This too shall pass.
“The chances that we’ll see another big breach like this are probably 80 percent.”
This is why it is time for the United States to fix its weak payment security schema.
“U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card, which stores account information using the same technology as cassette tapes.”
Remember cassette tapes?
Because I shopped at Target during the window of exposure, I ordered a new debit card from my bank. It is an inconvenience to do so, but after reading about a friend on Facebook who saw purchases made on his card in Russia, and after reading about the hacked customer data from Target being sold in online black markets, I was legitimately freaked out.
Have you ordered a new card yet?
Target ups number of customers affected by data breach to 110 million – Boing Boing.
Important Notice: unauthorized access to payment card data in U.S. stores.
I heard rumblings of this yesterday, and now it seems to be a reality. Worst credit card heist in history, they say. Thought you might wanna know!
I was unfortunate enough to have been to Target during the time period mentioned, so I’ll be ordering a new card ASAP.
As my years of IT security experience taught me, the insider is the most dangerous threat.
I guess I know what I’ll be doing this weekend…making sure none of the Hostgator servers under my control were rooted. At least it sounds like the situation was mitigated.
You all might want to check your servers, if you have any with Hostgator.
Yesterday I got the email that millions of other people got in regards to Evernote resetting my password due to someone hacking into their user data system.
The investigation has shown… that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
After following the very geeky discussion about it in /r/netsec I was left wondering if I was placing too much faith in Evernote to protect all the brain dumps, notes, files, and private information I like to store in it.
After stumbling across this blog post entitled “Evernote doesn’t really care about security” I became convinced that it was time to leave Evernote. The security breach was actually the last straw in a number of things that have been bugging me more often than not — frequent crashes being the chief one.
Sometime around when Evernote added Skitch, the whole shebang started crashing on me frequently. I’m a premium Evernote user, and dealing with the app crashing multiple times a day quickly became aggravating. It has been almost unusable at times. That does not bode well for something you need to access frequently throughout a given day.
Then there were the issues where my notes were not synching between my laptop and my desktop, which I don’t really need to go into. You’ve probably had them too, if you are an Evernote user on more than one computer.
Lastly, I mentioned I was a paid Evernote user, but I never found myself using the paid features. The other big issue for me was with tagging – I would add tags to notes but then forget about them and never use them to find things. The inability to organize notes hierarchically is very necessary to me as someone who thinks that way due to my years as a sysad and developer, and I couldn’t get used to everything having to be arranged with tags.
So my question yesterday became: “Where do I put all this info I have in Evernote that is more secure and can be synched and access between my phone, laptop, and desktop?”
Security experts mostly agree that putting secure information in the cloud is not a very good idea. But I want to have faith that it can be, and there are companies making an effort in that regard. I turned to a solution that was right under my nose: Google Drive.
Why Google Drive over Dropbox or some other service? Because it integrates easily with everything I already use, and more and more features and interactions with it are becoming available. I, for one, welcome our new Google overlords.
I’m still working on moving everything over from Evernote to Google Drive, and it’s not a simple process, but I think I will be able to live with it. I’ll also be able to rest a little better knowing that, while my data is still in the cloud, Google seems to value it more than Evernote.
Other fed up users are coming up with their own solutions for replacing their faith in Evernote.
What will be yours?
A pretty interesting analysis of major websites and what they do with your personal data.
Why would ESPN want to send my username to Adobe?
Why is Pinterest sending my name to Google Analytics?
I’m interested to see who is bothered by this, or if anything is done about it.
Still using Internet Explorer 6, 7, or 8?
WHY?
Targeted zero day attack being used against Internet Explorer 6, 7, and 8
Microsoft have published a security advisory for a zero day attack being used against a “targeted audience” using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.
Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff.
An older vulnerability that got ignored in 2007 is showing up again.
According to Acunetix’s Bogdan Calin, this particular vulnerability is exploitable through the platform’s XMLRPC API (through XMLRPC.PHP). Attackers could try and guess hosts inside each network they target, port scan those hosts, reconfigure internal routers and launch large scale DDoS attacks.
From the details it doesn’t sound extremely dangerous, but something that should be fixed sooner rather than later. You can bet that we will see WordPress 3.5.1 pretty darned soon!
That square QR barcode on the poster? Check it’s not a sticker
A pretty ingenius, but evil hack: make your own QR codes, print them out on sticker paper, then slap them on a well-known company/movie/band/product poster or billboard. Point them at an exploitive website and you’ve got yourself a bunch of trusting visitors on mobile phones.
Kinda scary, really.
If you are not paranoid about using open Wifi service at coffee shops, hotels, and other public establishments, you should be. Time and time again it has been proven that such locales can be extremely dangerous for doing mundane things such as checking your email or posting to your Facebook account. If you are unlucky enough to be sitting near one sniffing snooper looking for login credentials to be passed over the air, and you can quickly find yourself locked out of everything you thought was your own.
Update: Please see this new list of the best VPNs for Mac in 2021.
I recently tried out Hotspot Shield, a quick and easy way to get yourself up and running on an encrypted VPN. This one is for Macs, but there are probably many other solutions out there if you are on Windows, Linux, or others.
Hotspot Shield has a free version, but for $29.95 it’s well worth it to have the ads removed and get a bump in speed. In fact, the speed of this VPN solution is what impressed me the most. I didn’t notice any lag in surfing around the web.
Once you have it installed, it’s just a click of the button in the task bar to launch the VPN and get yourself routed through the tunnel. It takes about 3 seconds to connect.
With a third party VPN solution such as this, you aren’t covering your tracks or surfing around in complete anonymity, mind you, but you are at least securing what you are doing from the prying eyes of anyone on the same Wifi (or other) network as you.