Archive for the ‘News’ Category
#10 — Panera
Number of victims: 37 millionWho was targeted: All PaneraBread.com customer accountsWhat data was exposed: Names, email and physical addresses, birthdays, and the last four digits of the customers’ credit card numbersTimeframe: Disclosed April 2018What happened: Despite being warned by a cybersecurity expert in August 2017 that their website was leaking data, the Panera IT team failed to act until 8 months later when it announced the leak and took the site down for security maintenance.
#9 — Newegg
Number of victims: 50 millionWho was targeted: Newegg online shoppersWhat data was exposed: Credit card infoTimeframe: August 14, 2018 – September 18, 2018What happened: The online retailer was hacked by cybergang Magecart, who injected a credit card skimming code into the Newegg website. Whenever a customer bought something online, that payment info went straight to Magecart’s C&C (command and control server).
#8 — Elasticsearch
Number of victims: 82 million (57M consumers, 26M businesses)Who was targeted: Users and online businesses across the internetWhat data was exposed: From individual users — names, email and physical addresses, phone numbers, IP addresses, employers, and job titles. From businesses — names, company details, zip codes, carrier routes, latitudes/longitudes, census tracts, phone numbers, web addresses, email addresses, employee count, revenue numbers, NAICS codes, SIC codes, and more.Timeframe: Discovered November 14, 2018What happened: This is one of those cases we mentioned above where a regular security audit led to a researcher stumbling upon over 80 million records of sensitive, aggregated data. It is unknown how long the databases were sitting unguarded and who, if anyone, has had the opportunity to copy and steal all the data. Cybersecurity experts believe they have tracked down the source of the unguarded databases to a data management company that has since closed its doors, but it is still officially unknown.
#7 — Facebook
Number of victims: 87 millionWho was targeted: Facebook usersWhat data was exposed: Profile info, political beliefs, friend networks, private messagesTimeframe: Disclosed September 2018What happened: This is the notorious Cambridge Analytica scandal where the data-collecting firm illegally harvested users’ info without their permission. The secret operation was politically motivated—namely, to influence the 2016 US presidential campaign. And though the breach occurred a couple years ago, it’s only this year that investigatory conclusions have come out, giving us a clearer picture of what happened.
#6 — MyHeritage
Number of victims: 92 millionWho was targeted: MyHeritage usersWhat data was exposed: email addresses and hashed passwordsTimeframe: Alerted June 2018What happened: Cybersecurity researchers alerted the genealogy site in June 2018 that an outside server had been discovered with sensitive MyHeritage info. The company confirmed the info was legitimate and alerted its users that any account holders who signed up earlier than October 26, 2017 were at risk and should change their passwords.
#5 — Quora
Number of victims: 100 millionWho was targeted: Quora usersWhat data was exposed: Names, email addresses, hashed passwords, profile data, public and non-public actionsTimeframe: Discovered December 3, 2018What happened: Many questions still surround the details of this breach, but the question-and-answer site reported to its users that a third party had gained unauthorized access to one of their systems, expounding no further.
#4 — Under Armour
Number of victims: 150 millionWho was targeted: MyFitnessPal usersWhat data was exposed: User names, email addresses, hashed passwordsTimeframe: Late February 2018What happened: The company’s food and nutrition app was hacked, opening up the above info to the attackers, but not, thankfully, any payment info, which the company processes through a separate channel.
#3 — Exactis
Number of victims: 340 million (230M consumers, 110M businesses)Who was targeted: Users and businesses across the internetWhat data was exposed: Over 400 categories of detail, such as phone numbers, email and physical addresses, interests, ages, religions, pet ownership, etc.Timeframe: June 2018What happened: Data collection firm Exactis somehow had 2 terabytes of data relocated to a public site for all to see. It’s unknown who or how many people accessed the info before it was discovered.
#2 — Starwood
Number of victims: 500 millionWho was targeted: Starwood guestsWhat data was exposed: Names, email and physical addresses, phone numbers, passport numbers, account info, birth dates, gender, travel info, and accommodation info. Some of the breached info also included hashed credit card info.Timeframe: Discovered September 10, 2018, but could have stretched as far back as 2014What happened: Like many of the other official breach statements, the Marriott-owned hotel chain issued a statement that its servers had suffered “unauthorized access,” but recent discoveries from the investigation indicate the breach may have been caused by the Chinese government for political purposes.
#1 — Aadhaar
Number of victims: 1.1 billionWho was targeted: Indian citizensWhat data was exposed: Aadhaar numbers, names, email and physical addresses, phone numbers, and photosTimeframe: August 2017 – January 2018What happened: Anonymous sellers over WhatsApp charged Rs 500 and lower for a portal into India’s Unique Identification Authority where the records of virtually every citizen was at the payer’s fingertips.
