AAPL | Bach Seat

Tag Archive for AAPL

RB | June 25, 2016

Comments Off

Malware Steals Your Cash At ATM

On September 2, 1969, America’s first automatic teller machine (ATM) started dispensing cash to customers at Chemical Bank in Rockville Center, New York. Since then ATMs have been a trusted avenue for many banking transactions. However, Business Insider warns that the next time you pull cash out of the ATM, or “Tap the Mac” you should take extra care. BI reports that Internet security firm Kaspersky Lab has announced the return of a newer and more dangerous version of the Skimer malware.

The report characterizes Skimer as an especially dangerous malware that turns whole ATMs into card-skimming machines. The malware first appeared in 2009 and has been distributed at ATMs all over the world.

The majority of ATM fraud takes place through card skimming. Card skimming is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicate cards for sale and use, reports the New York Times. Fortunately, users can uncover these card skimmers because they’ll spot a problem with the card reader or notice an unusual camera.

Skimer is particularly problematic because it is software-based. The article explains the threat is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with. The Russian-based program lets criminals access an ATM remotely, install the malware, and then gather data such as PINs, card numbers, and account numbers over the course of time. A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt.

The attack begins by gaining access to the ATM system either through physical access or via the bank’s internal network. Then Backdoor.Win32.Skimer malware is installed which infects the core of the ATM. The ATM core is responsible for the machine’s interactions with the banking infrastructure, cash processing, and credit cards. After that, the ATM has become a skimmer. The compromise allows the attackers to withdraw all the funds in the ATM or grab the data from cards used at the ATM, including customers’ bank account numbers and PIN codes.

Kaspersky is trying to help banks detect Skimer and is providing techniques for identifying affecting machines and securing their ATM networks in the future. Sergey Golovanov, a principal security researcher at Kaspersky Lab explains it is possible for banks to stop Skimer.

We have discovered the hardcoded numbers used by the malware, and we share them freely with banks … they can proactively search for them inside their processing systems, detect potentially infected ATMs and money mules, or block any attempts by attackers to activate the malware

To prevent ATM attacks, Kaspersky recommends that banks:

Perform regular AV scans,
Use whitelisting technologies,
Have a good device management policy,
Enable full-disk encryption,
Protect the ATM’s BIOS with a password,
Only allow HDD booting,
Isolate the ATM network from any other internal bank network.

Despite a way to control Skimer, ATM fraud continues to grow according to BI. A recent FICO study found the number of compromised ATMs in the U.S. surged 546% from 2014 to 2015, thanks in large part to the slow EMV migration of debit cards and ATMs. The article speculates that EMV upgrades would stop Skimer. The resistance to EMV means ATM fraud could grow even more from 2015 to 2016.

John Heggestuen, at BI Intelligence, explains that EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person’s card purchase activity based on the card user’s profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.

EMV cards Retail card fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion in 2013. To solve the card fraud problem across all channels, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud. In the article, BI’s Heggestuen describes some of the other technologies that financial institutions are utilizing to reduce fraud risks.

• Encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.• Point-to-point encryption electronically changes sensitive payment data from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions.

• Tokenization increases transaction security. Tokenization assigns a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often “multiuse,” meaning merchants don’t have to force consumers to re-enter their payment details. Apple Pay uses one emerging form of tokenization.
• 3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to confirm that the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data as well as payment data to complete a transaction online.

rb-

The best recommendation to protect yourself from Skimer and other ATM threats is to use the ATMs at your bank or credit union. These ATMs are harder for thieves to install any type of skimmers or malware on because of the higher traffic and monitoring. ATMs located outside a financial institution like at a 7-11 are highly suspect.

Fraudsters Coordinate 14,000 ATM Withdrawals in 3 Hours to Steal $13 Million (theepochtimes.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2016, 3D Secure, AAPL, Apple Pay, APT, ATM, Biometrics, Credit card, Debit card, EMV, Encryption, Fraud, Kaspersky Lab, Malware, PCI-DSS, Security, Skimer, Tokenization

RB | June 11, 2016

Comments Off

What You Need To Know About Germs on Your Cell

Over 2.6 billion Americans now have a cell phone. And they are walking around with some nasty stuff on their phones. I’m not talking about porn or malware but real viruses. An article by Caroline Kee and Taylor Miller at Buzzfeed found that most phones are covered with some pretty scary germs.

