Credit Cards Compromised In Month-Long Kmart Data Breach

 

 

Kmart revealed that an undisclosed number of credit card numbers were stolen in a month-long data breach which began in early September, according to an SEC filing on Friday. A subsidiary of Sears Holding Corporation, Kmart is the latest in a long string of retailers to suffer a credit card breach this year.

According to the filing, the breach was discovered by Kmart’s IT team on Thursday, October 9, and has likely been going on since early September. Security experts believe that Kmart’s payment data systems were hit with malware that was “undetectable by current anti-virus systems.” Kmart says it has now removed the malware from its system.

Based on the investigation, Kmart believes that credit and debit card numbers were compromised in the breach, but is not commenting on the scope of the breach. The retailer does not believe that any social security numbers, personal information, email addresses, or debit card PIN numbers were stolen. Additionally, kmart.com customers were not impacted, according to Kmart’s release.

Kmart is working with law enforcement, banks, and security firms to investigate the breach, according to the filing. Additionally, the retailer says it is working to improve its security systems.

Kmart is not alone in being hit with a credit card breach this year. On Thursday, Dairy Queen announced that 395 store locations had been compromised by Backoff malware. Last month, Home Depot HD +0.51% announced that 56 million cards had been compromised in a data breach that lasted five months. Earlier in September, Goodwill revealed that 868,000 cards had been compromised in a point-of-sale attack. Other breaches this year included PF Chang’s, Michaels, and Neiman Marcus. In December, 40 million cards at Target TGT -0.02% were compromised in what was the biggest retail data breach until Home Depot.

According to its website, Kmart had 1,221 Kmart stores, 25 of which were Super Centers, as of February 2013. In a statement, Kmart’s President Alasdair James apologized “for any inconvenience this may cause our members and customers.” Like most companies suffering a credit card breach, Kmart is assuring customers that “privacy and security of our customers’ information is of utmost importance,” and is offering free credit monitoring to anyone who shopped at Kmart in the last month.

Read More

World's Top Privacy Experts Worry About Internet Of Things

 

 

Meeting in one of the world’s most remote and private locations – the island of Mauritius off the coast of Africa – top global privacy regulators could have focused on any number of issues. But they were especially concerned that the Internet of things, everything from health sensors to monitors in a car, depends on connectivity which could expose users to significant privacy and security risks.

Data privacy commissioners from countries as different as Albania and Uruguay, Japan and Ghana last week discussed a wide range of developments related to personal data and security, but gave special attention to the growing array of networked devices that surround us at every turn of life.

“These devices can make our lives much easier,” the data and privacy commissioners said in a declaration. “The internet of things however, can also reveal intimate details about the doings and goings of their owners through the sensors they contain.”

“Personal development should not be defined by what business and government know about you. The proliferation of the internet of things increases the risk that this will happen.”

Data privacy commissioners watch a dance performance at their annual conference, held this year in Mauritius (Photo by Adam Tanner)

Although we buy these devices to gain data about ourselves or our surroundings – such as to monitor how many steps we take in a day or whether food is running low in the kitchen – the information could also prove valuable to manufacturers as they can sell it to others. In a recent article I profiled a medical device entrepreneur struggling with the fact that he would have to forgo income by not selling information users produce on his device.

Many companies say they only sell aggregated anonymized data – details about you and many others like you gathered into one large pile. But the data privacy commissioners worry that outsiders will still be able to identify you. That may not seem to matter much if all the data suggests is you need a new gallon of milk, but might be more sensitive if it showed your vital statistics were looking weaker month after month.

Come to think about it, even milk could reflect details about our lifestyles paired with other information, for it could show whether we prefer whole fat or fat free.

Or even more obviously, consider the announced but as of yet unavailable Sexfit penis ring by British company Bondara which transmits sex data. And as my colleague Kashmir Hill wrote in 2011, some Fitbit users in the past have found statistics about their sexual activity posted online.

“Internet of things’ sensor data is high in quantity, quality and sensitivity. This means the inferences that can be drawn are much bigger and more sensitive, and identifiability becomes more likely than not,” the Mauritius declaration said.

The seriousness of the Mauritius meeting, also attended by officials from Facebook, Microsoft MSFT -0.48%, Google GOOGL +0.17% and other companies, certainly felt far removed from the setting of their conference. The doors from the conference hall opened onto a tropical beach where well-heeled tourists come to escape from the ever on technological world (yes, I had the pleasure of attending the conference to deliver a keynote speech). But even here, video camera surveillance, tracking of customer data and other signs of the modern business of personal information have expanded in recent years.

Data privacy commissioners pose for a group photo at their annual conference in Mauritius (Photo by Adam Tanner)

So when it comes to the interconnected devices known as the Internet of things, private officials say companies should not surreptitiously collect data, if anonymously.

“Transparency is key: those who offer internet of things devices should be clear about what data they collect, for what purposes and how long this data is retained,” the privacy commissioners agreed. “They should eliminate the out-of context surprises for customers. When purchasing an internet of things device or application, proper, sufficient and understandable information should be provided.

France’s privacy commissioner Isabelle Falque-Pierrotin put it simply: “The Internet of things should stay under the control of the user.”

And a 5,000 word privacy policy that nobody reads does not provide true control. “Consent on the basis of such policies can hardly be considered to be informed consent,” the commissioners said in their statement. “Companies need a mind shift to ensure privacy policies are no longer primarily about protecting them from litigation.”

Yes, it is easy to make fun of government bureaucrats who fly to a paradise island to formulate policies (and it is not always the case: last year they met in Warsaw, next conference will be in Amsterdam). But they have provided some important insights to consider as gadgets surrounding our lives become ever smarter and linked to the world beyond.

Read More

Can China's New Internet Conference Compete with the West in Defining Norms of Cyberspace?

 

 

Not wanting to be left out, after the United Kingdom, Hungary, and South Korea (PDF) all held conferences on cyberspace governance, China has announced that it will be hosting the World Internet Conference from November 19 to 21.  The  conference, planned by the Cyberspace Administration of China (formerly named the State Internet Information Office), has the stated mission to promote the “development of [the] Internet to be the global shared resources for human solidarity and economic progress.”

