New Credit Card Feature Prevents Fraud
December 28, 2015
December is lauded as the most wonderful time due to that warm, fuzzy feeling and also because retail chains across the world will be operating in the black at the end of the year. Online shopping has shown record sales this year, especially since shoppers do not want to deal with crowds and limited stock. Shopping online allows them to shop from the convenience of their homes, have items delivered to their front door, and find great deals. Retail chains are not the only ones who love the holidays. Cyber criminals also enjoy this season, because people are less concerned with their persona information. Credit card and bank account numbers are tossed around without regard, creating ample game for identity theft.
While credit card companies have created more ways to protect consumers, such as the new microchip in cards, third party security companies have also created ways to protect consumers. Tender Armor is a security company with a simple and brilliant fraud prevention solution.
On the back of every credit card is a security code that is meant to protect the consumer, but it has its drawbacks. Tender Armor created a CVVPlus service that operates on the same principle as the security code, except of having the same code, it rotates on daily basis. Without the daily code, the credit card is useless. If a thief gets a hold of your personal information, Tender Armor’s CVVPlus immediately notifies you to take action. It is ingenious in its simplicity.
Tender Armor made this informative animated to explain how CVVPlus works: Tender Armor: CVVPlus.
In order to use Tender Armor, you must pay for an additional service on your credit card. With the increased risk in identity theft, it is worth the extra few bucks.
Whitney Grace, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
They Hid in Plain Sight
December 28, 2015
Those who carried out last November’s attacks in Paris made their plans in the open, but intelligence agencies failed to discover and thwart those plans beforehand. TechDirt reveals “Details of How The Paris Attacks Were Carried Out Show Little Effort by Attackers to Hide Themselves.” To us, that means intelligence agencies must not be making much use of the Dark Web. What about monitoring of mobile traffic? We suggest that some of the marketing may be different from the reality of these systems.
Given the apparent laxity of these attackers’ security measures, writer Mike Masnick wonders why security professionals continue to call for a way around encryption. He cites an in-depth report by the
Wall Street Journal’s Stacy Meichtry and Joshua Robinson, and shares some of their observations; see the article for those details. Masnick concludes:
“You can read the entire thing and note that, nowhere does the word ‘encryption’ appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it’s very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they’re grasping at straws to find something to blame, even if it had nothing to do with the attacks.”
Is “terrorism” indeed a red herring for those pushing the encryption issue? Were these attackers an anomaly, or are most terrorists making their plans in plain sight? Agencies may just need to look in the right directions.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Cyber Threat Intelligence Across the Enterprise
December 28, 2015
A blog series from iSightPartners aims to help organizations make the most of Cyber Threat Intelligence. The series is introduced in, “How CTI Helps Six Groups Do Their Jobs Better: A New Blog Series!” Writer Christina Jasinski explains:
“The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year. But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That’s why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.
“Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned….
“This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization’s information security program can (and should) apply threat intelligence to their function. Each post will include 3-4 use cases, how CTI can be used by professionals in that role, and the type of threat intelligence that is required to achieve their objectives.”
Jasinski goes on to describe what her series has to offer professionals in each of those roles, and concludes by promising to reveal practical solutions to CTI quandaries. Follow her blog posts to learn those answers.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Ins and Outs of Hacking Software
December 23, 2015
Hacking software is and could be a potential problem. While some government agencies, hacktivist organizations, and software companies are trying to use it for good, terrorist groups, digital thieves, and even law enforcement agencies can use it to spy and steal data from individuals. The Technology Review shares some interesting stories about how software is being used for benign and harmful purposes in “The Growth Industry Helping Governments Hack Terrorists, Criminals, And Political Opponents.”
The company Hacking Team is discussed at length and its Remote Control System software, which can worm its way through security holes in a device and steal valuable information. Governments from around the globe have used the software for crime deterrence and to keep tabs on enemies, but other entities used the software for harmful acts including spying and hacking into political opponents computers.
Within the United States, it is illegal to use a Remote Control System without proper authority, but often this happens:
“When police get access to new surveillance technologies, they are often quickly deployed before any sort of oversight is in place to regulate their use. In the United States, the abuse of Stingrays—devices that sweep up information from cell phones in given area—has become common. For example, the sheriff of San Bernardino County, near Los Angeles, deployed them over 300 times without a warrant in the space of less than two years. That problem is only being addressed now, years after it emerged, with the FBI now requiring a warrant to use Stingrays, and efforts underway to force local law enforcement to do the same. It’s easy to imagine a similar pattern of abuse with hacking tools, which are far more powerful and invasive than other surveillance technologies that police currently use.”
