Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Archive for December 31, 2015
Target Wish List Leaking Your Data
The holiday shopping season has not been merry for mega-mart Target. You would think the mega-retailer that leaked info on 110 million customers would learn how to keep their customers’ info secure but NOOOO. The anti-virus firm AVAST has discovered the Target (TGT) Wish List app is leaking your data, your personally identifiable information (PII).
The Avast Blog says that if you created a Christmas wish list using the Target app it is leaking your data. it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses.
Alarmingly, for a firm that has privacy issues, the Target app’s backend interface is not secured. This allowed the database to be accessed over the Internet. The author reports that the Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need to parse all the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.
Leaking your data
The JSON file that the AVAST researchers requested from Target’s API leaked lots of interesting data. The leaked data included: users’ names, email addresses, shipping addresses, phone numbers, the type of registries, and the items on the registries. The AVAST researchers did not store any PII, but they did aggregate data from 5,000 inputs for statistical analysis.
The AVAST researchers took the sample and looked at which some of the data they got. It included; brands, states the Target app users are from, and the most common names of people using Target’s app.
This appears to be a classic case of security by obfuscation. The app developers created the online API for data that is uploaded by Target. They also set up a separate API in tandem so that the retail chain could download and process the uploaded data – but without any security measures in place.
In a post on Ars Technica, a Target spokesperson said that it has suspended elements of the app while developers investigate. Hopefully, this should mean that the data-leaking has stopped while the backend has been disabled.
In other Target data breach news FierceITSecurity reports that Target has reached a $39.4 million settlement with banks and credit unions over claims they lost millions of dollars as a result of the massive 2013 data breach at the retailer. The massive data breach at Target exposed the credit and debit card numbers of 40 million customers to hackers and personal information on another 70 million.
The settlement, if accepted, will resolve class-action lawsuits by the banks and credit unions seeking reimbursement for fraudulent charges and issuing new cards. Of the $39.4 million, $20.25 million will be paid to banks and credit unions, and $19.11 million will be paid to reimburse MasterCard card issuers.
This follows settlements that Target reached with Visa card issuers for $67 million and with customers for $10 million. Target estimated that the breach so far has cost it $290 million, with insurers picking up $90 million, according to a filing with the Securities and Exchange Commission last week. Target is not out of the woods yet. It still has to deal with shareholder lawsuits and a probe by the Federal Trade Commission and state attorneys general related to the data breach.
Fred Donovan at FierceITSecurity says Target is a cautionary tale for any enterprise. Despite handling billions of dollars in credit card transactions, the retailer did not have one person responsible for IT security at the time of the breach. While it had a network security system in place, it did not have IT security personnel skilled enough to recognize an alarm the system set off months before Target discovered the breach.
rb-
Cash is king, especially at Target.
Related articles
- Massive MacKeeper data breach (thesafemac.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Happy Holidays 2015
Merry Christmas
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Holidays |
Tags: 2015, Bach Seat, Goodwill to all, Merry Christmas, Peace on Earth, Santa, Sante Claus
Do Christmas Lights Slow Wi-Fi?
A new holiday tradition is to spread FUD about how your Christmas lights can interfere with your Wi-Fi signal. This year’s holiday Wi-Fi FUD spreader is the UK communications regulator Ofcom. Ofcom hinted that “Fairy Lights” may slow down your 2.4 GHz Wi-Fi signal and everyone went crazy.
The theoretical science says it does. C|Net explains that Wi-Fi uses radio waves. Christmas lights emit a very weak electromagnetic field. So theoretically, they can interfere with the radio waves being transmitted from your Wi-Fi router. The more lights, the stronger the electromagnetic field. Also, the closer the lights are to the router, the more it may interfere with the Wi-Fi.
The truth about holiday light interfere
Communications technology consultant Stuart Lipoff, told C|Net how you’re affected really comes down to what type of Christmas lights you use. The older technology that was used to make the lights blink can indeed cause radio interference. The interference could happen if the holiday lights were arranged in series with each other. The total number of lamps in the string could be such that the combined voltage of all of them was equal to the 110 volts in a typical U.S. home.
