http://adage.com/article/digitalnext/subscription-economy-change-price-pay/307966/
Here is a snippet from the piece:
Happy Reading,
J.W. Gant
Showing posts with label Krebs on Security. Show all posts
Showing posts with label Krebs on Security. Show all posts
Tuesday, February 21, 2017
The Subscription Economy
Interesting read on the shift to steady revenue streams vs. one-time transactional revenue streams. Do you have a Netflix account? Yeap. Bet you used to rent from Blockbuster one movie at a time didn't you?
http://adage.com/article/digitalnext/subscription-economy-change-price-pay/307966/
Here is a snippet from the piece:
Should a customer in New York pay a higher price than someone from Ohio for the same service? And should a doctor in Ohio pay a higher price than a New York taxi driver? Should a Mac user be steered to a pricier hotel when shopping online? Hint: It's already happening.
Happy Reading,
J.W. Gant
http://adage.com/article/digitalnext/subscription-economy-change-price-pay/307966/
Here is a snippet from the piece:
Happy Reading,
J.W. Gant
Saturday, October 15, 2016
Cyber Warfare
If you follow the news it seems increasingly clear ... the United States is engaged in a new kind of warfare with Russia. This isn't tanks and artillery like World War II. Nor is it the Cold War. However, this is war, war in the virtual world, where real people and real lives are being impacted.
First, the conclusion Russia is behind hacking efforts to influence the Presidential election:
http://arstechnica.com/tech-policy/2016/10/us-government-russia-behind-hacking-campaign-to-disrupt-us-elections/
Here is a snippet from that piece:
The Office of the Director of National Intelligence and the Department of Homeland Security today jointly charged that the Russian government was responsible for directing a series of intrusions into the networks of US political organizations and state election boards. In a “joint security statement,” officials from the two agencies declared they were “confident” that the government of President Vladimir Putin was behind the hacks and the publication of data obtained from them—some of it doctored—specifically to impact the results of the upcoming US elections.
Next, this report indicating the CIA is preparing a cyber attack on Russia:
http://www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636
Here is a snippet from that piece:
What will the future bring?
Happy Reading,
J.W. Gant
First, the conclusion Russia is behind hacking efforts to influence the Presidential election:
http://arstechnica.com/tech-policy/2016/10/us-government-russia-behind-hacking-campaign-to-disrupt-us-elections/
Here is a snippet from that piece:
Next, this report indicating the CIA is preparing a cyber attack on Russia:
http://www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636
Here is a snippet from that piece:
The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News.
Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership.
Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership.
What will the future bring?
Happy Reading,
J.W. Gant
Wednesday, February 26, 2014
Target Misses on 4th Quarter Sales
News today is in for Target's 4th Quarter sales and it appears the data breach is doing damage.
This piece my Multichannel Merchant has some details:
http://multichannelmerchant.com/news/data-breach-affects-targets-4q-u-s-sales-26022014/
Here is a snippet from that piece:
Happy Reading,
J.W. Gant
This piece my Multichannel Merchant has some details:
http://multichannelmerchant.com/news/data-breach-affects-targets-4q-u-s-sales-26022014/
Here is a snippet from that piece:
What did the major data breach at Target mean for the merchant’s bottom line? It meant fewer consumers shopping at the mass merchant, as well as a $17 million net expense related to the data breach investigation.
Target announced this morning that sales for its U.S. segment in the fourth-quarter decreased 6.6% to $20.9 billion from $22.4 billion the prior year.
Target announced this morning that sales for its U.S. segment in the fourth-quarter decreased 6.6% to $20.9 billion from $22.4 billion the prior year.
Happy Reading,
J.W. Gant
Thursday, February 13, 2014
Target Hackers Used Phishing to Gain Access
Krebs on Security has more on the Target hack:
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
Here is a snippet from that piece:
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
This story reads like an old cold war espionage tale.
Happy reading,
J.W. Gant
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
Here is a snippet from that piece:
This story reads like an old cold war espionage tale.
Happy reading,
J.W. Gant
Thursday, February 6, 2014
Target Hackers Broke in Using a HVAC Company
Krebs on Security has the news on this one:
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company
A third party service company responsible for helping Target maintain its heating, air conditioning, refrigeration, etc. had access to Target's systems. Those access keys were stolen and used to ultimately get to 100 million or more customer accounts during the holiday season of 2013.
Wow.
