forrester forecasts that only 6% of those companies' PCs will be running Windows XP by April.
That remaining 6% will predominately be small and medium-sized companies and government agencies, where budget restraints may pose a problem, according to Scott Dowling, a Microsoft software consultant for En Pointe Technologies. The vast majority of large Western businesses have already upgraded to Windows 7 or Windows 8, but small businesses have been slower at catching up.
In China, however, XP-related problems will likely be much more pronounced. About three-quarters of Chinese PCs are running XP, according to NetMarketShare.
Thousands of ATMs will also potentially be exposed after Microsoft ends Windows XP's life support. A recent Bloomberg Businessweek story revealed that 95% of ATMs in the US are still running Windows XP, and only about 15% of them will be upgraded before April 8.
ATMs have already proven vulnerable to malware attacks, and without Microsoft around to patch things up, it's going to be a slow, costly endeavor for ATM companies to get their machines updated or replaced. (It's worth noting that Microsoft has been warning them of this deadline for years.)
So why is Microsoft killing off Windows XP? The operating system has lasted far longer than Windows versions of the past, and patching the ancient-by-tech-standards OS is exhausting valuable Microsoft resources. Microsoft has pushed back the death date of XP for several years after initially planning to kill it off by 2010.
To soften the blow for its corporate and ATM customers, Microsoft will sell custom support that will allow companies to receive additional security patches. But Dowling have heard reports from customers that the cost of custom support is prohibitive.
For the rest of the world, it's time to get updating.
The TNS Group
What Other Options are Available for my Business?
Get current with Windows and Office and protect the operations and security of your business. This means updating your current system. Contact The TNS Group to learn how to eliminate risk and keep your business running efficiently.
Contact TNS today!
Thursday, March 6, 2014
How Technology Stole the Show at the Oscars
news.com.au March 14, 2014
Technology managed to weave itself into the storyline of the Oscars this year Oscars awards and became a star in the process.
THE 2014 Oscars was not only about awards, A-list movie stars, glamorous dresses and lots of shiny teeth. This year we saw technology steal the show.
If you did not notice, the integration of technology into this year's star-studded bash was as subtle as Leonardo Di Caprio performing a cameo in an am-dram play. But Hollywood does not do subtle. Despite a selfie being as much a talking point as the winning movies and actors, in many ways technology gave the night that little bit more dazzle.
From the first moments the movie stars hit the red carpet there was a 360-degree camera called Fashion Turn waiting for them to snap what they were wearing and instantly upload to Vine, the video clip sharing app on Twitter.
There was a mini cam (or, Mani Cam) for stars to show off their manicures and then there was blimp cam. This was a controlled, hovering craft fitted with a camera to give the worldwide audience a view of the red carpet.
If only the television network followed in the technological footsteps of cricket and brought out a heat-sensing camera too, then we really would have seen who was nervous.
A panel of presenters from entertainment channel E! were sat behind a perfectly-placed array of Samsung Galaxy tablets where Kelly Osbourne conveniently claimed her dad (Ozzy) was crazy about Samsung and only has Samsung stuff in their house. Hmm, really?
We seem to recall an episode of the Osbournes reality show where he could not even operate a kitchen drawer.
The tech-laden coverage continued as Oscar reporters haranguing stars as they filtered in constantly spoke of the multi-cast app and website so those not near a TV could watch the live event.
But the tech did not stop outside. It played a starring role in the whole awards show.
In years past we would have seen Billy Crystal stand at the pulpit, crack a few one-liners, shimmy out a segue and introduce people to the stage. With Ellen DeGeneres being this MC this year, she was interactive and slinging social media.
Throughout her hosting she constantly paraded around a bright white Samsung Galaxy Note 3, snapping selfies with stars as they sat. Then, with the now-very-obvious handset, she took a superstar selfie with Bradley Cooper, Meryl Streep, Brad Pit, Angelina Jolie, and Jennifer Lawrence. So many famous faces they could not all fit in. Ellen wanted to break the world record for the most retweets ever and when she uploaded it, it took the site down from the amount of people logging on to see it.
Needless to say she made history with the tweet and amassed more than two million retweets within hours, eclipsing the previous record holder, which as President Obama's victory speech image.
Cue the internet and within minutes there were memes-a-plenty of this selfie. Nicholas Cage faces Grumpy Cat, sports stars and awkward references to the failed Liza Minnelli photobomb attempt. We became so preoccupied with the flood of internet funnies we almost forgot about the show still going.
So social media was a star turn, but the award-winning movies themselves also waved the flag for technology.
Gravity is one of the biggest, most award-heavy movies this year. Its depiction of Sandra Bullock's survival against a space catastrophe was made doable thanks to the incredible CGI effects, which is why it took home the gong for best visual effects.