However modern Christmas tree lights are based on solid-state LEDs. They often use an external electronic flashing controller and do not create radio noise. However, there are some LEDs that have an extra blink-controlled chip right inside the LED bulb. It turns out that these devices also create significant radio interference. The Wi-Fi interference occurs as this internal controller cycles the LED chip from on to off. The reason is somewhat analogous to the spark problem in incandescent blinker bulbs. When the LED is between fully on and fully off it can show negative resistance that causes it to creates radio energy.
You can simulate this by taking an AM radio. Tune the radio to a frequency, not in use in your area, and switching something on and off rapidly a few times. You should hear a staticky sound. The same thing can be heard during a lightning storm.
The real Wi-Fi killers
Alina Bradford at C|Net tested the theory and found there was a slight variance, be it ever so slight. She says “the variance isn’t a big deal.”
- PC World says the real Wi-Fi killers are households items that are on 365 days. These will disrupt your Wi-Fi a lot more than your Christmas lights. Microwaves are the worst of the lot, as it’s basically a metal box that when turned on uses high-powered microwaves at around 2.4 GHz (the same frequency as Wi-Fi). This creates a black hole around it for Wi-Fi signals.
•
Other culprits include ovens, freezers, fridges, washing machines, dishwashers… you name it. If it’s metal and has liquid-filled pipes, it’s going to kill your Wi-Fi signal according to Panda security.
• Cordless phones are also problematic. They’re often more of an issue because you’re more likely to have a portable phone on your desk than a microwave.
• Televisions and speakers are basically just electromagnets and will hurt Wi-Fi performance when placed directly near a router.
• Your neighbor’s router. Depending on how close your router is to someone else’s, there can be a direct effect on its performance. This might prove to be even more problematic if you live in an apartment. In an apartment, you could be exposed to different signals from all sides. This means that the more interference that there is, the more your router ups it’s broadcasting, This causes your neighbor’s router to do the same… which just perpetuates the problem.
• Water pipes can also cause interference because water absorbs radio waves.
• Walls don’t generate electromagnetic fields, but they do weaken Wi-Fi signals that pass through (up to 25 dB’s can be lost).
• Humans – Yes, you too are a problem! We, humans, are 55% – 60% water, which makes us a fantastic absorber of Wi-Fi.
Things to do improve your Wi-Fi
Panda Security also suggests a few things you can do to improve your Wi-Fi.
- Open your doors – Closed doors could effectively block or degrade wireless signals.
- Adjust your Wi-Fi channel – The typical default is channel 6, your router may do this automatically. If you change your Wi-Fi channel you may find that there is less interference from other routers near to you. Any two channels separated by five or more do not overlap.
Change your Wi-Fi Frequency The most common Wi-Fi frequency is 2.4GHz. 2.4GHz is also the most polluted. Try using 5.0 GHz. Like changing your Wi-Fi Channel your router may do this automatically. If you change your Wi-Fi frequency you may find that there is less interference from other routers near to you. You will need to check your devices to see if they support 5.0 GHz Wi-Fi, some older devices, like Apple iPhone 4’s do not.- Place your router in the center of your home. A router transmits the signal in all directions, so it makes sense to have it at the center of the home. Unfortunately, this isn’t always possible due to the cables that come with it.
- Check your cables – In general, a shorter and higher quality cable will mean a faster connection speed. It is better to use Ethernet cables from your modem to a separate router than run long phone cables.
- Invest in a new router – There’s no need to break the bank on a new, fancy router. However, some of the newer Wi-Fi routers on the market offer a notable boost in signal and speed.
- Turn your house into a Faraday cage. Build a Faraday cage to eliminate all outside sources of electromagnetic pollution. But would also mean no telephone or FM connections.
Of course, you should also take precautions to ensure that your Wi-Fi connection is secure by putting a strong password on your router and use a modern security setting like WPA2-PSK (AES).
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2.4 GHz, 2015, 5.0 GHz, AES, Christmas, Faraday cage, FUD, IEEE, Interference, Lights, Networking, Tree, Wi-Fi, WPA2-PSK
Bacon on Your Christmas Tree
If you are a bacon lover, you may want to show your love for the delicious cured meat this festive season by putting it out for all to see. Lifestyle retailer Urban Outfitters has created the unconventional ‘Glitter Bacon Ornament’ that would definitely be a conversation starter at many a party.
Handcrafted and dusted with fine glitter, this meaty glass ornament would give your Christmas tree a mouth-watering touch and remind you that the time has come to indulge yourself with good food and company.
Have a yummy holiday!
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.