The conference seems somewhat hastily planned; invitations went out last week and the first I heard of it was a month ago. Perhaps Beijing wanted the get the conference out the door before the next conference meets in 2015 in the Netherlands (the UK, Hungary, South Korea, and the Netherlands are all part of a series that began in London). The agenda, covering global Internet governance, cybersecurity, the role of the Internet in promotion of economic and social development, and technological innovation, is very similar to the topics covered in the UK (2011), Hungary (2012), and South Korea (2013). There is, of course, no explicit reference to human rights, but it could be discussed under “social development.” In process, it will probably be most like South Korea, where there was criticism that the conference showed a low degree of inclusiveness to civil society groups.

The conference promises to have high-level political support within China. There have been a number of articles in the Chinese press over the last year arguing that Beijing needs to be more assertive about defining the agenda for Internet governance. According to Wang Yukai, an academic and advisor to the government, one of the things required to help make China a “strong cyber power” (网络强国) is a “ clear international strategy that lays out priorities and defends China’s right to have a voice on cyber issues.”

As with the previous conferences, we shouldn’t expect much in outcomes. The Seoul Conference, for example, issued a “Framework for and Commitment to Open and Secure Cyberspace” and announced the follow-up conference at the Hague. For China, just having the conference is probably enough, signaling that it intends to take more of a role in shaping the rules of the road for cyberspace.

Read More

Size Matters: Time For Smaller Businesses To Think Big About Security

 

 n the world of cyber security, size matters. The smaller you are, the larger the threat you face.

Leaders of small and midsize businesses tend to think their size makes them unappealing to cyber thieves when the opposite is true. Smaller companies don’t always see the need to protect their data as thoroughly as larger organizations. The idea being – with a smaller customer base, access to fewer passwords and limited sets of credit card numbers – it’s just not worth the effort for cyber thieves. But cyber attackers are after more than passwords and credit card numbers, and smaller organizations often provide the steppingstones those criminals need.

“They are then looking to see where else they can move laterally to find other business or organizations that they now have visibility into now that they are inside the trusted network,” says Symantec business security expert Mark Guntrip.

All businesses are targets, regardless of size. Symantec’s Internet Threat Report for 2014 says one out of every five businesses with fewer than 250 employees was targeted by a spear phishing attack in 2013. The same kinds of attacks were sent to 50 percent of business with more than 2,501 employees. In particular, the mining, manufacturing and public administration industries had the greatest risk. Though the percentages of targeted attacks were comparable across businesses of all sizes, small businesses do themselves a disservice by thinking small when it comes to security.

Guntrip urges businesses to think big. “Deploy similar security to larger companies. Consider protecting your endpoints, your servers, your network and your gateways.” He recommends cloud-based security solutions for the small or even emerging business.

“Pretty much all businesses can look to the cloud when they choose. It can be the easiest choice – quick to set up, easy to maintain, and allows a small and growing business to focus on growth, not managing IT infrastructure.”

Reasons Small Businesses Should Consider Cloud Based Security

• Easy: There is no hardware or software to install, manage, patch or upgrade. As a result, it takes less work to maintain the platform.
• Affordable: Without hardware or software to purchase, there is little capital expenditure needed. Cloud security is normally charged for as a subscription, so organizations can pay as they go.
• Flexible: Cloud-based security can be more easily configured to support additional employees or locations for growing businesses.
• Manageable: Leaders maintain control through a portal and reporting, giving them the ability to make changes as well as have visibility into what’s happening.

Small businesses should assume they’ll be targeted at some point. “’Good enough’ security is only good enough until you get hit,” warns Guntrip. “Then it’s really not good enough at all.”

Read More

VSCO Cam Brings Manual Exposure To iPhone Photographers

 

 

On the day iOS 8 launched, camera app VSCO Cam got an update that takes advantage of something Apple AAPL +2.14% Sr. VP Craig Federighi promised developers back in June at the company’s WWDC event: manual controls for the iSight camera. In its newest release VSCO Cam lets you set ISO, shutter speed, white balance, and yes, manual focus. You can also set exposure compensation to automatically brighten or darken the image by way of ISO adjustment. This level of manual control, I should add, is something that Apple has chosen not to include in its own Camera app, which only offers a brightness slider. You can read about the enhancements the Cupertino company did make in my iOS 8 feature rundown.

Using VSCO Cam on my iPhone 5, the shutter speed range is from 1 sec. to 1/1000 sec. and ISO can be set from 46 to 736. Naturally, there’s an Auto button for each setting. And just like with a traditional camera you can set these values cumulatively, for full manual exposure control over everything except lens aperture, which is of course, fixed on a smartphone. It shouldn’t be long before other camera apps roll out their updates with similar functionality, but kudos to VSCO Cam for being one of the first out of the gate.

In iOS 8, VSCO Cam lets you adjust camera controls like exposure compensation (shown above) , ISO, and shutter speed independently. You can also set manual focus.

A small icon appears next to the shutter button. Tap it to cycle through controls for ISO, shutter speed, exposure compensation, white balance, and focus. Simply drag the slider to set the selected parameter. An Auto button will quickly reset the camera to its pre-determined setting

Read More

Analysts Put Apple Pay To The Test - And It Works

Apple AAPL +2.14% Pay finally went live on Monday with the release of a new update to Apple’s mobile platform, iOS 8.1, and analysts at Piper Jaffray were among the first to test it out with their shiny new iPhone 6′s.
The results in a nutshell: Apple Pay works, though not everyone behind the counter knew about it.
The analysts tested the service at three retailers on Monday: McDonald’s, Whole Foods and Walgreens.
“[We] were able to successfully complete our transaction at each location,” said Gene Munster, Piper Jaffray’s senior research analyst. They found that the employees at Whole Foods and McDonald’s were aware of Apple Pay, “but the Walgreens employee that helped us was not.”
Munster says participating stores still have to teach staff about the system, but he expects checkout assistants will be up to speed after a month or two.
The one hurdle Apple still faces with its tap-to-pay service is that it’s still limited to eight eligible banks. But Apple plans to update the list of participating banks over time, and Munster said that “overall, the experience was as simple as advertised.”

Read More

Smartisan T1 - An iPhone4 Reincarnation With An Android Soul

 

Ever the marketing master, Steve Jobs knew where to place emphasis when introducing the new Apple AAPL +2.14% product at Apple’s 2010 Worldwide Developers Conference:

It was  “the most precise thing, and one of the most beautiful we’ve ever made,”

And “it’s like a beautiful old Leica camera.”

