Archive for December, 2013

The Target data breach: a better understanding through credit card anatomy

Target data breach

 

By: Gregory P. Bufithis and Eric Degrasse

 

27 December 2013 – Consumer frustration and outrage over the Target credit card breach is moving from Facebook and Twitter to the courts and state governments even as the stolen accounts are flooding the black market. Meanwhile, millions of the card accounts stolen have begun showing up for sale on the black market. Brian Krebs of KrebsOnSecurity.com … the security reporter who initially broke the news about the breach … said “credit and debit card accounts stolen in (the Target breach) … have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”

Sharon Nelson of Sensei Enterprises detailed the Krebs report in a recent piece on her blog (click here).

Adrian Sanabria of 451 Security (part of 451 Research) has written a blog post that goes further because … as he says … the “recent Target breach has led to some confusion, which I will try to clear up here. Read more

Researchers connect 91% of phone numbers with names in metadata probe

 

Metadata 2

24 December 2013 – One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names.

Wrong.

Some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort. The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information.

The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools.

The result: They found … Read more

The mathematics behind NSA hacking

back door open

23 December 2013 –  There has been a lot of chatter these past two days on whether the RSA (which has angrily denied the claim) secretly took $10 million from the NSA to use the buggered up Dual Elliptic Curve Deterministic Random Bit Generator in its encryption products. RSA, which is owned by EMC, started using Dual EC DRBG by default in 2004, before the generator was standardized.

In 2007 a backdoor in the algorithm weakened the strength of any encryption that relied on it. It was only in September 2013, RSA told its customers to stop using the algorithm. The NSA is also accused of weakening the random number generator during its development. The RSA said that it categorically denied the allegation that it knew Dual EC DRBG was “flawed” when it started using the algorithm. It said it made sense to use the random number generator in the context of an industry-wide effort to develop newer, stronger methods of encryption.

At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption. … Read more

For your holiday reading [groan] : the Wiley Business “Big Data & Analytics” sampler

 

Big Data (2)

 

19 December 2013 – Yes, yes. We can hear you groaning now. “Yet more stuff to read! Enough already!” But here is something that might be the perfect read on your tablet, phone or other devise for the train, the plane, the coffee shop, whatever.

Since we started attending a large number of technology conferences that often feature presenters who are also major authors (who we have befriended), plus attending a fair amount of book fairs/trade shows, we have managed to get ourselves onto the International Publishers Association distribution list, plus the distribution lists of a number of publishers. Over the last year we have amassed 128 books. Some we review, and some we review + quote in our posts. It’s a nice arrangement.

Our friends at Wiley Business sent us their Big Data and Analytics e-book “sampler” (link below).  It selected materials from seven of their recently published titles. You will recognize most of the titles and authors (Siegel, Yau and Simon standout), I’m sure. Many of these authors are quoted numerous times in the media stream

Read more

It’s Computer Science Week. Chill. Code. Program. Do some math. Watch our video.

Computer science jobs

 

10 December 2013 – Computer code is something most people enjoy the benefits of without ever laying their eyes on it. But this week, it will be hard for students to avoid calls for them to learn how to program. There has been a promotional blitz this week for an education event called “Hour of Code” which has featured video statements from President Obama calling on students to learn how to write code, plus the home pages for Apple, Disney, Google, Microsoft, and Yahoo promoting the event.

Then there is Apple.  Tomorrow every Apple store in the United States will host code education events. Microsoft will host similar events at 51 Microsoft retail stores all this week.

Hour of Code, which coincides with Computer Science Education Week, is organized by a nonprofit organization called Code.org which is seeking to get more students interested in programming. It has the support of nearly all the major technology companies which say they need a stronger pipeline of engineers to supply the industry with the talent it needs to thrive. And you … Read more