Bitcoin is a crypto-currency which leverages the Blockchain. Similar to a real currency, Bitcoin is hailed as a revolutionary technology for storing value. It’s popularity stems from distrust in real world currencies, the un-regulated printing of currencies like the US Dollar.
Bitcoin is governed by “developers” and infrastructure. Crypto Miners who facilitate the transactions within the Bitcoin ecosystem have a shared consensus to regulate and evolve the Bitcoin economy. Bitcoin has governed parameters which include a limit on quantity, blocksize and others.
Today, the Bitcoin community seeks to evolve Bitcoin with agreed changes. Segwit2x, also known as the New York Agreement, is an industry-wide compromise that CEO and founder of Digital Currency Group Barry Silbert spearheaded in May to activate the Segregated Witness (Segwit) scaling upgrade for Bitcoin. Key mining pools and exchanges that agreed to the aforementioned plan include Bitmain’s Antpool, Btc.top, Bixin, Btcc Pool, F2pool, Huobi, Okcoin, Viabtc, BW, 1Hash, Canoe, Batpool, and Bitkan.
The event and announcement closely follow Bitmain’s release of its hard fork protection plan against UASF BIP148, which CEO Jihan Wu has described as an attack on Bitcoin. He spoke at the Summit on June 14 about how to prevent BIP148 from activating, outlining its weaknesses.
China owns ~80% of Bitcoin mining infrastructure and typically plays a dominant role in the future of Bitcoin.
Read more here.
In 2005, a research team led by the Electronic Frontier Foundation (EFF) broke the code behind tiny tracking dots that some color laser printers secretly hide in every document.
The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.
“We’ve found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer,” said EFF Staff Technologist Seth David Schoen.
You can see the dots on color prints from machines made by Xerox, Canon, and other manufacturers (for a list of the printers we investigated so far, see: http://www.eff.org/Privacy/printers/list.php). The dots are yellow, less than one millimeter in diameter, and are typically repeated over each page of a document. In order to see the pattern, you need a blue light, a magnifying glass, or a microscope (for instructions on how to see the dots, see: http://www.eff.org/Privacy/printers/docucolor/).
EFF and its partners began its project to break the printer code with the Xerox DocuColor line. Researchers Schoen, EFF intern Robert Lee, and volunteers Patrick Murphy and Joel Alwen compared dots from test pages sent in by EFF supporters, noting similarities and differences in their arrangement, and then found a simple way to read the pattern.
“So far, we’ve only broken the code for Xerox DocuColor printers,” said Schoen. “But we believe that other models from other manufacturers include the same personally identifiable information in their tracking dots.”
You can decode your own Xerox DocuColor prints using EFF’s automated program at http://www.eff.org/Privacy/printers/docucolor/index.php#program.
Xerox previously admitted that it provided these tracking dots to the government, but indicated that only the Secret Service had the ability to read the code. The Secret Service maintains that it only uses the information for criminal counterfeit investigations. However, there are no laws to prevent the government from abusing this information.
“Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said EFF Senior Staff Attorney Lee Tien. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?”
EFF is still working on cracking the codes from other printers and we need the public’s help. Find out how you can make your own test pages to be included in our research at http://www.eff.org/Privacy/printers/wp.php#testsheets.
Estonia is a small country bordering Russia, Latvia and Finland. It boasts of an advanced information management platform for government.
This platform is the X-Road platform which is an invisible but crucial backbone for data transactions between the various e-services databases in the public and private sectors. X-Road facilitates harmonious interoperability.
Estonia’s data stores are de-centralised meaning:There is no single owner / controller Every government agency or business can choose the right products suitable for them Services are added one at a time, as they are ready
All Estonian services that use multiple data stores use X-Road as a central connection between these data stores. All outgoing data from X-Road is digitally signed and encrypted. All incoming data is authenticated and logged.
X-Road was a system built to facilitate multi-data store queries, but has evolved to also facilitate multi-data store writes, and transmit large datasets. It was also designed for growth and currently supports:287 million queries (2013) Connects 170 database in Estonia Provides 2000 services in Estonia Connects 900 organisations daily Supports >50% of Estonians who use the government portal Eesti.ee
Services provided via X-Road include:Electronic Registration of residency Updating personal data (like address, exam results, health insurance etc…) Declare taxes electronically Check driving license validity Check for registered vehicles Registering newborn children for health insurance
Estonia showcases its e-society here. To transform its society into a community of digital governance and tech-savvy individuals, children as young as 7 are taught the principles and basics of coding.