A rather lofty goal he set for iPhone4– No all vintage cameras have the markup of a Leica M4 or look nearly as sexy. In our world where recycling is the fate for almost everything ever being made, Leica’s ageless charm is so rare that few can match.

Four years is a long time, especially when it comes to mobile phone lifespan.

Apple had released the 6^th iteration of the iPhone and Steven Jobs is no longer with us.

But I am still using an iPhone4.

It never ceased to amaze me how my iPhone4 retains its youth so well. The dozen times of drops left little evidence, save a few scratches on the steel border. The two glass covers were almost unblemished.

Without close scrutiny, it could pass as a new phone.

Today, while I still like every bit of my iPhone4, and have no doubt that it is better looking than most in the market, the occasional lags and jitters remind me of an old dog: Still eager to please the master, but had lost the effortless grace every time it jumps to catch the ball.

Then its eyesight failed – When I activate the camera, the phone automatically shut down and reboot.

Time to say goodbye to the old pal.

***

It is not that the iPhone 6 didn’t tempt me. Like most phone users, I do like more pixels and a slimmer profile, despite common sense tells me that the race of arms over pixel density is getting to the point of pointless – our human eyes can only absorb so many, and a thinner frame does come at a cost of compromised mechanical rigidity, as iPhone6’s “bendgate” clearly indicated.

But the biggest reason that puts me off is the choice of material.

Aluminum is highly malleable, easy to dent and like all metals, feels cold – although I never owned an aluminum iPhone, my two-year-old already tattered-looking iPad stands as testament to me not being a caring owner as much as aluminum being a less-than-ideal material. Although the anodized treatment made the surface resistant to scratches, the sensation of my fingernail scraping against it always makes my teeth hurt. Apple must be aware of it – it had acquired the patent of a new alloy called liquid metal, but four years after we first heard of it, it is still nowhere to be seen on the latest iPhone6.

The frontal sensor is integrated into the earpiece

If Apple can just pack a faster chip and a larger battery into the shell of an old iPhone 4, I would be a happy customer, again. But that is not Apple’s way of doing things. I has always hoped that the company would revive the classic G4 Cube. In 2000 when I caught my first eyeful of the translucent wonder on a magazine cover in my high school library, the RMB50 yuan per week allowance never felt so meagre. Now as a happy owner of a MacBook and two MacBook Pros, the G4 still retains a special place in my gadget fantasy like a unconsummated first love.

***

Last week, I visited the newly opened Smartisan retail store in Beijing. I watched their launch online back in May and wrote an article about it, yet this was the first time that I laid my hands on the real thing.

How does it feel?

It feels like iPhone4 reincarnated.

The same simplicity and the same precision.

Yes, you get me – It is sort of copycat, but I use the word more in a positive way.

The iPhone4 is remarkable for its uncluttered design, the cohesiveness, the feeling that it is one unity lying on your palm rather than a bunch of cobbled together parts.

The new Smartisan T1 takes it to a new height. Compare T1 with my iPhone4. The iPhone 4′s shell has two identifiable materials – glass and steel. The T1 is pure glass. Well, technically, it still uses two materials – glass covers and a fibreglass frame, but at least the later is glassy enough that you can’t tell the difference without touching it.

Smartisan is so proud of Robert Brunner that they put him into their poster

When I say extreme, I mean EXTREME:

The designer of T1 simply removes everything that can be removed from the iPhone4, including:

1. The steel border.
2. The SIM tray, something that Apple has been trying to do with its patented “SIM Within” technology but has yet implemented.
3. The front proximity sensor, which was squeezed into the earpiece – Steve Jobs would have liked the idea.
4. The text on the back.

The result is that T1 looks and feels like a single slab of glass, even more so than iPhone4. With the tapered back cover, it feels less flat than the iPhone4 (and iPhone5 and 5S for that matter).

If the iPhonesque minimalism is one of T1’s main selling points, then the biggest drawback is perhaps that the phone is not an iPhone.

It doesn’t run iOS.

To be fair, the guys at Smartisan did put a lot of effort to innovate the Android system and the result is not half bad. But having been a happy iPhone user for four and half years now, the learning curve is a bit sharp. Like most spoiled phone users, relearning a process that I have mastered seems too much.

Three different app icon sizes

That said, here is a list of what I like about the Smartisan OS:

1. Overview maximum of 81 apps on the screen – so you don’t have to turn many pages to find the app you want to use.
2. A swipe gesture that allows user to squeeze all app icons to the lower half of the screen – a feature that is very handy for larger format phones. Apple has introduced a similar feature in its iPhone6 and iPhone6 plus, several months after T1′s release.
3. You can decide how large or how small the icon sizes are (three options) – useful if you have unideal eyesight.

Then inevitably, some negatives that I identified during my two-hours with a T1:

1. I had a MP3 playing on the background and launched a video app, the mp3 didn’t automatically stop as it would on an iPhone. You have to switch it off manually.
2. Smartisan is more ambitious than being a Chinese phone but the English menu occasionally betrays its Chinese origin - “About Phone”? Or maybe “About this phone”?
3. The fonts don’t look as nice as on an iPhone – You have to give Steve Jobs credit for his taste for great typography.

But hey, these guys have already enlisted an Apple designer, Robert Brunner, to give its phone a great look.  What would stop them from poaching a UX person from Apple or another world-class company to make the experience more Applish? When that day comes, I really can’t see what would prevent a lot of people from ponying up.

 

Read More

Facebook Closes $19 Billion WhatsApp Deal

The Facebook/WhatsApp Deal Is Bad News For Telcos

Facebook’s purchase of WhatsApp shows that the market for messaging is far from dead. But it’s just gotten worse for the telcos. We’ve already discussed the underlying reasons in a report — but the fact that Facebook put $19 billion on the table, of which $4 billion is in cash, for a global messaging service with 55 staff should scare telcos, with their millions of employees and high-cost structures. Over-the-top communications tools like WhatsApp, Line, KakaoTalk, WeChat, and Viber (which itself was bought a few days ago by Rakuten ) have pushed telcos further and further away from any meaningful customer engagement.