NASA was so excited about the inevitable flood of awards it posted 'real-life' Gravity-style pictures from the International Space Station on its Twitter feed throughout the day.
The award for best original screenplay went to Spike Jonze for Her - a story about a man falling in love with his operating system, which highlighted the assimilation human and machines could face in the future.
Google is just one tech company currently working on making the computing experience for humans and with the likes of the mobile phone personal assistant Siri and wearable tech slowly advancing onto our bodies, it's too far-fetched. Especially if it's voiced by Scarlett Johansson.
We've got another year to see how the tech stakes can be raised for the next Oscar awards.
Technology managed to weave itself into the storyline of the Oscars this year Oscars awards and became a star in the process.
THE 2014 Oscars was not only about awards, A-list movie stars, glamorous dresses and lots of shiny teeth. This year we saw technology steal the show.
If you did not notice, the integration of technology into this year's star-studded bash was as subtle as Leonardo Di Caprio performing a cameo in an am-dram play. But Hollywood does not do subtle. Despite a selfie being as much a talking point as the winning movies and actors, in many ways technology gave the night that little bit more dazzle.
From the first moments the movie stars hit the red carpet there was a 360-degree camera called Fashion Turn waiting for them to snap what they were wearing and instantly upload to Vine, the video clip sharing app on Twitter.
There was a mini cam (or, Mani Cam) for stars to show off their manicures and then there was blimp cam. This was a controlled, hovering craft fitted with a camera to give the worldwide audience a view of the red carpet.
If only the television network followed in the technological footsteps of cricket and brought out a heat-sensing camera too, then we really would have seen who was nervous.
A panel of presenters from entertainment channel E! were sat behind a perfectly-placed array of Samsung Galaxy tablets where Kelly Osbourne conveniently claimed her dad (Ozzy) was crazy about Samsung and only has Samsung stuff in their house. Hmm, really?
We seem to recall an episode of the Osbournes reality show where he could not even operate a kitchen drawer.
The tech-laden coverage continued as Oscar reporters haranguing stars as they filtered in constantly spoke of the multi-cast app and website so those not near a TV could watch the live event.
But the tech did not stop outside. It played a starring role in the whole awards show.
In years past we would have seen Billy Crystal stand at the pulpit, crack a few one-liners, shimmy out a segue and introduce people to the stage. With Ellen DeGeneres being this MC this year, she was interactive and slinging social media.
Throughout her hosting she constantly paraded around a bright white Samsung Galaxy Note 3, snapping selfies with stars as they sat. Then, with the now-very-obvious handset, she took a superstar selfie with Bradley Cooper, Meryl Streep, Brad Pit, Angelina Jolie, and Jennifer Lawrence. So many famous faces they could not all fit in. Ellen wanted to break the world record for the most retweets ever and when she uploaded it, it took the site down from the amount of people logging on to see it.
Needless to say she made history with the tweet and amassed more than two million retweets within hours, eclipsing the previous record holder, which as President Obama's victory speech image.
Cue the internet and within minutes there were memes-a-plenty of this selfie. Nicholas Cage faces Grumpy Cat, sports stars and awkward references to the failed Liza Minnelli photobomb attempt. We became so preoccupied with the flood of internet funnies we almost forgot about the show still going.
So social media was a star turn, but the award-winning movies themselves also waved the flag for technology.
Gravity is one of the biggest, most award-heavy movies this year. Its depiction of Sandra Bullock's survival against a space catastrophe was made doable thanks to the incredible CGI effects, which is why it took home the gong for best visual effects.
NASA was so excited about the inevitable flood of awards it posted 'real-life' Gravity-style pictures from the International Space Station on its Twitter feed throughout the day.
The award for best original screenplay went to Spike Jonze for Her - a story about a man falling in love with his operating system, which highlighted the assimilation human and machines could face in the future.
Google is just one tech company currently working on making the computing experience for humans and with the likes of the mobile phone personal assistant Siri and wearable tech slowly advancing onto our bodies, it's too far-fetched. Especially if it's voiced by Scarlett Johansson.
We've got another year to see how the tech stakes can be raised for the next Oscar awards.
Thursday, February 6, 2014
When Identity Theft Hits Home
By Molly Wood | The New York Times Bits Blog
When I first heard about the extensive Target hack in December, I sighed in mild irritation. Sure, the breach’s size and scope was shocking, but these things have become so common I just assumed I’d receive a new card in the mail and that would be the end of it.
It wouldn’t be the first time. I’ll sometimes mysteriously get a new card in the mail with a note saying it was replaced because of an unnamed security issue. Once, in Barcelona, I discovered my primary card had been frozen because of a security breach at a retailer — that was panic-inducing. Still, the biggest aggravation was logging into all my auto-pay sites like Amazon to update the card number (and memorizing the new one, which I like to do).