The author took swabs of people’s cell phones to prove the point. Ms. Kee shared her swabs with Dr. Susan Whittier from Columbia University. They found that all phones had germs, bacteria, protozoa, viruses, and fungi on them, some of which are good for us and some of which are bad for us. The tests revealed that most phones had five kinds of harmless germs from the skin, mouth, nose, and environment.

• Staphylococcus epidermidis (not aureus): Dr. Whittier says if you were to just swab your skin, this is what you’d find. It is normal and would get on the phone from regular daily use, like touching or talking on it.

• Micrococcus: Dr. Whittier says this makes up the normal skin flora, especially on the face. Everyone has different skin bacteria; it depends on the person. It can get on your phone if you touch your face a lot or talk on it often.

• Streptococcus viridians: This bug lives in the mouth and throat, so it can get on your phone from talking, your fingers after touching your lips, coughing, etc. It’s usually harmless, but it can also cause infections in vulnerable people.

• Moraxella: This is from sinuses, and it’s often found in people with recurrent sinusitis or post-nasal drip. In high levels, it can cause inner ear and bloodstream infections. It’s still a pretty normal thing to find on a phone.

• Bacillus: Bacillus is a common bacteria from the environment, so it’s basically a sign that you’ve been outdoors. A lot of Bacillus means the phone is super dirty.

The bad news is that pathogens – potentially disease-causing strains of bacteria – were found on some of the phones tested. This is alarming. Think – salmonella, Ebola, bird flu, etc.

The most dangerous bug found on a phone was MRSA. MRSA, the flesh-eating bacteria, is a Staphylococcus aureus bacteria that is resistant to many antibiotics, including methicillin. It can cause serious infections in the skin and internal organs and can be fatal in vulnerable people. MRSA can spread easily between people and surfaces—often in health care settings, but it can also live on surfaces like subway handles, doorknobs, community bathrooms, showers, and especially gyms.

Columbia’s Whittier explained, “It’s a little worrisome for a phone to test positive for MRSA because it isn’t part of our normal flora.” We also know that MRSA loves to lurk on gym equipment and locker rooms, so it’s not completely abnormal to have it on your phone. About half the population carries Staph aureus with no problems. But this also makes it easy to spread between people and causes disease. Dr. Whittier warns that if Staph aureus gets into an open wound, it can cause major skin and blood infections, which can result in boils, food poisoning, toxic shock syndrome, and even death.

Poop. You’ve heard of E. coli. E. coli outbreaks have shut down restaurants like Chipotle and have caused many supermarket foods recalls. It was found on mobile phones. It’s a fecal organism, so it’s usually found in poop, but it can also live in the gastrointestinal tract along with other gut bacteria. Buzzfeed reports there are different types of E. coli, and some strains are way more pathogenic than others. E. coli has the potential to cause serious food poisoning and even death.

E. coli infections spread through the fecal-oral route. You will get sick if you touch your mouth with contaminated hands after using the bathroom or touching fecal matter. It turns out this is very common. In 2015, Verizon found that 90% of cell phone users use their mobile phones in the bathroom. A 2013 study by Michigan State University found that just 5% of people properly washed their hands after using the bathroom.

The Columbia MD warns this is why you shouldn’t bring your phone to the bathroom or use it while eating. E. coli on a phone could be from the person’s stool if they didn’t wash their hands or another person’s stool if the phone went into a public bathroom because fecal matter sprays everywhere when the toilet flushes

What to do? Even if you’re an avid hand-washer, your phone can still pick up germs all day. The Buzzfeed article makes two recommendations to keep your phone safe. Keep your mobile phone out of the bathroom (where gross stuff like Norovirus lurks). And don’t use your cell phone while you’re eating since that can transmit bacteria and viruses to your mouth and get you sick.

How can you keep those nasty bugs off your phone? The article recommends cleaning your phone once a week using this magical “phone soap.” It’s not actually soap — it’s a charger box that shoots out UV lights that “kill 99.9% of germs using UV rays” at Amazon.

rb-

Back in 2013, I wrote about dirty mobile phones spreading Ebola here.

