Tag Archive for Michigan

| February 4, 2017
Comments Off on State of Michigan Data Breach

State of Michigan Data Breach

State of Michigan Data BreachData breaches are no surprise these days. I have covered a number of data breaches here on the Bach Seat here, here, and here. Now the State of Michigan (SOM) has joined the ranks of data leakers like Yahoo, Home Depot, Target, BCBS, and the US government. MLive is reporting that the State of Michigan has spilled the personal data of millions of Michigan citizens. On February 03, 2017, the Michigan Department of Technology Management and Budget (DTMB) announced the Michigan data breach. The breach leaked the Personal information of nearly 20% of Michigan residents who were vulnerable to unauthorized access for four months.

Unemployment Insurance Agency

Unemployment Insurance AgencyThe article reports that in October 2016, a software update to the Michigan Data Automated System (MiDAS) system was used by the state’s Unemployment Insurance Agency (UIA). MiDAS was created by Fast Enterprises of Centennial, CO, and went live in 2012 as part of a modernization of the unemployment benefits and tax system. A flaw allowed employers and human resources firms to get access to names and social security numbers of nearly 1.9 million Michigan residents they were not authorized to view.

The state identified the Michigan data breach on Jan. 30 and fixed it on Jan. 31, 2017. Contracted payroll service providers had unauthorized access to the MiDAS system, according to UIA spokesperson Dave Murray. Anybody working for a company that uses one of those payroll service providers may have had their personal information compromised. DTMB official Caleb Buhs warned, “If you are an employee in Michigan and your company uses a payroll vendor to process payroll, then you can potentially be included.

Impacted by the Michigan data breach

According to a report on MLive, the 31 vendors with unauthorized access to Michigan citizens’ PII included:

  • 7-Eleven
  • Aatrix
  • Accountants World
  • Acrisure
  • ADP
  • Benepay
  • Casper Willson Wilson
  • Computing Resources
  • Connectpay LLC
  • CoStaff National Services Inc
  • Craft Accounting
  • CSS Payroll Inc
  • DTMB
  • DM Payroll
  • Dominion Systems
  • GT Independence
  • Heins Acctg
  • Hewitt Assoc
  • Highpoint Business Services LLC
  • Infiniti HR LLC
  • Julie Lepper Acctg
  • Mercantile Bank
  • My Pay Solutions
  • Nieland & Kosanke PC
  • One Source Virtual
  • Paychex
  • Paycomm Payroll LLC
  • Paycor
  • Paylocity Corp
  • Payroll 1
  • Payroll Tax Mgt
  • Professional Systems
  • Ultimate Software
  • VenSure HR Inc
  • Wayne County Regional
  • Zen Payroll

Data security is a top priority for the state of MichiganDTMB Director and State CIO David Behen stated, “Data security is a top priority for the state of Michigan … We will work with our third-party vendors and our state team to check our processes and procedures to avoid incidents like this in the future.

Recommendations

Here’s what the SOM is recommending those who may have had their PII exposed do:

  1. Call the state hotline at 855-707-8387 between 8 a.m. and 4 p.m. on weekdays to make inquiries about this issue.
  2. Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  3. Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and TransUnion – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission.
  4. Take steps to monitor their personally identifiable information and report any suspected instances of identity theft to their local law enforcement.

MiDAS has been in the news before. MiDAS’ “robo-adjudication” feature wrongly flagged at least 20,000 people for unemployment fraud between October 2013 and August 2015. MiDAS would automatically flag a discrepancy and send a message to a seldom-used internal unemployment system. When the victims didn’t respond, the system would automatically find they had committed fraud and issue a 400% fine.

rb-

The way data breach report work is that the originating firm under-estimates the number of records lost by half. So it is possible that the SOM has released nearly 4 million or 38% of all Michiganders personal records.

Michigan State Police Cyber CommandDespite the Michigan State Police Cyber Command being on the job, it is likely that nothing will happen to the perpetrators – nothing ever does. DTMB spokesman Buhs said, “We are learning from this.” I hope so.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| October 29, 2016
Comments Off on More Motown Jobs

More Motown Jobs

More Motown JobsGood news – more jobs! Metro Detroit employment has finally recovered from the 2007 depression recession. The second quarter of 2016 set a new high in employment in Southeast Michigan dating back nearly a decade to 2007 to the beginning of the recession, reports the Workforce Intelligence Network for Southeast Michigan.