I expected a repeat after Target was hacked.
But it was a lot worse. I did get a new credit card in the mail — a replacement for the card I’d used at Target. I also received a letter from Sears, letting me know I’d been rejected for a new store card because of, among other things, “too many requests for credit.” Then, in the same batch of mail, I opened a letter from Best Buy, which said I’d been turned down for its top-tier store card, but approved for a lower-level version.
That is when I started to panic.
I called the fraud department at Best Buy and employees there assured me they had already marked the account as fraudulent. I immediately filed for a security alert with the three big credit bureaus, and I also filed an online police report. (This can sometimes be helpful if you’re trying to convince a retailer that fraud is afoot.) Over the next week, while I was out of town, I also received a store card from Kohl’s, one from Frye’s electronics and the one from Best Buy.
More worryingly, I also got a bill from a Macy’s store card account in my name, for $1,114.39. Apparently I bought $1,223 worth of “fine watches” at a Macy’s in Glendale, Ariz., but I received a discount of $109 for opening the account. Sounds like a pretty nice watch (or three).
Now, I’m not certain this sudden outbreak of identity theft is directly tied to the breach at Target, but the timing is suspect. I signed up for the credit and identity theft protection service that Target is offering, and after a few hops through low-level support, I was assigned a case number and a fraud resolution agent who will apparently call all these creditors on my behalf and conference me in.
The service promises to close the fraudulent accounts and get the credit requests and the accounts off my record.
I hope that is true. But even if the mess is easily cleared up, this is almost certainly not the last time such a thing will happen, especially now that my credit-worthy identity is up for sale out in the world. Make no mistake: yours probably is, too.
In December, the security researcher Brian Krebs identified a Ukrainian man who may be helping sell credit and debit card numbers for up to $100 each — all the more reason to simply cancel any debit card that was implicated in a security breach instead of waiting and hoping for the best. Card numbers are bundled in bunches and sold for pennies to criminals who simply go down the line, trying numbers until they work.
Those are just the card numbers; plenty more than that is for sale. A GigaOm post in August quoted security researchers who said thieves could spend $4 to $5 for a complete ID package that included a credit card number, its expiration date, your social security number, and your mother’s maiden name. That is almost everything you need to walk into a Macy’s and open up a store card and have a fun afternoon in the fine watches department.
Financial institutions have become better at identifying fraud and stopping major damage before it occurs, but large-scale security breaches are becoming more common all the time. Target’s hackers roamed around the databases for a month before they were detected, stealing personal information, card numbers and even encrypted PIN data. The current tally of affected customers is up to 110 million users.
And just since Target’s very bad month, Neiman Marcus has confirmed that its records were also breached, possibly by the same malware, and it has lost at least 1.1 million records (that apparently went undetected from July to December). The arts and crafts chain Michaels was also hit.
Yahoo was compromised. Bright Horizons childcare suffered an intrusion, and White Lodging, which manages some 168 Starwood, Marriott, and Hilton hotels in 21 states, is also investigating what is almost certain to be a large-scale hoovering of personal data.
One can assume those are just a few of the breaches happening at any given time. Target is paying for full-scale credit monitoring for 110 million people, Citibank is issuing new debit cards to to all customers, and millions of people like me are wasting valuable time on the phone trying to sort out messes.
I, for one, hope this is a tipping point in retail security. In the meantime, if you’ll excuse me, I’ve got some mopping up to do.
When I first heard about the extensive Target hack in December, I sighed in mild irritation. Sure, the breach’s size and scope was shocking, but these things have become so common I just assumed I’d receive a new card in the mail and that would be the end of it.
It wouldn’t be the first time. I’ll sometimes mysteriously get a new card in the mail with a note saying it was replaced because of an unnamed security issue. Once, in Barcelona, I discovered my primary card had been frozen because of a security breach at a retailer — that was panic-inducing. Still, the biggest aggravation was logging into all my auto-pay sites like Amazon to update the card number (and memorizing the new one, which I like to do).
I expected a repeat after Target was hacked.
But it was a lot worse. I did get a new credit card in the mail — a replacement for the card I’d used at Target. I also received a letter from Sears, letting me know I’d been rejected for a new store card because of, among other things, “too many requests for credit.” Then, in the same batch of mail, I opened a letter from Best Buy, which said I’d been turned down for its top-tier store card, but approved for a lower-level version.
That is when I started to panic.
I called the fraud department at Best Buy and employees there assured me they had already marked the account as fraudulent. I immediately filed for a security alert with the three big credit bureaus, and I also filed an online police report. (This can sometimes be helpful if you’re trying to convince a retailer that fraud is afoot.) Over the next week, while I was out of town, I also received a store card from Kohl’s, one from Frye’s electronics and the one from Best Buy.