The advice from 2012 on how to disinfect your cell is still the same as in 2016. Use a soft, slightly damp, lint-free cloth. Avoid getting moisture in openings. Don’t use window cleaners, household cleaners, aerosol sprays, solvents, alcohol, ammonia, or abrasives to clean your iPhone. The front and back glass surfaces have an oleophobic coating. To remove fingerprints, wipe these surfaces with a soft, lint-free cloth. The ability of this coating to repel oil will diminish over time with normal usage, and rubbing the screen with an abrasive material will further diminish its effect and may scratch the glass.

This Amazing Antartic Sponge May Just Wipe Off Highly-Resistant MRSA Bacteria (natureworldnews.com)

Category: Uncategorized | Tags: 2016, AAPL, Android, Antibiotic resistance, Apple, Bacteria, Cell phone, Columbia University, E. coli, Ebola, GOOG, Google, Healthcare, Mobile, MRSA, Poop, Staphylococcus

RB | May 1, 2016

Comments Off

How Much Cash Do Tech Firms Stash Overseas

How Much Cash Do Tech Firms Stash Overseas A new report (PDF) from charity Oxfam says American companies stash a significant part of their cash overseas to take advantage of more favorable tax laws in other countries. They claim that tech companies take particular advantage of this practice, also known as “tax havens.” Oxfam which is crusading to get the U.S. government to crack down on this practice says tax havens costs the United States more than $100 billion a year in lost tax revenue.

The Business Insider brought us this Statista chart, based on the Oxfam report. Tech firms are hoarding nearly $500 Billion in cash overseas. The chart shows how much money major US tech companies have stashed overseas, and how many subsidiaries they have set up in countries that Oxfam defines as tax havens, “which can be characterized by secrecy, low- or zero-tax rates, and the almost complete lack of disclosure of any relevant business information.”

While tech is the most prominent sector on Oxfam’s list, the article claims tech is not alone — large companies in other sectors like General Electric ($119 billion), Pfizer ($74 billion), Merck ($60 billion), and Exxon Mobile ($51 billion) also have lots of cash stashed overseas.

There’s nothing illegal about this practice. But Oxfam believes it contributes to income inequality. They are urging U.S. lawmakers to make it harder for companies to use international tax laws to their advantage in this way.

Overseas tax havens have been the focus of recent revelations about tax scams by wealthy people, based on the leak of the “Panama Papers,” documents from a single Panama-based law firm, Mossack Fonseca, involving 214,000 offshore shell companies. The firm’s clients included 29 billionaires and 140 top politicians worldwide, among them a dozen heads of government.

rb-

This list looks a lot like the one for the top lobbying spender firms. I wrote about the tech titans lobbying efforts just a couple of weeks ago here.

Rank	Firm	Cash $ held off shore	Lobbying rank	Lobbying $ spending
1	Apple	181.1B	10	4.5M
2	Microsoft	108.3B	7	8.5M
3	IBM	61.4B	11	4.6M
4	Cisco	52.7B	14	2.7M
5	Alphabet/Google	47.4B	1	16.6M
6	HP	42.9B
7	Oracle	38.0B	13	4.5M

Obama urges Congress to take action on corporate tax reform (bnn.ca)

Category: Uncategorized | Tags: 2016, AAPL, Alphabet Inc., Apple, Business, Cayman Islands, Cisco, CSCO, GOOG, Google, HP, IBM, Microsoft, MSFT, Oracle, OXFAM, Panama Papers, Politics, Tax, Tax haven

RB | April 16, 2016

Comments Off

Hey Lobbying Tech Spender

-Update 04-26-2016- As if to prove my point, Democratic Presidential candidate Bernie Sanders just named Verizon one of America’s Top Ten Tax Avoiders. VZ has a corporate tax rate of -2% for the last 6 years according to the post. Verizon has the #4 lobbying spender.

Just in time for the U.S. tax deadline, the Business Insider has a report which details the amount of money the tech titans spent on ~~bribing~~ lobbying the politicians in DC. Thanks to one of the small bits of transparency in the gooberment, the U.S. House of Representatives requires companies to file government lobbying records. You can search their disclosures here at the Office of the Clerk of the House. (rb- Use this while you can, it’s likely to be shut down at any time by politicians with things to hide.)