If that article is too dense read this ComputerWorld article instead:
http://www.computerworld.com/s/article/9246074/Target_breach_happened_because_of_a_basic_network_segmentation_error
Retail Information Systems has a small piece about the money criminals are making through retail POS systems.
http://risnews.edgl.com/retail-news/Huge-Criminal-Profits-Are-Being-Made-from-Retail-POS-Says-FBI90986
This story is a good one, and you just knew it would be. Cloak & dagger through and through.
Happy reading,
J.W. Gant
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company
A third party service company responsible for helping Target maintain its heating, air conditioning, refrigeration, etc. had access to Target's systems. Those access keys were stolen and used to ultimately get to 100 million or more customer accounts during the holiday season of 2013.
Wow.
If that article is too dense read this ComputerWorld article instead:
http://www.computerworld.com/s/article/9246074/Target_breach_happened_because_of_a_basic_network_segmentation_error
Retail Information Systems has a small piece about the money criminals are making through retail POS systems.
http://risnews.edgl.com/retail-news/Huge-Criminal-Profits-Are-Being-Made-from-Retail-POS-Says-FBI90986
This story is a good one, and you just knew it would be. Cloak & dagger through and through.
Happy reading,
J.W. Gant
Monday, January 20, 2014
Best Reading of the Day - Entry 0076 Security
More word on the Target hack, some other retailers that have also been hacked but not yet publicly identified, and a BusinessWeek profile of Brian Krebs. Great reads.
I'll start with the best one, the BusinessWeek profile:
http://www.businessweek.com/articles/2014-01-16/brian-krebs-the-cybersecurity-blogger-hackers-love-to-hate#r=tec-ls
Here is a snippet from that article:
The people who dislike cybersecurity blogger Brian Krebs aren’t subtle. In early January, Krebs got a bag of poop in the mail. That was better than the time last summer when he received 13 packets of heroin. Both were way, way better than the day last March when a SWAT team descended on his doorstep, lured by a fake report of a hostage situation. “Having multiple automatic weapons pointed at your head is not my idea of a great time,” Krebs deadpans. “The kind of work I do, I paint a big target on my head.”
Six more U.S. retailers have also been hit, like Target, but have not yet been publicly identified:
http://www.computerworld.com/s/article/9245531/Six_more_U.S._retailers_hit_by_Target_like_hacks
Finally, a story on Target's last breech in 2005 and what they've done, or haven't done, in response:
http://www.wired.com/threatlevel/2014/01/target-hack/
I really like that last one as well. Security is a cost center so the companies will always pay great lip service in public while doing as little as possible to actually protect the consumer.
Happy reading,
J.W. Gant
I'll start with the best one, the BusinessWeek profile:
http://www.businessweek.com/articles/2014-01-16/brian-krebs-the-cybersecurity-blogger-hackers-love-to-hate#r=tec-ls
Here is a snippet from that article:
The people who dislike cybersecurity blogger Brian Krebs aren’t subtle. In early January, Krebs got a bag of poop in the mail. That was better than the time last summer when he received 13 packets of heroin. Both were way, way better than the day last March when a SWAT team descended on his doorstep, lured by a fake report of a hostage situation. “Having multiple automatic weapons pointed at your head is not my idea of a great time,” Krebs deadpans. “The kind of work I do, I paint a big target on my head.”
Six more U.S. retailers have also been hit, like Target, but have not yet been publicly identified:
http://www.computerworld.com/s/article/9245531/Six_more_U.S._retailers_hit_by_Target_like_hacks
Finally, a story on Target's last breech in 2005 and what they've done, or haven't done, in response:
http://www.wired.com/threatlevel/2014/01/target-hack/
I really like that last one as well. Security is a cost center so the companies will always pay great lip service in public while doing as little as possible to actually protect the consumer.
Happy reading,
J.W. Gant
Thursday, January 16, 2014
Best Reading of the Day - Entry 0075 POS Malware and Target
More information is coming out about the account information theft from Target stores over the Holidays. First, they have admitted 70 million accounts may have been stolen, but also state it may be as many as 110 million. Regardless it is the largest such hack in United States history.
Krebs on Security is still the best place for up to the minute information on this story but it can be a bit cryptic for those outside the industry.
ARS Technica has a piece that should work. This is a great read:
http://arstechnica.com/security/2014/01/point-of-sale-malware-infecting-target-found-hiding-in-plain-sight/
I'm going to quote a bit from that article...
Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in.
This next bit is incredible:
Krebs went on to report that sources told him the attackers broke into Target after hacking a company Web server. From there, the attackers somehow managed to upload the POS malware to the checkout machines located at various stores. The sources said the attackers appeared to then establish a control server inside Target's internal network that "served as a central repository for data hoovered by all of the infected point-of-sale devices." The attackers appear to have had persistent access to the internal server, an ability that allowed them to periodically log in and collect the pilfered data.
Be sure to read through that entire article. Well worth your time.
Happy reading,
J.W. Gant
**UPDATE**
Krebs on Security has a part 2 for this:
a-closer-look-at-the-target-malware-part-ii/
Krebs on Security is still the best place for up to the minute information on this story but it can be a bit cryptic for those outside the industry.
ARS Technica has a piece that should work. This is a great read:
http://arstechnica.com/security/2014/01/point-of-sale-malware-infecting-target-found-hiding-in-plain-sight/
I'm going to quote a bit from that article...
Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in.
This next bit is incredible:
Krebs went on to report that sources told him the attackers broke into Target after hacking a company Web server. From there, the attackers somehow managed to upload the POS malware to the checkout machines located at various stores. The sources said the attackers appeared to then establish a control server inside Target's internal network that "served as a central repository for data hoovered by all of the infected point-of-sale devices." The attackers appear to have had persistent access to the internal server, an ability that allowed them to periodically log in and collect the pilfered data.
Be sure to read through that entire article. Well worth your time.
Happy reading,
J.W. Gant
**UPDATE**
Krebs on Security has a part 2 for this:
a-closer-look-at-the-target-malware-part-ii/
Friday, December 20, 2013
The Target Payment Card Data Breach
This one has been making some news and as the story has unfolded it has become incredibly interesting.
Wait, just another data breach right? Just another case of credit card information getting in to the wrong hands right?
No.
First, the back story:
Thursday, December 19th Target, one of the biggest retailers in the world, revealed it had been the victim of unauthorized access to its payment card data:
At first this story, while quite concerning, left me just nodding my head saying something to the effect of "another data breach". Yes and no. The methods used in this case appear to have been quite new. This is a VERY different case from previous instances and consequently is much more alarming.
Is any retailer safe from this sort of activity? Maybe not.
http://www.paymentssource.com/news/target-breach-sends-chills-is-any-merchant-safe-even-with-emv
Wait, just another data breach right? Just another case of credit card information getting in to the wrong hands right?
No.
First, the back story:
Thursday, December 19th Target, one of the biggest retailers in the world, revealed it had been the victim of unauthorized access to its payment card data:
Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.
...
Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
At first this story, while quite concerning, left me just nodding my head saying something to the effect of "another data breach". Yes and no. The methods used in this case appear to have been quite new. This is a VERY different case from previous instances and consequently is much more alarming.
This
latest incident … likely involved an attack on Target's point-of-sale (POS)
system, most security experts agreed, meaning that customer information was
probably sent directly from the store's mounted cash registers to the hackers
themselves, probably due to malicious software.
"I
don't know how they did it," James Wester, research director of IDC
Financial Insights…
"That
is what is kind of mystifying at this point," Wester said. "It seems
like from a security standpoint, Target was doing all of the right things, and
somehow this code was put on the POS system, which isn't a normal access point
for hackers."
You knew all along this was going to cost Target considerably.
What is also interesting is the move by some to push for further implementation of EMV protocols in the United States. It is not yet clear this would have helped at all. Furthermore, hacking always looks for the weakest link. There is no way a hacker could have infected all ~1800 Target stores at the Point of Sale without some severe security failure on the back-end. EMV would have no impact at all on such activity.
More on this story as it continues to unfold.
As my colleague said last night "buy Target stock right now, as it tanks. It'll go back up quickly once this passes."
Yeap.
The New York Times has a piece on this as well:
http://www.nytimes.com/2013/12/20/technology/target-stolen-shopper-data
The New York Times has a piece on this as well:
http://www.nytimes.com/2013/12/20/technology/target-stolen-shopper-data
Is any retailer safe from this sort of activity? Maybe not.
http://www.paymentssource.com/news/target-breach-sends-chills-is-any-merchant-safe-even-with-emv
Hope each of you is well prepared for the holiday season. Best wishes.
Happy reading,
J.W. Gant
Subscribe to:
Posts (Atom)