By Molly Wood | The New York Times Bits Blog
When I first heard about the extensive Target hack in December, I sighed in mild irritation. Sure, the breach’s size and scope was shocking, but these things have become so common I just assumed I’d receive a new card in the mail and that would be the end of it.
It wouldn’t be the first time. I’ll sometimes mysteriously get a new card in the mail with a note saying it was replaced because of an unnamed security issue. Once, in Barcelona, I discovered my primary card had been frozen because of a security breach at a retailer — that was panic-inducing. Still, the biggest aggravation was logging into all my auto-pay sites like Amazon to update the card number (and memorizing the new one, which I like to do).
I expected a repeat after Target was hacked.
But it was a lot worse. I did get a new credit card in the mail — a replacement for the card I’d used at Target. I also received a letter from Sears, letting me know I’d been rejected for a new store card because of, among other things, “too many requests for credit.” Then, in the same batch of mail, I opened a letter from Best Buy, which said I’d been turned down for its top-tier store card, but approved for a lower-level version.
That is when I started to panic.
I called the fraud department at Best Buy and employees there assured me they had already marked the account as fraudulent. I immediately filed for a security alert with the three big credit bureaus, and I also filed an online police report. (This can sometimes be helpful if you’re trying to convince a retailer that fraud is afoot.) Over the next week, while I was out of town, I also received a store card from Kohl’s, one from Frye’s electronics and the one from Best Buy.
More worryingly, I also got a bill from a Macy’s store card account in my name, for $1,114.39. Apparently I bought $1,223 worth of “fine watches” at a Macy’s in Glendale, Ariz., but I received a discount of $109 for opening the account. Sounds like a pretty nice watch (or three).
Now, I’m not certain this sudden outbreak of identity theft is directly tied to the breach at Target, but the timing is suspect. I signed up for the credit and identity theft protection service that Target is offering, and after a few hops through low-level support, I was assigned a case number and a fraud resolution agent who will apparently call all these creditors on my behalf and conference me in.
The service promises to close the fraudulent accounts and get the credit requests and the accounts off my record.
I hope that is true. But even if the mess is easily cleared up, this is almost certainly not the last time such a thing will happen, especially now that my credit-worthy identity is up for sale out in the world. Make no mistake: yours probably is, too.
In December, the security researcher Brian Krebs identified a Ukrainian man who may be helping sell credit and debit card numbers for up to $100 each — all the more reason to simply cancel any debit card that was implicated in a security breach instead of waiting and hoping for the best. Card numbers are bundled in bunches and sold for pennies to criminals who simply go down the line, trying numbers until they work.
Those are just the card numbers; plenty more than that is for sale. A GigaOm post in August quoted security researchers who said thieves could spend $4 to $5 for a complete ID package that included a credit card number, its expiration date, your social security number, and your mother’s maiden name. That is almost everything you need to walk into a Macy’s and open up a store card and have a fun afternoon in the fine watches department.
Financial institutions have become better at identifying fraud and stopping major damage before it occurs, but large-scale security breaches are becoming more common all the time. Target’s hackers roamed around the databases for a month before they were detected, stealing personal information, card numbers and even encrypted PIN data. The current tally of affected customers is up to 110 million users.
And just since Target’s very bad month, Neiman Marcus has confirmed that its records were also breached, possibly by the same malware, and it has lost at least 1.1 million records (that apparently went undetected from July to December). The arts and crafts chain Michaels was also hit.
Yahoo was compromised. Bright Horizons childcare suffered an intrusion, and White Lodging, which manages some 168 Starwood, Marriott, and Hilton hotels in 21 states, is also investigating what is almost certain to be a large-scale hoovering of personal data.
One can assume those are just a few of the breaches happening at any given time. Target is paying for full-scale credit monitoring for 110 million people, Citibank is issuing new debit cards to to all customers, and millions of people like me are wasting valuable time on the phone trying to sort out messes.
I, for one, hope this is a tipping point in retail security. In the meantime, if you’ll excuse me, I’ve got some mopping up to do.
The TNS Group is a leading technology services company located in Stamford, CT committed to delivering IT innovation and excellence!
Thursday, February 6, 2014
Monday, January 20, 2014
The 25 most popular passwords of 2013 prove people are just as naive as ever
By: Shawn Knight | TechSpot
You would think that with all of the newfound attention that online privacy generated over the course of 2013, people would perhaps rethink some of their mundane password choices to better lock down their online accounts. Think again. A list of the top 25 most common passwords of last year proves we're just as naive as ever.
The list from SplashData was compiled from millions of stolen passwords last year that were ultimately made public. The list was heavily influenced by the massive Adobe breach in October which explains some of the newcomers and for the first time ever, "password" was dethroned as the most common password ... by "123456."