To be sure, WhatsApp is about much more than instant messaging; it’s about content sharing — which is an emotional activity. Such emotional activities are critical to closer customer engagement. As the online giants use ever more granular user analytics to cement their position as marketing powerhouses, telcos’ hopes of developing new revenue streams from analyzing user behavior are slipping away faster and faster. This is what makes the deal so dangerous.

Of course, it’s tough to justify the deal simply on the basis of WhatsApp’s revenue model of $1 annual subscriptions. In my view, the deal is really about:

• Bringing a major competitor into your family. Otherwise, someone else could have lured WhatsApp into theirs. The deal, which accounts for about 10% of Facebook’s market capitalization, could be seen therefore as an insurance cover.
• Buying growth, especially on the mobile side and among younger audiences. 450 million people use the WhatsApp service each month, and that number is growing by 1 million users per day. Of course, Facebook and WhatsApp users overlap — and not every WhatsApp user will be happy at becoming a member of the Facebook family; some will abandon WhatsApp.
• Helping Facebook to revive user engagement. 70% of WhatsApp users use the service every day, compared with only 61% for Facebook. Monetizing WhatsApp users will be tough, though. Facebook has a good relationship with advertisers, and analyzing WhatsApp usage behavior will be key to tailoring ads more accurately to users. But the question is whether WhatsApp users will accept this.

I see a clear risk for telcos: Ultimately, they may be left selling flat-rate data plans and throwing in unlimited SMSes for free. The heyday of big profits from high SMS margins is coming to a close. There’s little reason to assume that telcos are regaining ground in the battle for closer customer relationships, given the painfully slow progress they’re making with RCS or in developing their own network-agnostic over-the-top messaging apps.

Read More

10 Job Interview Questions You Should Ask

10 Job Interview Questions You Should Ask

Many job seekers focus so hard on answering interview questions well that they forget something very important: You are there to ask questions, too.

Asking the right questions at an interview is important for two reasons:

First, when done correctly, the questions you ask confirm your qualifications as a candidate for the position.

Second, you are interviewing the employer just as much as the employer is interviewing you. This is your opportunity to find out if this is an organization where you want to work.

(MORE: How to Research Salaries When Job Hunting)

3 Things You Want to Achieve

When you ask the right questions, you want to achieve three things:

• Make sure the interviewer has no reservations about you.
• Demonstrate your interest in the employer.
• Find out if you feel the employer is the right fit for you.

There are an infinite number of questions you could ask during a job interview, but if you stay focused on those three goals, the questions should come easy to you.

I recommend preparing three to five questions for each interview, and actually ask three of them. (I like to have more prepared than is needed because some of my questions might be answered in the course of the interview.)

(MORE: How to Decode Job Descriptions)

10 Questions You Might Ask In a Job Interview

Here are 10 interview questions you could ask, and why:

1. What skills and experiences would make an ideal candidate? This is a great open-ended question that will have the interviewer put his or her cards on the table and state exactly what the employer is looking for. If the interviewer mentions something you didn’t cover yet, now is your chance.

2. What is the single largest problem facing your staff and would I be in a position to help you solve this problem? This question not only shows that you are immediately thinking about how you can help the team, it also encourages the interviewer to envision you working at the position.

The Forbes eBook To Succeed In A Brutal Job Market
Don’t let a rotten economy spoil your goals. Use the career and money advice in The Millennial Game Plan to get and stay ahead for good.

3. What have you enjoyed most about working here? This question allows the interviewer to connect with you on a more personal level, sharing his or her feelings. The answer will also give you unique insight into how satisfied people are with their jobs there. If the interviewer is pained to come up with an answer to your question, it’s a big red flag.

4. What constitutes success at this position and this firm or nonprofit? This question shows your interest in being successful there, and the answer will show you both how to get ahead and whether it is a good fit for you.

5. Do you have any hesitations about my qualifications? I love this question because it’s gutsy. Also, you’ll show that you’re confident in your skills and abilities.

6. Do you offer continuing education and professional training? This is a great positioning question, showing that you are interested in expanding your knowledge and ultimately growing with the employer.

7. Can you tell me about the team I’ll be working with? Notice how the question is phrased; it assumes you will get the job. This question also tells you about the people you will interact with on a daily basis, so listen to the answer closely.

8. What can you tell me about your new products or plans for growth? This question should be customized for your particular needs. Do your homework on the employer’s site beforehand and mention a new product or service it’s launching to demonstrate your research and interest. The answer to the question will give you a good idea of where the employer is headed.

9. Who previously held this position? This seemingly straightforward question will tell you whether that person was promoted or fired or if he/she quit or retired. That, in turn, will provide a clue to whether: there’s a chance for advancement, employees are unhappy, the place is in turmoil or the employer has workers around your age.

10. What is the next step in the process? This is the essential last question and one you should definitely ask. It shows that you’re interested in moving along in the process and invites the interviewer to tell you how many people are in the running for the position.

With luck, the answer you’ll hear will be: There is no next step, you’re hired!

Read More

Don't Try To Be A Man, And More Honest Tips From Highly Successful Women

 

 

If you’re a woman who’s spent any time at all in the corporate world, you might recognize yourself in Ruzwana Bashir’s story. Before cofounding travel site Peek, British-born Bashir spent the formative years of her career in the relative boys clubs of Goldman Sachs and Blackstone.

At the latter, Bashir, now 31, was the first woman in her group. She often felt compelled to exercise what are often seen as male traits in the office. She was, in her own words, aggressive, assertive and masculine.

“In that environment as a woman, you can feel crowd-forced to conforming,” Bashir explained to a room full of young entrepreneurs and achievers on Monday at Forbes’ inaugural Under 30 summit in Philadelphia.

Bashir realized later, upon entering Harvard Business School and being forced to examine her own traits as a business person, that what are often seen as feminine attributes can serve an entrepreneur or executive just as well, if not better, than stereotypically male characteristics.

“Those ‘female’ traits of empathy and compassion — of being collaborative — are true business strengths,” she said.

Ruzwana Bashir, Founder, PEEK.com; Shannon Galpin, Founder, Mountain2Mountain; Kat Cole, President, Cinnabon; Moderator: Denise Restauri, Founder and Chief Executive Officer, GirlQuake

Today, as the CEO of a tech company in male-dominated Silicon Valley, Bashir ensures her workforce is diverse (Peek is 50/50 men and women at present, with numerous nationalities represented) — and also makes a point of giving young women employees her full support.