Estonians are driven, forward-thinking and entrepreneurial, and the same goes for the government. It takes only five minutes to register a company there and, according to The Economist, the country in 2013 held the world record for the number of startups per person. And it’s not quantity over quality: Many Estonian startups are now successful companies that you may recognize, such as Skype, Transferwise, Pipedrive, Cloutex, Click & Grow, GrabCAD, Erply, Fortumo, Lingvist and others.
If all this sounds enticing and you wish to become an entrepreneur there, you’re in luck; starting a business in Estonia is easy, and you can do it without packing your bags, thanks to its e-residency service, a transnational digital identity available to anyone. An e-resident can not only establish a company in Estonia through the Internet, but they can also have access to other online services that have been available to Estonians for over a decade. This includes e-banking and remote money transfers, declaring Estonian taxes online, digitally signing and verifying contracts and documents, and much more.
E-residents are issued a smart ID card, a legal equivalent to handwritten signatures and face-to-face identification in Estonia and worldwide. The cards themselves are protected by 2048-bit encryption, and the signature/ID functionality is provided by two security certificates stored on the card’s microchip.
But great innovations don’t stop there. Blockchain, the principle behind bitcoin that also secures the integrity of e-residency data, will be used to provide unparalleled safety to 1 million Estonian health records. The blockchain will be used to register any and all changes, illicit or otherwise, done to the health records, protecting their authenticity and effectively eliminating any abuse of the data therein.
There are many lessons we can learn from Estonia. To increases efficiency and maturity of services, a country needs to be willing to adapt and evolve infrastructure to the needs to the new economy. These include transparency, precise and equitable delivery of services to the community.
Are you famous yet? In another case of “Schadenfreude“, the Panama Papers have placed a list of dignitaries in the public spotlight a year after the German newspaper Süddeutsche Zeitung received 2.6 terabytes of documents related to Mossack Fonseca from an anonymous source. This eclipses Wikileaks Cablegate 2010 (1.7 GB), Offshore Leaks 2013 (260 GB), Lux Leaks 2014 (4 GB), and Swiss Leaks 2015 (3.3 GB).
The Panama Papers comprises e-mails, PDF files, photos, and excerpts of an internal Mossack Fonseca database. It covers a period spanning from the 1970s to the spring of 2016 with data on some 214,000 companies. There is a folder for each shell firm that contains e-mails, contracts, transcripts, and scanned documents. The leak comprises 4,804,618 emails, 3,047,306 database format files, 2,154,264 PDFs, 1,117,026 images, 320,166 text files, and 2,242 files in other formats.
Meet Nuix, the Australian company that has the technology to make sense of all this data.
Kimonolabs started as a Winter 2014 Y Combinator class startup. It recently raised USD5M in 2014, but this hasn’t help delaying their choice to shutter their doors for jobs at Palantir. Pratap explained that the startup has not been able to have the impact it wanted within the two years from launch. So Kimonolabs falls too the wayside where many other web-scaping tools have gone leaving their 125K users in the lurch.
They have given 2 weeks notice to their users to migrate data and services from the platform. The last day is 29 Feb 2016. The absolute last day for API services is 31st March 2016. Your data will be purged and Palantir will not have access to it. If you depend on this service, you will probably be scrambling at this point for alternatives. I am sure that when you assess the risk for utilising a technology like Kimonolabs, you will consider the financial and resource stability of the company.
Periscope Data is a cloud-based business intelligence analytics and distribution platform. Periscope Data has taken the pain out of data loading by directly connecting to your data sources with no messy ETLs.
Periscope visualizes your data into charts, graphs and dashboards. All you need to do is to write SQL queries in Periscope and it returns charts and reports and dashboards that you can share or embed.
Periscope is licensed by the number of data rows you share with Periscope. You can have unlimited users. Your Periscope package includes Unlimited Charts, Unlimited Users, Dashboards, Unlimited Embedding and white-labeling, and Unlimited Support.
Pricing of packages start at $1,000 a month for up to 1 Billion rows of data and scale linearly from there. There is no annual commitment, you can pay month to month.
You can take advantage the Periscope caching tool at no additional cost. Caching reduces load on your database, results in faster performance and gives you the ability to upload csv’s and do cross database joins. Your query speeds will run 150x times faster with Periscope caching.https://www.periscopedata.com/ http://wiki.glitchdata.com/index.php?title=Periscope_Data
If you haven’t heard of Yellowfin BI, it is a passionate startup focused on making Business Intelligence easy. Established in 2003, Yellowfin has been developed to satisfy a range of BI needs, from small businesses, to massive enterprise deployments and software vendors.