Without further ado, we present the top 25 most common passwords of 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
In addition to "adobe123" and "photoshop" security experts believe that "123456" and "123456789" were also top choices among Adobe users. As SplashData CEO Morgan Slain reminds us, the fact that "adobe123" and "photoshop" are on the list at all should be a good reminder that basing your password on the name of the website or application you are accessing is not exactly a bright idea.
You would think that with all of the newfound attention that online privacy generated over the course of 2013, people would perhaps rethink some of their mundane password choices to better lock down their online accounts. Think again. A list of the top 25 most common passwords of last year proves we're just as naive as ever.
The list from SplashData was compiled from millions of stolen passwords last year that were ultimately made public. The list was heavily influenced by the massive Adobe breach in October which explains some of the newcomers and for the first time ever, "password" was dethroned as the most common password ... by "123456."
Without further ado, we present the top 25 most common passwords of 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
In addition to "adobe123" and "photoshop" security experts believe that "123456" and "123456789" were also top choices among Adobe users. As SplashData CEO Morgan Slain reminds us, the fact that "adobe123" and "photoshop" are on the list at all should be a good reminder that basing your password on the name of the website or application you are accessing is not exactly a bright idea.
Thursday, January 16, 2014
2 Million Passwords For Facebook, Yahoo, Google, Twitter Stolen
By Amy Lee | CruxialCIO
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Monday, April 29, 2013
Robots That Play Baseball??
If you've been to the RoboGames, you've seen everything from flame-throwing battlebots to androids that play soccer. But robo-athletes are more than just performers. They're a path to the future.
Researchers at the University of Electro-Communications in Tokyo and the Okinawa Institute of Science and Technology have built a small humanoid robot that plays baseball -- or something like it. The bot can hold a fan-like bat and take swings at flying plastic balls, and though it may miss at first, it can learn with each new pitch and adjust its swing accordingly. Eventually, it will make contact.
The robot, you see, is also equipped with an artificial brain. Based on an Nvida graphics processor, or GPU, kinda like the one that renders images on your desktop or laptop, this brain mimics the function of about 100,000 neurons, and using a software platform developed by Nvidia, the scientists have programmed these neurons for the task at hand, as they discussed in a recent paper published in the journal Neural Networks.
Working code helps other scientists to learn how to implement an artificial brain in computers
Tadashi Yamazaki
Yes, it's fun. But through this baseball-playing robot, the scientists also hope to better understand how brains can be recreated with software and hardware — and bring us closer to a world where robots can handle more important tasks on our behalf.
When a ball is pitched to the robot, an accelerometer at the back of a batting cage records information about the flight of the ball, including its speed, and this data is relayed back to a machine that holds the GPU-powered brain. The brain then crunches this data so that it can determine exactly when the robot should swing. If the scientists change the pitch speed, the robot will relearn the task all over again.
This is not the first time researchers have modeled a cerebellum to control robots. A team of scientists in Europe, for instance, have used an artificial cerebellum to control a robotic limb. But according to Tadashi Yamazaki, one of the scientists who worked on the project, the baseball-playing robot is the second largest model of its kind and it runs in real time, meaning its much faster than other systems. That means the GPU brain is better suited to controlling external hardware, he says.
Tuesday, February 19, 2013
Watch Your Twitter Account
What do Burger King, Jeep, and MTV have in common? They have all been hacked by someone through their twitter accounts
Jeep is today's victim, and was struck by having its background image swapped out this afternoon to show a sedan painted with the McDonald's logo and colors.
A couple of tweets from the hackers read "#BOOTYGANG #ITHUG" and "We got sold to @Cadillac because we caught our employees doing these in the bathroom =[", with an attached picture of a man holding a bottle of pills.
As of 2:02 p.m. ET, the background color had been restored to black, though the hackers' tweets were still in the tweet stream. And as of 2:17 p.m., the handle's main picture -- which had been changed to the Cadillac logo -- had been changed back to a default image. Meanwhile, the Cadillac Twitter account has tweeted that it's not responsible for the hack.
McDonald's was also the subject of the hack of the Burger King account yesterday, when the handle's photo was swapped out to an image of the famous Golden Arches. The hackers' tweets were thematically similar to today's on the Jeep page, including one that read, "We caught one of our employees in the bathroom doing this... #soldtomcdonalds #failurewhopper @McDonalds" and included a link to a picture of a man sticking a needle in his arm.
Twitter declined to comment further on the Burger King incident, citing privacy and security concerns for individual accounts.
I personally dont understand how twitter is allowed to get off here with a no comment. Youre site is being hacked left and right and there is no legitimate end in site. I think that this group already has everyone's information and is slowly deciding who and when to strike.
Monday, July 9, 2012
Internet Blackout on the Way for Many
Hundreds of thousands of Internet users whose computers are infected with a particularly nasty virus are now unable to access the Web.