This includes introducing them to possible mentors. She also sets an example by being authentic, allowing vulnerabilities to show through, rather than mirroring male traits.

“Don’t wear that boxy trouser suit because you feel like you have to,” she said. “Wear whatever you want.”

Bashir was joined on stage at the Under 30 Summit by Cinnabon president Kat Cole and Shannon Galpin, founder of women’s advocacy nonprofit Mountain2Mountain, on a panel called Brutally Honest Tales of Successful Women moderated by Denise Restauri, Forbes contributor and author of Their Roaring Thirties: Brutally Honest Career Talk From Women Who Beat The Youth Trap.

Shannon Galpin told of finding herself in a unique position: a western woman working in a world where men don’t just run the show but have all the rights. Her nonprofit Mountain2Mountain educates and provides opportunities for girls and women in conflict regions, including Afghanistan.

Galpin recalled her first visit to Kandahar Women’s Prison in her organization’s early years. “The thing that was really striking to me was I felt completely helpless,” she said. “I was not in a position to help these women in any real, tangible way. I think that is the most debilitating thing.”

She soon realized that she could use her unusual position to advocate for the Afghan women she’d met in prisons and elsewhere, many of whom had survived rape and other forms of abuse. As a western, non-Muslim woman, she was viewed, as she tells it, as essentially gender neutral by the men in charge.

She could use her voice to advocate for women who might otherwise not have the same access to the seats of power entirely occupied by men. She was also able to speak freely with Afghan women. (“They’d often tell a radically different story,” she said.)

Galpin has implemented mid-wifery and literacy programs in rural parts of the country, helped install computer labs in girls’ schools and set up kindergartens in women’s prisons for the children of inmates. Much of her success can be attributed to her ability to make the most of an otherwise ugly culture of gender inequality, using her outsider status to help women.

Kat Cole has had to overcome sexist stereotyping in spite of her prodigious success. The former waitress was a director of Hooters Inc. by age 25 and the youngest of four VPs by 26. Now, she’s the president of mall food favorite Cinnabon; she’s helped turn the company into a $1 billion (revenues) giant with a growing supermarket presence.

That didn’t stop commenters on a 2012 Forbes story on Cole’s career positing that she’d slept her way to the top. As the product of a single-parent household who made her way to the C-suite without an undergraduate degree, Cole was more troubled than offended.

“It’s sad that so few people with humble beginnings have reached the top that [the trading of sexual favors] is the assumption,” she told the audience on Monday. Her advice to young women in business? Tell your own story so that no-one can fill in the gaps for you with innuendo or inaccuracies.  ”Don’t get sucked into the vortex of the negative vibe,” she said.

Cole also warned against basking in the self-satisfaction of being, say, the youngest person in the room, or the only woman. “You don’t have a voice automatically because you have a seat,” she said.  “Enjoy the cushy seat for a moment, but if you don’t use your voice there’s someone waiting behind you who will.”

Read More

Zuckerberg Seeks Revenge As Facebook Sues Paul Ceglia's Lawyers

 

 

Back in 2011, my colleague Kashmir Hill wrote a piece titled “Paul Ceglia to Facebook and Mark Zuckerberg: Bring It On.”

Facebook did just that, digging up evidence the convicted felon had a history of dubious financial behavior and may have falsified the 2003 contract he said promised him 84% of the social-networking firm. Ceglia was indicted for fraud over the allegations in 2012, and now Facebook and Zuckerberg are going after the lawyers they say helped perpetrate the scheme, including the prominent international law firm of DLA Piper and class action specialists Milberg LLC.

In suing the lawyers suing it, Facebook joins others including Chevron CVX -0.28% and an Alabama coal magnate who have turned to the courts to exact punishment against lawyers they say were using meritless litigation as an shakedown tool.  It’s an aggressive strategy that faces enormous hurdles, given the traditional deference U.S. courts give to lawyers pursuing the zealous representation of their clients. In order to win under New York law, Facebook must show not only that Ceglia’s lawsuit was without merit, but that his lawyers possessed enough information to know that before filing suit.

Much of the evidence in the case was dug up by lawyers at Gibson Dunn, however, the same firm that brought woe to attorney Steven Donziger as well as the prominent Washington law firm of Patton Boggs for suing Chevron over environmental damage in the Ecuadorean jungle. Chevron sued Donziger for racketeering and fraud and used those proceedings to uncover reams of evidence supporting allegations he had a hand in creating the evidence used to secure a multibillion-dollar judgment in Ecuador.

An indictment isn’t enough. I want Ceglia’s lawyers. (Photo credit: Wikipedia)

Facebook’s lawsuit filed in state court in New York accuses three partners at DLA Piper  of taking on Ceglia’s case after it was shopped to numerous firms with a letter reminding them of the lucrative outcome of similar litigation by the Winklevoss twins. They agreed to represent Ceglia and filed an amended complaint in 2011, Facebook says, despite a warning from former co-counsel on the case, Kasowitz Benson,  that the contract purporting to give Ceglia a majority stake in Facebook was a fake.

A Kasowitz partner discovered this after finding the original contract from April 2003 on Ceglia’s computer, Facebook says, which contained no mention of Facebook. The contract he cited in his lawsuit seeking a piece of the company did name Facebook, but on a page with different fonts and spacing than the original contract from his laptop, the lawsuit says.

What gives the lawsuit teeth is Facebook says DLA Piper lawyers knew all this because Kasowitz Partner Aaron Marks warned them in a letter dated two days after the amended complaint was filed in April 2011 that the contract likely was a fake and the lawyers should be mindful of their duties under New York law not to present false evidence in court.

DLA Piper ultimately withdrew from the case, but only after Partner Robert Brownlie, co-chair of the firm’s securities litigation practice, strongly defended his client and said anybody who claimed the case was fraudulent “will come to regret those claims,” the lawsuit says.

DLA Piper called the lawsuit against it meritless, saying it was only in the case for 78 days and Facebook went on to a successful initial public offering that made Zuckerberg a multibillionaire.

“This is an entirely baseless lawsuit that has been filed as a tactic to intimidate lawyers from bringing litigation against Facebook,” the law firm said in a statement.