The most aggressive tech spender on lobbying in 2015 was Amazon (AMZN) according to research by Consumer Watchdog. The company spent $9.07 million (a company record) on lobbying in 2015, an incredible 91.4% surge from its 2014 spend dedicated to influencing federal regulations last year according to BI.

Amazon lobbied Washington about

Unmanned aerial vehicles – likely in support of their drone delivery plans,
Surface transportation, likely related to its recent efforts to take more control of its fulfillment process,
Cloud computing, which likely helps them grab a $600 million contract to host the CIA cloud,
Copyright reform, and music licensing (probably relating to its Prime music service),
High-skilled immigration – corporate America’s H1-B’s plan to cut the buying power of their own customers.
Patent reform,
Corporate tax reform and the taxation of remote sales,
Net neutrality,
Cyber-security regulation,
Postal reform, and
Online wine sales.

Despite Amazon’s aggressive lobbying, Google (GOOG) topped the list of tech companies for the second year in a row. Google spent $16.6 million in 2015 vs $16.83 million in 2014. The biggest spending tech firms spent over $122M lobbying Washington politicians.

How the tech titans spent their money

Google: $16.6 million in 2015 vs $16.83M in 2014.
Comcast (CMCSA): $15.63 million vs $16.8M in 2014
AT&T (T): $14.86 million, up from $14.56M in 2014
Verizon (VZ): $11.43 million, up 1.9% from $11.22M in 2014.
Facebook (FB): $9.85 million from $9.34M in 2014, a company record.
Amazon (AMZB): $9.07 million up 91.4% from 2014 .
Microsoft (MSFT): $8.49 million vs $8.33M in 2014.
Time Warner Cable (TWC): $6.8 million in 2015, down 13.2% from 2014.
T-Mobile (TMUS) $6.14 million, up 1.7% from 2014.
Apple (AAPL): $4.48 million in 2015 compared to $4.11M in 2014.
IBM (IBM): $4.63 million, a 6.5% decrease from $4.9M in 2014.
Intel (INTC): $4.55 million in 2015, up 19.7% from $3.80M in 2014.
Oracle (ORCL): $4.46 million in 2015, down 23.5% from $5.83M in 2014.
Cisco (CSCO): $2.69 million compared to $2.35M in 2014.
Yahoo (YHOO): $2.84 million in 2015 vs $2.94M in 2014.

BI reminds us that these may seem like big numbers, they’re a tiny part of these companies’ overall expenditures — in the third quarter of 2015, Google spent $3.47 billion on traffic acquisition costs (such as the price of its deal to stay the default search on Apple’s iPhone), and another $6.93 billion on other operating expenses.

rb-

I haven’t written about the tech’s industry lobbying efforts since 2010. Many of the names have remained the same, ATT, Verizon, Google, IBM, Yahoo, and Intel have been ~~bribing~~ lobbying the gooberment for a very long time.

However, just 5 years ago, Apple and Facebook were barely in the lobbying racket. In 2015, they both ranked at the top in lobbying spending.

Category: Uncategorized | Tags: 2016, AAPL, Apple, Cisco, CSCO, Drone, Facebook, FB, GOOG, Google, IBM, INTC, Intel, Lobbying, Net neutrality, Politics, Verizion, VZ

RB | April 2, 2016

Comments Off

9 Techs That Could Replace Your Passwords

Followers of the Bach Seat know that passwords suck. I have covered alternatives to the password as far back as 2010 and here and here. Now the Business Insider lists nine crazy alternatives to passwords. The article describes efforts around the globe to develop new gadgets and technology that can save you from the headache of memorizing (and inevitably forgetting) passwords.

The article calls out several ways to replace passwords to authenticate a user. Users can be authenticated based on a physical trait or biometrics. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. Biometrics can offer one of the independent credentials required for multifactor authentication (MFA). MFA combines two or more independent credentials. What the user knows (password). What the user has (security token) and what the user is (biometric verification).