The Federal Bureau of Investigation shut down Internet servers that it temporarily set up to support those affected by malicious software, called DNSChanger. Turning off those servers knocked all those still infected offline.
Over the past five years, a group of six Estonian cybercriminals infected about 4 million computers around the world with DNSChanger. The malware redirected infected users' Web searches to spoofed sites with malicious advertisements.
In November 2011, the FBI and some overseas partners arrested those responsible, commandeered their servers, and attempted to warn those affected to get rid of the virus.
The FBI did not immediately take down the rogue servers, as infected computers would have lost Internet access, an FBI spokesman said.
To remedy the problem, the FBI had the nonprofit Internet Systems Consortium set up temporary servers. That way, computer owners would have time to get rid of their malware.
The servers were supposed to be shut down in March, but hundreds of thousands remained infected. Nearly 211,000 computers worldwide (about 42,000 in the United States) still have the virus, according to the FBI's latest count on Monday. That's a large number, but it's a very small subset of the 1.6 billion PCs worldwide, of which an estimated 339 million are in the United States.
Still, the FBI decided to give people even more time to check for the malware, extending the deadline until July. The agency now says the time has come to cut the cord, and the emergency servers were shut down Monday morning.
Though the FBI tried to send notifications to those infected, it could not identify all of them, a spokesman said.
The Federal Bureau of Investigation shut down Internet servers that it temporarily set up to support those affected by malicious software, called DNSChanger. Turning off those servers knocked all those still infected offline.
Over the past five years, a group of six Estonian cybercriminals infected about 4 million computers around the world with DNSChanger. The malware redirected infected users' Web searches to spoofed sites with malicious advertisements.
In November 2011, the FBI and some overseas partners arrested those responsible, commandeered their servers, and attempted to warn those affected to get rid of the virus.
The FBI did not immediately take down the rogue servers, as infected computers would have lost Internet access, an FBI spokesman said.
To remedy the problem, the FBI had the nonprofit Internet Systems Consortium set up temporary servers. That way, computer owners would have time to get rid of their malware.
The servers were supposed to be shut down in March, but hundreds of thousands remained infected. Nearly 211,000 computers worldwide (about 42,000 in the United States) still have the virus, according to the FBI's latest count on Monday. That's a large number, but it's a very small subset of the 1.6 billion PCs worldwide, of which an estimated 339 million are in the United States.
Still, the FBI decided to give people even more time to check for the malware, extending the deadline until July. The agency now says the time has come to cut the cord, and the emergency servers were shut down Monday morning.
Though the FBI tried to send notifications to those infected, it could not identify all of them, a spokesman said.
Friday, March 9, 2012
ARM Has Intel in the Crosshairs
ARCELONA, Spain (CNNMoney) -- The company behind the lightning-fast processor in the new iPad thinks it can soon become the predominant microchip business in the world.
Chips designed by ARM (ARMH), the British microprocessor company you've probably never heard of, are in a stunning 95% of the world's mobile phones and tablets, including the new iPad Apple announced this week. ARM's chips represent 30% of the entire semiconductor market sales, which is nearly double Intel's 16%, according to IHS iSuppli.
But ARM's ambitions are even grander.
"We want to see that doubled to 60%," said Warren East, ARM's CEO, in an interview conducted at last week's Mobile World Congress. "We think we've got the right sort of technology for everything from very, very tiny intelligent sensors, through the consumer electronic swathe, right through to servers."
ARM is in a unique position in the chip industry because it doesn't actually make microprocessors. Instead, ARM designs chips and licenses those different architectures to more than 300 companies around the world, including giant players such as Samsung, Nvidia (NVDA), Texas Instruments (TI) and Qualcomm (QCOM, Fortune 500).
The company is particularly successful in the rapidly growing mobile market, partially because it is good at what it does, but also because of the dumb luck of being in the right place at the right time.
ARM got its start in 1991 designing modem chips for cell phones. They were fairly limited microchips that were built for one purpose: to communicate with cell towers without sucking up too much of the phone's battery. But around the turn of the century, handset manufacturers began to realize that there was excess computer power left over in those ARM-based chips that could be used to build a user interface.
Soon after that realization, the "feature phone" was born, which ultimately evolved into the modern day smartphone. Taking advantage of the situation, ARM now designs chips for two purposes: the same-old modem processor and an applications processor that controls the user interface for Android, iOS, Windows Phone, BlackBerry OS and the like.
Demand for ARM-based chips has risen sharply of late, as the cell phone architecture made its way into disk drives, printers, cars, Internet-connected TVs, microcontrollers, and tablets. This year, Hewlett-Packard (HPQ, Fortune 500) is introducing its first server running on ARM-based chips, and Microsoft (MSFT, Fortune 500) will release a version of Windows 8 that will run on tablets powered with processors designed by ARM.