Facebook, in its own statement to reporters, said:

We said from the beginning that Paul Ceglia’s claim was a fraud and that we would seek to hold those responsible accountable.  DLA Piper and the other named law firms knew the case was based on forged documents yet they pursued it anyway, and they should be held to account.

Holding firms to account is a popular strategy, but one American courts tend to discourage because it can be used as a tool itself to threaten less powerful adversaries.

“It can chill the zeal of good-faith, honest attorneys,”said Stephen Burbank, a civil procedure expert at the University of Pennsylvania Law School who helped write the federal rules governing sanctions for frivolous litigation. “There are those who argue we never would have had a Brown vs. the Board of Education” if the lawyers who brought that case were subject to personal liability, he said.

The difficulty is separating meritless cases from marginal ones, he said. In the 1980s, the federal rules of civil procedure were rewritten to make lawyers liable for any court filing, with disastrous effects on smaller law firms, he said. The real goal was to import a loser-pays system like the one in the U.K. into the U.S., he said, but that is an improper use of the disciplinary process.

The Facebook case is based on tort law, not discipline, but it has the same purpose: To make lawyers think twice about bring dubious cases, because it can cost them money in the end. Ceglia has probably already learned that lesson, and DLA Piper and Milberg may be next.

Read More

Is Alibaba's Data Tampering An Isolated Incident?

 

 

You may have heard it – Tmall, the B2C platform of New York Exchanges-listed Chinese e-commerce giant Alibaba, has tampered with its online data.

For readers who have not been following this story, here is a brief version of what happened: Someone noticed a sudden, inexplicable spike in the pre-order numbers of the new 4G Smartisan T1 smart phone on Tmall.com and dug into it, suspecting that the numbers might not be authentic. And the skepticism was validated – the numbers were indeed cooked. The amount of pre-orders was three times as high as it should have been. The programmer simply added a multiplier of three in the code, and voila, for every order actually placed, people who visited the webpage would be under the impression that three had been made.

Immediately after, Tmall’s Electronics department issued an apology through its verified Weibo account, claiming that the multiplier was added after the old pre-order number was “accidentally reset to zero.” Five days after that initial apology, a Weibo post, which the Chinese media have reported as published by Alibaba’s Chief Marketing Officer (but it is yet to be confirmed by the company), began circulating on social media platforms such as WeChat and Sina Weibo.

“The data was revised manually – it was not the original data generated by the system,” says the Weibo post. “Although the ordering number will not affect the final transaction volume, we should always uphold our principle, which is whatever the real data is, it should be the one presented to the customers. The approach of using exaggerated pre-order numbers to do starvation marketing may sound to be a clever idea, but it is wrong and we don’t approve of it.”

Starvation marketing is something you hear quite a lot here in China. What it tries to do is to create an illusion of scarcity, through which, inducing a mental state of anxiety among consumers. Many brands, such as Apple AAPL +1.46% and Xiaomi, had been criticised of “starving” their consumers by holding back their phones. The desired effect is consumers being led to believe if they don’t act now, they would miss out on something.

Suppose you go to Tmall to check out a new smart phone. You find that 30,000 people have already placed orders, the following can be your thinking process: If so many people wanted this phone, it must be good. If I don’t place an order now, my friends would get the phone before I can lay my hands on it and they will be happier / look cooler –It may sound silly, but a significant number of us fall for it.

Anxiety is a natural response to scarcity, but in light of the recent incident, this perception of scarcity can be a result of manipulation. In the scenario that I just described, the decision was made based on the assumption that the number is real. Consider this: Would you still buy the phone if the number of preorders dropped to 10,000? Would you still want to buy it if the number is 1,000 or even 100? You may or may not, but what is irrefutable is that Alibaba’s Tmall fed consumers with unauthentic information.

Two directly responsible persons were fired, according to the Weibo post. An unnamed executive was demoted. Tmall’s President and HR head both received a “demerit”, which can be serious or nothing. Already some Chinese media are praising Alibaba for showing a great sense of accountability.

So is this just an isolated incident, and now with the bad apples removed, things will be back to normal and we need not worry?

On Zhihu.com, a Chinese Quora-like Q&A site, a user wrote about his experience interning at Alibaba, which raises concerns.

I worked as a front-end engineer… my project was a mobile lottery game’s webpage. There was a “like” button. It was supposed to be users who click the bottom to generate the number of “likes”. However, I was told by the product manager to just make up a number. I was shocked. I even suggested if we should stick with the real number but they rejected me. In the end, I felt I was just an insignificant intern…

From the perspective of the investors, if the number of pre-orders on Tmall could be manipulated, what mechanisms are there in place to prevent the tampering with other figures? Now we have a new reason to be more skeptical.

Read More

Microsoft Plans To Launch A Wearable Device Within Weeks

 

 

 

A Samsung Gear S smart watch on display at a trade fair on September 5, 2014 (Photo: Sean Gallup/Getty Images)