It is scary how the software is being used and how governments are skirting around its own laws to use it. It reminds me of how gun control is always controversial topic. Whenever there is a mass shooting, debates rage about how the shooting would never had happened if there was stricter gun control to keep weapons out of the hands of psychopaths. While the shooter was blamed for the incident, people also place a lot of blame on the gun, as if it was more responsible. As spying, control, and other software becomes more powerful and ingrained in our lives, I imagine there will be debates about “software control” and determining who has the right to use certain programs.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Drops Bing from Pulse, Adds Azure Media Services
December 22, 2015
The article on VentureBeat titled Microsoft Rebrands Bing Pulse to Microsoft Pulse, extends Snapshot API ushers in the question: is Bing a dead-end brand? The article states that the rebranding is meant to emphasize that the resource integrates with MS technologies like Power BI, OneNote, and Azure Media Services. It has only been about year since the original self-service tool was released for broadcast TV and media companies. The article states,
“The launch comes a year after Bing Pulse hit version 2.0 with the introduction of a cloud-based self-service option. Microsoft is today showing a few improvements to the tool, including a greatly enhanced Snapshot application programming interface (API) that allows developers to pull data from Microsoft Pulse into Microsoft’s own Power BI tool or other business intelligence software. Previously it was only possible to use the API with broadcast-specific technologies.”
The news isn’t good for Bing, with Pulse gaining popularity as a crowdsourcing resource among such organizations as CNN, CNBC, the Aspen Institute, and the Clinton Global Initiative. It is meant to be versatile and targeted for broadcast, events, market research, and classroom use. Dropping Bing from the name may indicate that Pulse is moving forward, and leaving Bing in the dust.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Years Resolutions in Personal Data Security
December 22, 2015
The article on ITProPortal titled What Did We Learn in Records Management in 2016 and What Lies Ahead for 2016? delves into the unlearnt lessons in data security. The article begins with a look back over major data breaches, including Ashley Madison, JP Morgan et al, and Vtech and gathers from them the trend of personal information being targeted by hackers. The article reports,
“A Crown Records Management Survey earlier in 2015 revealed two-thirds of people interviewed – all of them IT decision makers at UK companies with more than 200 employees – admitted losing important data… human error is continuing to put that information at risk as businesses fail to protect it properly…but there is legislation on the horizon that could prompt change – and a greater public awareness of data protection issues could also drive the agenda.”
The article also makes a few predictions about the upcoming developments in our approach to data protection. Among them includes the passage of the European Union General Data Protection Regulation (EU GDPR) and the resulting affect on businesses. In terms of apps, the article suggests that more people might start asking questions about the information required to use certain apps (especially when the data they request is completely irrelevant to the functions of the app.) Generally optimistic, these developments will only occur of people and businesses and governments take data breaches and privacy more seriously.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
When the Data Cannot Be Trusted
December 22, 2015
A post at Foreign Policy, “Cyber Spying Is Out, Cyber Lying Is In,” reveals that it may be more important now than ever before to check the source, facts, and provenance of digital information. Unfortunately, search and content processing systems do not do a great job of separating baloney from prime rib.
Journalist Elias Groll tells us that the experts are concerned about hacking’s new approach:
“In public appearances and congressional testimony in recent months, America’s top intelligence officials have repeatedly warned of what they describe as the next great threat in cyberspace: hackers not just stealing data but altering it, threatening military operations, key infrastructure, and broad swaths of corporate America. It’s the kind of attack they say would be difficult to detect and capable of seriously damaging public trust in the most basic aspects of both military systems and a broader economy in which tens of millions of people conduct financial and health-related transactions online….
“Drones could beam back images of an empty battlefield that is actually full of enemy fighters. Assembly robots could put together cars using dimensions that have been subtly altered, ruining the vehicles. Government personnel records could be modified by a foreign intelligence service to cast suspicion on a skilled operative.”
Though such attacks have not yet become commonplace, there are several examples to cite. Groll first points to the Stuxnet worm, which fooled Iranian engineers into thinking their centrifuges were a-okay when it had actually sabotaged them into over-pressurizing. (That was a little joint project by the U.S. and Israel.) See the article for more examples, real and hypothesized. Not all experts agree that this is a growing threat, but I, for one, am glad our intelligence agencies are treating it like one.