How to replace passwords

Selfies – This might be the password of choice for the Facebook (FB) generation. Companies like Amazon (AMZN) and Mastercard (MA) are already considering selfies. The technology would ask users to snap pictures of their faces on a smartphone before making a transaction. Mastercard’s technology would need a user to blink before their face is scanned. This is a safeguard to prevent hackers from simply placing a picture of someone else in front of the camera.

Edible pills – Swallowing pills might be one of the few things more annoying than memorizing passwords. But some researchers think it’s the future. After mixing with stomach acids the pill would emit a unique, low power signal that connects with your PC. Google (GOOG) VP of Advanced Technology and Projects Regina Dugan described such a system a few years ago. According to Ms. Dugan, a person could safely ingest 30 pills every day for the rest of their lives.

Your gait – Going for a stroll might not sound like the most convenient way to log on to your computer. But the way you walk has some unique traits that could serve as a means of authentication. A wearable device, like a bracelet or anklet, could record your physical activity and use that information as a password the next time you need to log on. One study reportedly analyzed the foot pressure patterns and achieved a 99.6 percent accuracy rate. rb- I covered the now-defunct Alohar Mobile attempt to turn how you stroll into a password here.

Your ear cavity – Has anyone ever told you your ear canal is one of a kind? NEC does. They are developing special earbuds, that bounce a sound into your ear’s cavity. They then use the reverberations as a signature to identify you. NEC hopes to have these available within a few years. Another study was able to achieve a 99.6% accuracy rate identifying individuals by analyzing how light reflects off the curves of the ears. rb- Back in 2014 I covered the Descartes Biometrics app that used the shape of your ear as a password.

Your backside – The shape and contours of your posterior are special. So special that some researchers in Japan have explored whether a seat mat could be used to identify you. The experimental mat is packed with special sensors that measure pressure distribution. The mat could be integrated into cars, to prevent unauthorized sitters from driving off with the vehicle.

Tattoos – Google’s Regina Dugan showed off a sticker-like wearable tattoo on her arm a few years ago that she said could be used to unlock a phone or computer. The tattoo, which was only an experimental prototype, was made of flexible circuits and sensors, and could be worn for up to a week, she explained. No word on whether you can get the password tattoo in the design of a fire-breathing dragon.

Your Jewelry – Wearable gadgets like the Fitbit and Apple Watch can already track your sleep and the steps you take. The next step is to track the pattern of your pulse or heart rate, as the Nymi band does, and use that information to identify you. rb- I covered the Nymi earlier and we have seen that the iWatch and other wearables are not secure so how can they log you?

Your voice – Nothing is easier than saying a few words, and even the best impersonator can’t perfectly mimic another person’s voice. That’s why one big bank in Britain recently set up technology to identify customers on the phone or online by the sound of their voice. And yes, the system will still work if you have a cold.

Implants – This one is only for hardcore security geeks. Believe it or not, some people have already experimented with embedding a small RFID chip under their skin. The chip emits a radio signal that can theoretically be used to do everything from unlocking the door to an office and starting a car, to logging on to email.

rb-

The biggest problem with biometrics is getting people to use them. How many do you know would be willing to swallow a pill to log in to each of their websites? It is a voluntary decision to swallow pills to log in to Facebook, Instagram, or Google. What if your employer requires you to swallow pills to enter the building, login to Windows, your email, ERP, CRM, HR. What are the implications for privacy? Healthcare? Plumbing?

I wrote about the problems of adapting an eye-based biometric system back in 2012.

The end-user will be the fundamental roadblock to any eye-based biometrics. Traditionally, anything related to eye recognition has received strong resistance, because it is just human nature to be squeamish about having our eyes scanned.

MasterCard’s ‘selfie pay’ is coming to Canada (thestar.com)

Category: Uncategorized | Tags: 2016, AAPL, Amazon, AMZN, Apple, Biometrics, GOOG, Google, MASTERCARD, MFA, Passwords, Security, Selfie, Wearable

« Older Entries Recent Entries »

Bach Seat

Tag Archive for AAPL

Malware Steals Your Cash At ATM

Related articles

What You Need To Know About Germs on Your Cell

Related articles

How Much Cash Do Tech Firms Stash Overseas

Related articles

Hey Lobbying Tech Spender

How the tech titans spent their money

9 Techs That Could Replace Your Passwords

How to replace passwords

Related articles

Meta