Microsoft MSFT +2.08% is gearing up to launch a wearable device within the next few weeks, Forbes has learned. The gadget is a smart watch that will passively track a wearer’s heart rate and work across different mobile platforms. It will also boast a battery life of more than two days of regular use, sources close to the project say.
That could put it ahead of Samsung’s Galaxy Gear smart watch and Moto 360 which both need to be charged around once a day. The wearable will hit stores soon after launch in a bid to capture the lucrative holiday season, a timeline Apple AAPL +1.46% was reportedly targeting before it delayed its own Watch to early 2015.
Forbes first reported in May that Microsoft was working on a smart watch that drew on optical engineering expertise from its Kinect division, and which would sync with iPhones, Android devices and Windows Phones. It is unclear what Microsoft will name the device, or what it will cost at retail.
A wearable would mark the company’s first foray into a new device category under CEO Satya Nadella. Wearable tech is still uncharted territory, despite offerings from Samsung and the forthcoming Apple Watch. It’s a market predicted to be worth $7.1 billion in 2015.
Going cross platform is also consistent with Nadella’s drive to make his company’s product offerings available “across all devices”. His launch of Microsoft Office for the iPad in March marked a move away from the company’s Windows-only vision under Steve Ballmer.
The latter strategy would probably be unwise today, now that Windows Phone has just 2.5% of the global smartphone market, according to IDC. On the upside, Microsoft can now target its wearable at more customers than the Apple Watch, which will only work with iOS devices.
With a battery that lasts more than two days, Microsoft could get a leg up on big-name competitors who have entered the wearables space. Battery life is frequently cited as one of most important factors that consumers consider when buying a smartphone, yet the topic was conspicuously glossed over at Apple’s Watch announcement last month. Apple CEO Tim Cook has since revealed the gadget will have to be charged every night, just like the Gear and Moto 360.
Motorola’s Moto 360 smart watch also has a continuous heart rate monitor and has been praised for its stylish design, but the battery tends to last for just 24 hours based on various reviews. Some wearables like the Pebble and Jawbone Up24 boast batteries that last for days or even weeks at a time, but that becomes impossible when a device features a color display like the Apple Watch or Gear.
When it comes to battery life, Microsoft may benefit from its historic expertise in software, allowing it to create sensor integrations that boost the device’s power train efficiency.
Microsoft’s history of launching new hardware is a mixed bag. Its Zune music player wasn’t the success it could have been, and prospects for its Surface tablet still look hazy. But when Microsoft introduced the Kinect for the Xbox 360 in 2011, it became the fastest-selling consumer device on record.
Microsoft’s legacy in machine learning through Microsoft Research could also point to a future business model for a health-tracking device — that is, if it chooses to exploit its close ties with enterprise customers. The company could, for example, promote its wearable gadget and any accompanying cloud-based software as a service for helping to cut healthcare costs, by tracking and incentivizing healthy behavior among workers.
Such “wellness” services are already being shopped by a host of health tracking startups like Pact Health, StickK, WellBe and Jiff, but larger tech firms have yet to jump into the market.

Read More

Apple iOS 8.1 To Launch Today. Here's What Is Coming In The Update

 

 

Apple AAPL +1.46%’s senior vice president of Software Engineering Craig Federighi said that Apple iOS 8.1 will be releasing today. Apple iOS 8.1 includes bug fixes, functionality for several Continuity features, the iCloud Photo Library, Apple Pay and the return of the Camera Roll.

Continuity

Continuity lets you easily switch between your iPhone, iPad and Mac or use them together. Continuity features include Handoff, Phone Calling, Instant Hotspot and SMS from any device. Several Continuity features became available when Apple launched the Yosemite operating system for Macs last week during the new iPad event, but iOS 8.1 is required to support SMS from any device and Instant Hotspot. The Instant Hotspot and SMS support features were originally supposed to launch as part of iOS 8, but they had to be delayed until the update was released.

SMS from any device

When Apple launched OS X Mountain Lion in July 2012, it included an app called Messages. Messages is an instant messaging software app that lets users send messages to Macs, iPhones, iPads and iPhones that are compatible with iMessage. After you update to Apple iOS 8.1, you will be able to send and receive SMS/MMS text messages from your iPad or Mac. In the chat bubbles, Apple distinguishes iMessages with blue backgrounds and standard SMS messages with green backgrounds.

SMS from any device / Credit: Apple

Instant Hotspot

Instant Hotspot will be enabled when you update to iOS 8.1. If you are not in WiFi range, your iPad or Mac can connect to the personal hotspot on your iPhone if it is close by. The name of your iPhone will appear in the list of WiFi networks in the Settings on your iPad and WiFi menu on your Mac.

Instant Hotspot / Credit: Apple

iCloud Photo Library

The iCloud Photo Library allows users to save pictures and videos to their iCloud account. If you have this feature enabled, smaller versions of your photos are stored on your iOS device to save storage space. Your iCloud Photo Library will be accessible through any iOS device or through the iCloud website. Apple plans to eventually sync your iCloud Photo Library with a future version of the Photos app for Macs so you will be able to easily view your photos stored in the cloud from your computer.

iCloud Photo Library / Credit: Apple

Apple Pay

Apple Pay is the most anticipated feature launching with iOS 8.1. Apple Pay is a mobile payment service that will let users pay for goods at retailers and restaurants using iOS devices. The NFC-enabled devices that are compatible with Apple Pay include iPhone 6, iPhone 6 Plus, iPad Air 2, iPad mini 3 and the upcoming Apple Watch.

Apple Pay essentially replaces traditional credit and debit cards that have magnetic stripes. Apple devices will be able to wirelessly communicate with point of sale systems using near field communication (NFC) technology. Transactions are authorized with the Touch ID fingerprint sensor and Passbook. If you have an older iOS device like the iPhone 5, iPhone 5C or iPhone 5S, then you will be able to use Apple Pay by connecting it to an Apple Watch.

Apple said that 220,000 retail locations will support Apple Pay at launch. Stores that will support Apple Pay include Macy’s, Target TGT -0.62%, Walgreens and Bloomingdales. The participating restaurants include Subway , Panera Bread and McDonald’s.

Apple Pay / Credit: Apple

Bug Fixes And The Return Of The Camera Roll

Apple iOS 8.1 will include bug fixes and the return of the Camera Roll. One of the bug fixes will be for an issue that makes it hard for iOS 8 users to pair with Bluetooth devices.

When iOS 8 launched, Apple replaced the Camera Roll with a section called “Recently Added.” The “Recently Added” section includes photos and videos that were taken within the last month. Apple is likely bringing back the Camera Roll due to a negative response from users about the change.

Recently Added Album / Credit: Screenshot by Amit Chowdhry

It is unknown what time Apple will be releasing iOS 8.1, but I will update this post when it is officially released.

Read More

How To Hack The Sky

Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world’s most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles.

In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variety of tricks for gaining access to and exploiting satellite Internet connections. Using less than $75 in tools, Nve, a researcher with security firm S21Sec, says that he can intercept Digital Video Broadcast (DVB) signals to get free high-speed Internet. And while that’s not a particularly new trick–hackers have long been able to intercept satellite TV or other sky-borne signals–Nve also went a step further, describing how he was able to use satellite signals to anonymize his Internet connection, gain access to private networks and even intercept satellite Internet users’ requests for Web pages and replace them with spoofed sites.

“What’s interesting about this is that it’s very, very easy,” says Nve. “Anyone can do it: phishers or Chinese hackers … it’s like a very big Wi-Fi network that’s easy to access.”

