You can’t make this stuff up.
MCX, the retailer consortium behind Apple Pay competitor CurrentC, has already been hacked, according to an email sent out to those people who have signed up for, or downloaded, the CurrentC app…
A spokeswoman confirmed that the email is real.
MCX, which is a consortium of dozens of retailers including Walmart, Best Buy, Target, Kohl’s and CVS, say that no other information has been taken but that the investigation is continuing. The “unauthorized third parties” were able to access email addresses of people who were part of the app’s private beta testing program as well as email addresses of people who simply signed up to access the app when it launches publicly…
MCX confirmed this morning that its member companies have promised to only support CurrentC. MCX was formed in large part to create a mobile app that would persuade shoppers to pay through their phone with their checking account or store-branded plastic. The retailers’ goal here was to cut down on the transaction fees it has to pay banks and credit card networks on traditional credit card purchases. That is likely a big reason why it opposes Apple Pay, which supports those traditional cards.
But the hack now raises big questions about whether shoppers will trust CurrentC app with their sensitive financial information when it launches; the app asks for users’ social security number and driver’s license information if they want to link their bank account with the app. The app does not currently let users pay with their traditional credit card accounts, though an MCX blog post published this morning said it would eventually support credit cards, though it didn’t provide details on which kinds. Until CurrentC launches, customers shopping at MCX stores will be left with the choice of using cash or traditional magstripe cards which have proved to be easy to clone.
By banning Apple Pay, which is built into the new line of iPhones, merchants are choosing to ban a more secure payment method. Apple Pay customers can use a wide range of credit and debit card accounts to make purchases. Users have to authorize a transaction by pressing their finger against the phone’s fingerprint sensor. The phone then sends payment information to a store’s checkout equipment, though it comes in the form of a stand-in string of characters known as a token and does not include an actual credit or debit card number.
Our household has already switched over to ApplePay. More than anything, we love the anonymity and security. No one gets to see our credit card number. Not even our name.
In a document (PDF link) meant to guide law enforcement officers in requesting user information, Apple notes that it no longer stores encryption keys for devices with iOS 8, meaning agencies are unable to gain access even with a valid search warrant. This includes data store on a physical device protected by a passcode, including photos, call history, contacts and more.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its new webpage dedicated to privacy policies. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
The safeguards do not apply to other services including iCloud, however, meaning any data stored offsite is fair game for government seizure. Still, the security implementation will likely be seen as a step in the right direction, especially given the current political climate following revelations of governmental “snooping” activities.
Overdue. As Edward Snowden suggested, encryption is still one of the best ways to frustrate government snooping. A standard that other tech companies might emulate even if it gets in the way of their monetization of your data.
The federal government is inching closer to mandating cars have the ability to communicate with each other, in a move regulators say could reduce crashes while still protecting motorists’ personal information..
Called vehicle-to-vehicle communication (V2V), the technology would use radio frequencies to communicate potential dangers to drivers, and the Transportation Department has begun the rule-making process of possibly making it required equipment in cars, though it could take years for a new law to take effect…
“By warning drivers of imminent danger, V2V technology has the potential to dramatically improve highway safety,” said NHTSA Deputy Administrator David Friedman said in a statement.
NHTSA also said vehicle communication could be used to assist in blind-spot detection, forward-collision alarms and warnings not to pass, though many of these technologies are available in today’s cars using other technologies, like radar.
Mindful of recent “hacking” incidents involving major retailers, websites and identity theft, NHTSA said the data transmitted would only be used for safety purposes, and notes the systems being considered would contain “several layers” of security and privacy protection.
On one hand, I’ve been following this development from car manufacturers who wish to use tech like this for accident prevention. Mercedes is a leader on this side of the research.
On the other, is there anyone left in America who trusts the government enough to buy into this technology. Even if security from hackers might be guaranteed, does anyone think the Feds would pass up backdoor access to keep an eye on us?
Square announced it was developing a new credit card reader that would allow businesses to begin accepting a more secure type of credit card being rolled out in the U.S. over the next 15 months.
The announcement comes as credit cards embedded with microchips finally begin to reach American consumers. The cards, which have been common for a decade in many other parts of the world, are believed to be harder to clone than traditional stripe cards.
Hustlers in Europe will agree.
Beginning in October 2015, liability for credit card fraud will sit with whichever entity — the issuer or the merchant — is using the less secure equipment. So a merchant would be penalized if it doesn’t have the equipment to accept chip cards and suffers an unauthorized purchase with a card that had a chip in it. On the other hand, the bank would be liable if it doesn’t issue chip cards and one of its customers makes an unauthorized transaction with a traditional card at a store that accepts chip cards…
Square makes the point this will enable expansion into other markets.
I’m not certain how that statement fits into Square’s growth plans. Are they taking advantage of opportunities opening up because they have to make this change, anyway – or is this around the time when they planned on moving into Europe.