Yellowfin makes a Business Intelligence platform built ontop of Tomcat/Java that processes and presents information in refreshing detail. Its easy to assemble, and allows you to focus on building new business value rapidly. Yellowfin can be deployed on any server (cloud or on premise).
Yellowfin is the second Australian vendor to ever get in the Gartner Magic Quadrant.
Growing organically, it can barely be called a startup these days with >100 employees and offices in 4 different countries. Yellowfin is running a series of presentation of their technology in December. These are:Melbourne – 1 Dec Sydney – 2 Dec Auckland – 3 Dec
Register for the event today!
Talend has started leveraging Apache Spark as part of its big data integration platform. Spark leverages the speedy in-memory execution capability to accelerate data ingestion. Migrating to Apache Spark can provide performance improvements from 5 to 100 times.
Talend promises to make the migration literally as simple as the push of a button with a new refactoring option that can automatically convert data pipelines written for MapReduce to Spark. MapReduce was the previous leader in high-performance data integration. That theoretically requires no changes to the high-level workflows that a user has defined for a cluster.
New projects also benefit from the upgrade, which brings some 100 pre-implemented data ingestion and integration functions that make it possible to pull data into Spark without having to do any programming. According to Talend, the result is an up to tenfold improvement in developer productivity.
There are a number of new Talend features, with the biggest additions being “masking” or also commonly known as Tokenisation. This allows an organization to replace a sensitive file with a structurally similar placeholder that doesn’t reveal any specific details. That’s useful in scenarios where, say, an analyst at a hospital that doesn’t have permission to view patient treatment history wants to check how many medical records there are in a given dataset coming into Spark.
To read or process the Ashley Madison data is fairly straight forward. The dataset comes with a suite of files. These are:am_am.dump.gz aminno_member.dump.gz aminno_member_email.dump.gz member_details.dump.gz member_login.dump.gz CreditCardTransactions.7z README
Each of these files come with a PGP signature. You can use gunzip on a Mac (or unix platform) to extract the files. 7z files will require 7-Zip software on a Windows computer.
You will need MySQL software from Oracle to load this data. MySQL Community edition is free.Top Cities by Users for Ashley Madison
Here’s are the Top 100 cities. It’s interesting that Singapore doesn’t feature on the list at all. The city-state had banned the site in the interest of the family. It looks like the ban worked. Sydney, New York and Toronto looks like a hotbed of infidelity.São Paulo 374542 New York 268171 Sydney 251813 Toronto 222982 Santiago 218125 Melbourne 213847 Houston 186795 Los Angeles 181918 London 179129 Chicago 162444 Rio de Janeiro 156572 Madrid 135294 Bogotá 123559 Brisbane 118857 Brooklyn 110859 Miami 109505 Calgary 107021 San Antonio 99157 Dallas 97736 Brasília 97096 San Diego 94953 Perth 88754 Las Vegas 87720 Atlanta 86897 Philadelphia 86018 Edmonton 84971 Lima 82279 Phoenix 81913 Belo Horizonte 77834 香港 77561 Austin 77432 Columbus 73377 Montreal 72304 Washington 71779 Jacksonville 70134 Denver 70043 Mississauga 69403 Curitiba 68916 Barcelona 68513 Dublin 65658 Ciudad de México 64516 Orlando 63549 San Francisco 62333 Minneapolis 61403 灣仔 60674 Portland 60672 Charlotte 59686 Ottawa 58463 Seattle 56935 Indianapolis 56741 Buenos Aires 56701 Adelaide 55490 Tampa 55321 Cleveland 55031 Vancouver 52651 Fort Lauderdale 52554 Cincinnati 52055 Springfield 51644 Arlington 51345 Salvador 51069 San Jose 51043 Fort Worth 50976 Medellín 50308 Beverly Hills 49437 Bronx 49067 Boston 47951 Pittsburgh 47815 Kansas City 47793 Louisville 47239 Winnipeg 47202 Porto Alegre 47018 Saint Louis 46547 Richmond 46546 Buffalo 46532 North York 46223 Roma 46000 Johannesburg 45831 Sacramento 45777 Rochester 45216 Columbia 44541 Tucson 43293 Central 41900 Oklahoma City 41809 Salt Lake City 41773 El Paso 40914 Milwaukee 40392 Hamilton 40096 Cali 38847 Colorado Springs 38696 New Delhi 38620 London 38561 Brampton 38446 Madison 37813 Paris 37641 Saint Paul 37412 Cape Town 37001 Fortaleza 36922 Scarborough 35952 Albuquerque 35802 תל אביב יפו 35602