Cynthia Murrell, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Big Data Gets Emotional
December 15, 2015
Christmas is the biggest shopping time of the year and retailers spending months studying consumer data. They want to understand consumer buying habits, popular trends in clothing, toys, and other products, physical versus online retail, and especially what competition will be doing sale wise to entice more customers to buy more. Smart Data Collective recently wrote about the science of shopping in “Using Big Data To Track And Measure Emotion.”
Customer experience professionals study three things related to customer spending habits: ease, effectiveness, and emotion. Emotion is the biggest player and is the biggest factor to spur customer loyalty. If data specialists could figure out the perfect way to measure emotion, shopping and science would change as we know it.
“While it is impossible to ask customers how do they feel at every stage of their journey, there is a largely untapped source of data that can provide a hefty chunk of that information. Every day, enterprise servers store thousands of minutes of phone calls, during which customers are voicing their opinions, wishes and complaints about the brand, product or service, and sharing their feelings in their purest form.”
The article describes some methods emotional data is fathered: phone recordings, surveys, and with vocal layer speech layers being the biggest. Analytic platforms that measure vocal speech layers that measure relationships between words and phrases to understand the sentiment. The emotions are ranged on a five-point scale, ranging from positive to negative to discover patterns that trigger reactions.
Customer experience input is a data analyst’s dream as well as nightmare based on all of the data constantly coming.
Whitney Grace, December 15, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Easy as 1,2,3 Common Mistakes Made with Data Lakes
December 15, 2015
The article titled Avoiding Three Common Pitfalls of Data Lakes on DataInformed explores several pitfalls that could negate the advantages of data lakes. The article begins with the perks, such as easier data access and of course, the cost-effectiveness of keeping data in a single hub. The first is sustainability (or the lack thereof), since the article emphasizes that data lakes actually require much more planning and management of data than conventional databases. The second pitfall raised is resource allocation,
“Another common pitfall of implementing data lakes arises when organizations need data scientists, who are notoriously scarce, to generate value from these hubs. Because data lakes store data in their native format, it is common for data scientists to spend as much as 80 percent of their time on basic data preparation. Consequently, many of the enterprise’s most valued resources are dedicated to mundane, time-consuming processes that considerably lengthen time to action on potentially time-sensitive big data.“
The third pitfall is technology contradictions or trying to use traditional approaches on a data lake that holds both big and unstructured data. Be not alarmed, however, the article goes into great detail about how to avoid these issues through data lake development with smart data technologies such as semantic tech.
Chelsea Kerwin, December 15, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bill Legislation Is More Complicated than Sitting on Capitol Hill
December 14, 2015
When I was in civics class back in the day and learning about how a bill became an official law in the United States, my teacher played Schoolhouse Rock’s famous “I’m Just a Bill” song. While that annoying retro earworm still makes the education rounds, the lyrics need to be updated to record some of the new digital “paperwork” that goes into tracking a bill. Engaging Cities focuses on legislation data in “When Lobbyists Write Legislation, This Data Mining Tool Traces The Paper Trail.”
While the process to make a bill might seem simple according to Schoolhouse Rock, it is actually complicated and is even crazier as technology pushes more bills through the legislation process. In 2014, there were 70,000 state bills introduced across the country and no one has the time to read all of them. Technology can do a much better and faster job.
“ A prototype tool, presented in September at Bloomberg’s Data for Good Exchange 2015 conference, mines the Sunlight Foundation’s database of more than 500,000 bills and 200,000 resolutions for the 50 states from 2007 to 2015. It also compares them to 1,500 pieces of “model legislation” written by a few lobbying groups that made their work available, such as the conservative group ALEC (American Legislative Exchange Council) and the liberal group the State Innovation Exchange(formerly called ALICE).”
A data-mining tool for government legislation would increase government transparency. The software tracks earmarks in the bills to track how the Congressmen are benefiting their states with these projects. The software analyzed earmarks as far back as 1995 and it showed that there are more than anyone knew. The goal of the project is to scour the data that the US government makes available and help people interpret it, while also encouraging them to be active within the laws of the land.
The article uses the metaphor “need in a haystack” to describe all of the government data. Government transparency is good, but when they overload people with information it makes them overwhelmed.
Whitney Grace, December 14, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