Either way, I admit to liking the usability and design of their hardware/software packages.
It seems as though every week or so there’s a new hack or exploit that reveals millions of passwords or important data from a popular web service, and this week is no exception. On Tuesday, IT professionals got word of a serious flaw in OpenSSL — the browser encryption standard used by an estimated two-thirds of the servers on the internet. The flaw, which was dubbed “Heartbleed,” may have exposed the personal data of millions of users and the encryption keys to some of the web’s largest services. Here’s what you need to know:
It’s a bug in some versions of the OpenSSL software that handles security for a lot of large websites. In a nutshell, a weakness in one feature of the software — the so called “heartbeat” extension, which allows services to keep a secure connection open over an extended period of time — allows hackers to read and capture data that is stored in the memory of the system. It was discovered independently by a security company called Codenomicon and a Google researcher named Neel Mehta, both of whom have helped co-ordinate the response…
As Tim Lee at Vox points out in his overview, the lock that you see in your browser’s address bar when you visit a website “is supposed to signal that third parties won’t be able to read any information you send or receive. Under the hood, SSL accomplishes that by transforming your data into a coded message that only the recipient knows how to decipher.” But researchers found it was possible to “send a cleverly formed, malicious heartbeat message that tricks the computer at the other end into divulging secret information…”
If you are a web user, the short answer is not much. You can check the list of sites affected on Github, or you could try a tool from developer Filippo Valsorda that checks sites to see if they are still vulnerable (although false positives have been reported), and you should probably change your passwords for those sites if you find any you use regularly.
RTFA if you want all the gory details. The bug is 2 years old albeit just discovered; so, no one has a clue how long evildoers may have been screwing around with folks’ accounts at sites containing the bug.
I’d suggest reading the list at Github and staying away from sites on the list – until they disappear from the list. Changing passwords – as suggested – at affected sites is a good idea as well. Though I can think of problems happening if you’re pinged while doing exactly that. If and when sites are certified clean, then, change your passwords and do a thorough job of it.
UPDATE: NSA scumbags knew about the bug for two years and used it to break into encrypted communications – rather than notify American companies and consumers so they might protect themselves…http://tinyurl.com/mq8owa2
A major independent commission headed by the Swedish foreign minister, Carl Bildt, was launched on Wednesday to investigate the future of the internet in the wake of the Edward Snowden revelations.
The two-year inquiry, announced at the World Economic Forum at Davos, will be wide-ranging but focus primarily on state censorship of the internet as well as the issues of privacy and surveillance raised by the Snowden leaks about America’s NSA and Britain’s GCHQ spy agencies…
Bildt, the former Swedish prime minister, said: “The rapid evolution of the net has been made possible by the open and flexible model by which it has evolved and been governed. But increasingly this is coming under attack.
“And this is happening as issues of net freedom, net security and net surveillance are increasingly debated. Net freedom is as fundamental as freedom of information and freedom of speech in our societies.”
The Obama administration on Friday announced the initial findings of a White House-organised review of the NSA. There are also inquiries by the US Congress and by the European parliament, but this is the first major independent one.
The nicest thing said about Obama’s recommendations is that they have the strength of weak tea. My characterization would be more scatalogical.
Robin Niblett, director of Chatham House, said: “The issue of internet governance is set to become one of the most pressing global policy issues of our time…”
Gordon Smith, who is to be deputy chair of the commission, said: “For many people, internet governance sounds technical and esoteric but the reality is that the issues are ‘high politics’ and of consequence to all users of the internet, present and future.”
Many of America’s geek pundits feel the United States owns the Internet and every other nation should simply follow whatever our government says should be the rules. Obedience is required by the Internet Overlords.
The battle comes up every few years, The next round will not only involve the question of global democracy; but, individual privacy and security will have to be part of the discussion.
Firms in the UK and Canada are reportedly updating their cloud contracts to demand that their data be kept out of the US. The report doesn’t contain enough details, however, to say if this is a trend or an isolated incident.
Is this the backlash? A handful of companies are requiring cloud service providers to promise — in writing — that they won’t store any client data in the United States, according to Bloomberg.
The report says that a British grocery chain and a Canadian pharma company have responded to the ongoing US surveillance scandal by adding language to existing contracts that mandate suppliers to segment their data and keep it out of America.
The report of the revised contracts comes as the cloud computing industry continues to digest news that America’s National Security Agency is tapping underwater cables and infiltrating the servers of storage providers as part of a sweeping counter-terrorism program…
So does the Bloomberg report portend the start of a trend? It’s too soon to say. The report, which also claimed a Canadian agency had asked for the “no data in USA” clause, was based on a single source (an Indiana security firm known as Rook Consulting) and did not name any of the companies involved.