In a penetration test on a client’s network, Nve used a Skystar 2 PCI satellite receiver card, a piece of hardware that can be bought on eBay for $30 or less, along with open source Linux DVB software applications and the network data analysis or “sniffing” tool Wireshark.

Exploiting that signal, Nve says he was able to impersonate any user connecting to the Internet via satellite, effectively creating a high-speed, untraceable anonymous Internet connection that that can be used for nefarious online activities.

Nve also reversed the trick, impersonating Web sites that a satellite user is attempting to visit by intercepting a Domain Name System (DNS) request–a request for an Internet service provider (ISP) to convert a spelled out Web site name into the numerical IP address where it’s stored–and sending back an answer faster than the ISP. That allows him to replace a Web site that a user navigates to directly with a site of his choosing, creating the potential for undetectable cybercrime sites that steal passwords or installs malicious software.

In his tests on the client’s network, Nve says he was also able to hijack signals using GRE or TCP protocols that enterprises use to communicate between PCs and servers or between offices, using the connections to gain access to a corporation or government agency’s local area network.

The Barcelona-based researcher tested his methods on geosynchronous satellites aimed at Europe, Africa and South America. But he says there’s little doubt that the same tricks would work on satellites facing North America or anywhere else.

What makes his attacks possible, Nve says, is that DVB signals are usually left unencrypted. That lack of simple security, he says, stems from the logistical and legal complications of scrambling the signal, which might make it harder to share data among companies or agencies and–given that a satellite signal covers many countries–could run into red tape surrounding international use of cryptography. “Each [country] can have its own law for crypto,” says Nve. “It’s easier not to have encryption at the DVB layer.”

---

Nve isn’t the first to show the vulnerability of supposedly secure satellite connections. John Walker, a British satellite enthusiast, told the BBC in 2002 that he could watch unencrypted NATO video feeds from surveillance sorties in the Balkans. And the same lack of encryption allowed insurgents to hack into the video feed of unmanned U.S. drone planes scouting Afghanistan, theWall Street Journal reported in December.

In fact, the techniques that Nve demonstrated are probably known to other satellite hackers but never publicized, says Jim Geovedi, a satellite security researcher and consultant with the firm Bellua in Indonesia. He compares satellite hacking to early phone hacking or “phreaking,” a practice that’s not well protected against but performed by only a small number of people worldwide. “This satellite hacking thing is still considered blackbox knowledge,” he wrote in an e-mail to Forbes. “I believe there are many people out there who conduct similar research. They may have some cool tricks but have kept them secret for ages.”

At last year’s Black Hat D.C. conference, British cybersecurity researcher Adam Laurie demonstrated how he intercepts satellite signals with techniques similar to Nve, using a DreamBox satellite receiver and Wireshark. But Nve argues that his method is far cheaper–Laurie’s DreamBox setup cost around $750–and that he’s the first to demonstrate satellite signal hijacking rather than mere interception.

“I’m not just talking about watching TV,” says Nve. “I’m talking about doing some very scary things.”

Read More

Security And The Internet Of Things

One of the terms out there that is getting more and more visibility is the “Internet of Things” or IoT. I’ll admit that I have fought hard against even invoking the term for fear some evil apparition would appear if I were to say it three times. Alas, it has come to the point where I know I have to comment. I’m realizing that, when relatives are asking me how to know if their refrigerator is online or not, it is well overdue.

What is the Internet of Things anyway? This refers to the interconnections between all manner of devices with an addressable interface that can communicate online. So many devices now have embedded operating systems that introduce a wealth of new opportunities for the end user as well as ne’er do wells who may not have your best interests at heard. Whether it is your thermostat communicating with Google GOOGL -2.44%, Apple AAPL +1.46%Watch collecting your health data, your car receiving firmware updates or your fridge sending you a text to remind you to pick up a carton of milk, it has arrived. The terminology first reared its head in 2009 in the RFID Journal. The article “The ‘Internet of Things’ Thing” by Kevin Ashton is given the hat tip as the point at which this all began.

From RFID Journal:

If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.

We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to observe, identify and understand the world—without the limitations of human-entered data.

A lofty ambition. Of course the comedian that lurks in the dark spaces of my mind cracks wise about Skynet and evil robots from the future bent on our destruction. What is troubling is the possibility that security not taken into account with these carious implementations. All of that data being harvested in an automated fashion but, who has access to the data? What type of information is actually being collected? Has my coffee machine been pressed into service by a foreign government? Sure, I’m being just a little facetious. It is not too far of a stretch to think that problems could be in the wings when you have devices that can monitor environmental controls, critical infrastructure such as smart grid, medical devices and transport systems.

Businesses love the idea of the Internet of Things. It opens up new markets while providing more information on customer buying habits. I on the other hand sit back in my chair and look at the darker side of IoT. Case in point, how do you go about managing the username/passwords for your ever increasing number of connected devices and appliances? What about the privacy of your information? Take as an example various Internet connected video cameras with easily defeated security controls or baby monitors. These are all issues that will need to be dealt sooner rather than later.

This summer the Open Interconnect Consortium was created. This is an organization that purports to create a framework for the Internet of Things. From their July 7th press release:

Leaders from a broad range of industry vertical segments – from smart home and office solutions to automotive and more – will participate in the program. This will help ensure that OIC specifications and open source implementations will help companies design products that intelligently, reliably and securely manage and exchange information under changing conditions, power and bandwidth, and even without an Internet connection.

It is nice to see that there groups are popping up with the state mission to add frameworks to “securely manage” information that is being transmitted and at rest. There is a question that I have which is, are we too late? I was working on smart grid deployments seven years ago and this group was announced in 2014. I’m hopeful that security will be taken seriously but, I must admit that I do fret as I think that the horse has already bolted from the barn.

What are the implications to the individual? Imagine the new announced Apple Watch as an example. This is a device that will know 1) who you are 2) where you are via GPS 3) What you’re doing via acceleometer and gyroscope 4) your health and  5) even be able to monitor your mood. While I’m sure they have taken time to secure these devices, the ramifications could be significant if there was a failure. I once had a rotary phone and to see that a Dick Tracy-esque watch that can monitor my health and act as a phone is amazing to me. I’m always enamoured with new technology. The Internet of Things brings with it huge benefits but, we must be sure to include security and privacy at the outset across the board.

Read More