As a result, ARM's share of the overall semiconductor market has soared, doubling in just three short years. Smartphone and tablet sales will continue to help ARM's share rise, and the new markets ARM is entering could help the company arrive at its goal of doubling its share again three years from now. For instance, IHS iSuppli predicts ARM will grow its share of the PC processor market to 22% by 2015, up from practically nothing today.
Meanwhile, semiconductor behemoth Intel (INTC, Fortune 500) tried -- and failed -- for many years to get a foothold in the mobile marketplace, as ARM's 21-year old expertise in power management gave it a leg up.
But recently, Intel scored some big wins after finally convincing handset makers that its chips could play nicely in mobile. Global telecom giant Orange and Indian carrier Lava announced last week that they are planning on shipping a device based on an Intel reference design next quarter, and Lenovo launched a similar phone last month.
Motorola Mobility (MMI), which is being acquired by Google, said last month that all of its future devices will run on Intel chips. And Chinese smartphone giant ZTE said last week that it too would soon begin to ship phones with Intel inside.
Despite Intel's deep pockets and recent surge, ARM isn't fazed. The company believes its power-sipping, mobile-friendly architecture will ultimately become the world's most pervasive.
"Intel's offerings today are better than they were years ago, and undoubtedly there are going to be some Intel design wins," East said. "But I look at the capabilities of those products and see the same kind of capabilities that were in ARM products several years ago." To top of page
Chips designed by ARM (ARMH), the British microprocessor company you've probably never heard of, are in a stunning 95% of the world's mobile phones and tablets, including the new iPad Apple announced this week. ARM's chips represent 30% of the entire semiconductor market sales, which is nearly double Intel's 16%, according to IHS iSuppli.
But ARM's ambitions are even grander.
"We want to see that doubled to 60%," said Warren East, ARM's CEO, in an interview conducted at last week's Mobile World Congress. "We think we've got the right sort of technology for everything from very, very tiny intelligent sensors, through the consumer electronic swathe, right through to servers."
ARM is in a unique position in the chip industry because it doesn't actually make microprocessors. Instead, ARM designs chips and licenses those different architectures to more than 300 companies around the world, including giant players such as Samsung, Nvidia (NVDA), Texas Instruments (TI) and Qualcomm (QCOM, Fortune 500).
The company is particularly successful in the rapidly growing mobile market, partially because it is good at what it does, but also because of the dumb luck of being in the right place at the right time.
ARM got its start in 1991 designing modem chips for cell phones. They were fairly limited microchips that were built for one purpose: to communicate with cell towers without sucking up too much of the phone's battery. But around the turn of the century, handset manufacturers began to realize that there was excess computer power left over in those ARM-based chips that could be used to build a user interface.
Soon after that realization, the "feature phone" was born, which ultimately evolved into the modern day smartphone. Taking advantage of the situation, ARM now designs chips for two purposes: the same-old modem processor and an applications processor that controls the user interface for Android, iOS, Windows Phone, BlackBerry OS and the like.
Demand for ARM-based chips has risen sharply of late, as the cell phone architecture made its way into disk drives, printers, cars, Internet-connected TVs, microcontrollers, and tablets. This year, Hewlett-Packard (HPQ, Fortune 500) is introducing its first server running on ARM-based chips, and Microsoft (MSFT, Fortune 500) will release a version of Windows 8 that will run on tablets powered with processors designed by ARM.
As a result, ARM's share of the overall semiconductor market has soared, doubling in just three short years. Smartphone and tablet sales will continue to help ARM's share rise, and the new markets ARM is entering could help the company arrive at its goal of doubling its share again three years from now. For instance, IHS iSuppli predicts ARM will grow its share of the PC processor market to 22% by 2015, up from practically nothing today.
Meanwhile, semiconductor behemoth Intel (INTC, Fortune 500) tried -- and failed -- for many years to get a foothold in the mobile marketplace, as ARM's 21-year old expertise in power management gave it a leg up.
But recently, Intel scored some big wins after finally convincing handset makers that its chips could play nicely in mobile. Global telecom giant Orange and Indian carrier Lava announced last week that they are planning on shipping a device based on an Intel reference design next quarter, and Lenovo launched a similar phone last month.
Motorola Mobility (MMI), which is being acquired by Google, said last month that all of its future devices will run on Intel chips. And Chinese smartphone giant ZTE said last week that it too would soon begin to ship phones with Intel inside.
Despite Intel's deep pockets and recent surge, ARM isn't fazed. The company believes its power-sipping, mobile-friendly architecture will ultimately become the world's most pervasive.
"Intel's offerings today are better than they were years ago, and undoubtedly there are going to be some Intel design wins," East said. "But I look at the capabilities of those products and see the same kind of capabilities that were in ARM products several years ago." To top of page
Subscribe to:
Posts (Atom)