And, while such reports are eye-catching, they also provide a public relations opportunity for cloud providers outside of the US.. to drum up business. In the meantime, it’s unclear if European cloud providers have the capacity to take over existing large-scale data storage contracts, and to what degree companies’ existing cloud contracts dissuade them from switching services.
Are we to give thanks to the NSA for providing a great reason for offshoring business from the United States? Roberts’ article doesn’t ask the important question: What idiots in our government skipped past the question of how being the most intrusive Big Brother in the World would affect American businesses dependent on guaranteeing security to their clients?
If I was working in communications with valuable data there is no way on Earth I would trust an American corporation to provide me with anymore privacy than the American government seems to allow. Which is damned little.
American technology businesses fear they could lose between $21.5bn and $35bn in cloud computing contracts worldwide over the next three years, as part of the fallout from the NSA revelations.
Some US companies said they have already lost business, while UK rivals said that UK and European businesses are increasingly wary of trusting their data to American organisations, which might have to turn it over secretly to the National Security Agency, its government surveillance organisation…
A survey by the US-based Cloud Security Alliance, quoted by the Information Technology & Innovation Foundation (ITIF) found that American companies which offer file storage and computing in cloud systems – so they can be stored and accessed anywhere in the world – are gloomy about the effects of the Guardian’s revelations of the extent of US government snooping and data gathering through projects such as Prism and Xkeyscore.
Daniel Castro, author of the ITIF survey, said that it seemed reasonable to suggest that US cloud businesses could lose between 10% and 20% of the overseas market to rivals.
The effect has already been felt, Castro said. The ITIF survey found that of those outside the US, 10% had cancelled a project with a US-based cloud computing provider, and 56% would be “less likely” to use a US-based cloud computing service.
The US government has struggled to respond to the series of revelations in the Guardian about the extent of the NSA’s oversight of data, which travels into the US. Prism allows it to target details about individuals residing outside the US; the NSA claims that it has “direct access” to data from Google and Microsoft, among others, who are both also major cloud computing providers…Xkeyscore allows the NSA to drill down to details about individuals almost anywhere on the internet.
Yup…Obama and his Big Bubba spies have laid one more road block across the path of American firms trying for global presence on the Web. No one here trusts the Web any farther than they can throw a Republican. Why should anyone else?
Snowden meeting with Human Rights Watch in Moscow – today
A majority of U.S. registered voters consider Edward Snowden a whistle-blower, not a traitor, and a plurality says government anti-terrorism efforts have gone too far in restricting civil liberties, a poll released today shows.
Fifty-five percent said Snowden was a whistle-blower in leaking details about top-secret U.S. programs that collect telephone and Internet data, in the survey from…Quinnipiac University. Thirty-four percent said he’s a traitor…
The poll also showed that by 45 percent to 40 percent, respondents said the government goes too far in restricting civil liberties as part of the war on terrorism. That was a reversal from January 2010, when in a similar survey 63 percent said anti-terrorism activities didn’t go far enough to protect the U.S. from attacks, compared with 25 percent who disagreed.
“The massive swing in public opinion about civil liberties and governmental anti-terrorism efforts, and the public view that Edward Snowden is more whistle-blower than traitor, are the public reaction and apparent shock at the extent to which the government has gone in trying to prevent future terrorist incidents,” said Peter Brown, assistant director of Quinnipiac’s polling institute.
The view of Snowden as a whistle-blower rather than traitor predominated among almost every group of respondents broken down by party, gender, income, education and age. Black voters were the lone exception, with 43 percent calling Snowden a traitor compared with 42 percent saying he was a whistle-blower.
“The verdict that Snowden is not a traitor goes against almost the unified view of the nation’s political establishment,” Brown said…
The poll showed both Democrats and Republicans about evenly divided on whether government counter-terrorism measures have become excessive. Independent voters view the methods as having gone too far by 49 percent to 36 percent.
“The fact that there is little difference now along party lines about the overall anti-terrorism effort and civil liberties and about Snowden is in itself unusual in a country sharply divided along political lines about almost everything,” Brown said…
…Among Republicans the percentage who said government has gone overboard in restricting civil liberties in the fight against terrorism grew to 41 percent in the new poll, compared with 17 percent three years ago.
“It would be naive to see these numbers as anything but evidence of a rethinking by the public about the tradeoffs between security and freedom,” Brown said.
It would be naive – or simply the voice of hypocrites whose politics support a government spying on its citizens, who consider their political security more important than individual liberty, freedom to think and speak, a right to privacy.
We know which side Obama and the executive are on. We know which side the noisiest baboons in Congress have chosen – predictably, I might add. We have watched the conflict in play between the generally tame mass media and the few American journalists with the courage to stand for the Bill of Rights. The responsibility is ours to press government into defense of our rights and, not so incidentally, withdraw the blank check given to the NSA.