More worryingly, I also got a bill from a Macy’s store card account in my name, for $1,114.39. Apparently I bought $1,223 worth of “fine watches” at a Macy’s in Glendale, Ariz., but I received a discount of $109 for opening the account. Sounds like a pretty nice watch (or three).
Now, I’m not certain this sudden outbreak of identity theft is directly tied to the breach at Target, but the timing is suspect. I signed up for the credit and identity theft protection service that Target is offering, and after a few hops through low-level support, I was assigned a case number and a fraud resolution agent who will apparently call all these creditors on my behalf and conference me in.
The service promises to close the fraudulent accounts and get the credit requests and the accounts off my record.
I hope that is true. But even if the mess is easily cleared up, this is almost certainly not the last time such a thing will happen, especially now that my credit-worthy identity is up for sale out in the world. Make no mistake: yours probably is, too.
In December, the security researcher Brian Krebs identified a Ukrainian man who may be helping sell credit and debit card numbers for up to $100 each — all the more reason to simply cancel any debit card that was implicated in a security breach instead of waiting and hoping for the best. Card numbers are bundled in bunches and sold for pennies to criminals who simply go down the line, trying numbers until they work.
Those are just the card numbers; plenty more than that is for sale. A GigaOm post in August quoted security researchers who said thieves could spend $4 to $5 for a complete ID package that included a credit card number, its expiration date, your social security number, and your mother’s maiden name. That is almost everything you need to walk into a Macy’s and open up a store card and have a fun afternoon in the fine watches department.
Financial institutions have become better at identifying fraud and stopping major damage before it occurs, but large-scale security breaches are becoming more common all the time. Target’s hackers roamed around the databases for a month before they were detected, stealing personal information, card numbers and even encrypted PIN data. The current tally of affected customers is up to 110 million users.
And just since Target’s very bad month, Neiman Marcus has confirmed that its records were also breached, possibly by the same malware, and it has lost at least 1.1 million records (that apparently went undetected from July to December). The arts and crafts chain Michaels was also hit.
Yahoo was compromised. Bright Horizons childcare suffered an intrusion, and White Lodging, which manages some 168 Starwood, Marriott, and Hilton hotels in 21 states, is also investigating what is almost certain to be a large-scale hoovering of personal data.
One can assume those are just a few of the breaches happening at any given time. Target is paying for full-scale credit monitoring for 110 million people, Citibank is issuing new debit cards to to all customers, and millions of people like me are wasting valuable time on the phone trying to sort out messes.
I, for one, hope this is a tipping point in retail security. In the meantime, if you’ll excuse me, I’ve got some mopping up to do.
Monday, January 20, 2014
The 25 most popular passwords of 2013 prove people are just as naive as ever
By: Shawn Knight | TechSpot
You would think that with all of the newfound attention that online privacy generated over the course of 2013, people would perhaps rethink some of their mundane password choices to better lock down their online accounts. Think again. A list of the top 25 most common passwords of last year proves we're just as naive as ever.
The list from SplashData was compiled from millions of stolen passwords last year that were ultimately made public. The list was heavily influenced by the massive Adobe breach in October which explains some of the newcomers and for the first time ever, "password" was dethroned as the most common password ... by "123456."
Without further ado, we present the top 25 most common passwords of 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
In addition to "adobe123" and "photoshop" security experts believe that "123456" and "123456789" were also top choices among Adobe users. As SplashData CEO Morgan Slain reminds us, the fact that "adobe123" and "photoshop" are on the list at all should be a good reminder that basing your password on the name of the website or application you are accessing is not exactly a bright idea.
You would think that with all of the newfound attention that online privacy generated over the course of 2013, people would perhaps rethink some of their mundane password choices to better lock down their online accounts. Think again. A list of the top 25 most common passwords of last year proves we're just as naive as ever.
The list from SplashData was compiled from millions of stolen passwords last year that were ultimately made public. The list was heavily influenced by the massive Adobe breach in October which explains some of the newcomers and for the first time ever, "password" was dethroned as the most common password ... by "123456."
Without further ado, we present the top 25 most common passwords of 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
In addition to "adobe123" and "photoshop" security experts believe that "123456" and "123456789" were also top choices among Adobe users. As SplashData CEO Morgan Slain reminds us, the fact that "adobe123" and "photoshop" are on the list at all should be a good reminder that basing your password on the name of the website or application you are accessing is not exactly a bright idea.
Thursday, January 16, 2014
2 Million Passwords For Facebook, Yahoo, Google, Twitter Stolen
By Amy Lee | CruxialCIO
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Subscribe to:
Posts (Atom)