 

Workforce Intelligence Network for Southeast Michigan

MiTechNews reports that 35,000 jobs were added from April through June, pushing the total number of jobs held in the region to 2.62 million.  Nearly 20,000 previously unemployed people gained jobs in the region in the second quarter of 2016, along with more than 15,000 new workers (for a total of 35,000 new jobs), bringing the unemployment rate down to 4.5 percent, a low not experienced in Southeast Michigan since 2001.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| October 1, 2016
Comments Off on Detroit Still Hot

Detroit Still Hot

Detroit Still HotDetroit’s job market is good despite what the orange one says. Statista reports data from the New York Times, Detroit has posted a 27.2% increase in technology jobs between 2010 and 2015. I have written about the strength of the metro Detroit tech job sector as far back as 2011 here, here, and here.Areas with the greatest increase in technology jobs (2010-2015).This rate of job growth places Motown 8th nationally in tech job creation over the past five years. The Motor City came in only .01% behind Boston and out-performed cities like Atlanta (22.6%) and Chicago (18.7%) in creating tech jobs.

DetroitNot only is the Detroit tech sector a national leader, according to Crain’s Detroit, but Detroit is also a job-seekers market. The article says manufacturers are struggling to find entry-level employees and are being forced to raise wages to find talent.

The average advertised salary for local workers with zero to two years of experience has risen more than 16.5% to $52,729 in 2015 from $45,256 in 2011, according to an analysis by the Workforce Intelligence Network for Southeast Michigan. For workers with three to eight years of experience, that average has increased 13%; and for those with nine-plus years of work experience, it increased only 0.5 percent.

rb-

This can be traced to the rejuvenated Upwardauto industry, which is increasingly dependent on high-tech skills. Manufacturing is an increasingly prodigious driver of tech jobs; games and dot-coms are not the only paths to technical employment growth.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| September 1, 2016
Comments Off on What is Bitcoin?

What is Bitcoin?

Bitcoin is the name of probably the best-What is bitcoin?known cryptocurrency or digital currency or digital gold or virtual money. A cryptocurrency is a medium of exchange, such as the US dollar, but is digital and uses encryption techniques to control the creation of monetary units and to verify the transfer of funds. Blockchain is the technology that enables the existence of cryptocurrency.

Occupy Wall StreetThe cryptocurrency has populist roots. It made its debut in relative obscurity at the start of 2009, when the great recession  financial crisis was still raging. A person or group of people known as Satoshi Nakamoto purportedly created the bitcoin protocol and reference software. The populist ideology behind Bitcoin is to take power out of the hands of the central bankers and governments who usually control the flow of currency.

Bitcoin is both a digital currency and a payment system. The basic idea behind Bitcoin is that you can use it to pay for things without a third-party broker, like a bank or government. The value of a bitcoin depends on the bitcoin market at the time. One bitcoin = 100,000,000 Satoshi like 1 dollar = 100 cents. There are no transaction fees and no need to give your real name. Merchants have to pay transaction fees on each credit card sale of 2.5% to 3.5% to the likes of Visa, MasterCard, or Discover.

Accounting ledgerThink of Bitcoin like one big ledger shared by all the users: When you pay for something with bitcoin or get paid, then your transaction is recorded on the ledger to ensure there is no double spending of the currency.

Members of the network collectively contribute processing power from their computers to maintain Bitcoin’s integrity. And every time a transaction is made, a record of it is sent out to be recorded in a public ledger where the transactions are effectively set in stone. Anyone can download and install the Bitcoin software for free so these records are distributed permanently across the entire network. This publicly distributed ledger is called the blockchain.

Peer to peerIn order to get more Bitcoins, computers running bitcoin software compete to confirm the transaction by solving a complex cryptographic equation, and the winner is rewarded with more bitcoins. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes. The process is known as “mining”. Don’t get too wrapped up in Bitcoin mining because only the computer powerhouses get their bitcoins this way.

The Consumerist explains that Bitcoin mining math is complicated and hard to forge, so the blockchain stays accurate. Because anyone can download and install the Bitcoin software for free, the payment processing and record-keeping for Bitcoin is done in a widely distributed way, and not on one particular server.

Bitcoin miningWhen blockchains are created, so are new bitcoins — but there’s a hard limit to how many will ever exist. The system was designed to create more bitcoins at first, then to dwindle exponentially over time. The first set of blockchains each created 50 bitcoins. The next set each created 25 bitcoins, and so on. New blockchains are created roughly every 10 minutes no matter what; when more computers are actively mining, the program they’re running gets harder (and therefore slower) to compensate. The Bitcoin FAQ estimates that the last bitcoin will be mined in the year 2140, bringing the permanent circulation to just under 21 million. (Currently, there are roughly 15.8 million bitcoins in the world.)

In order to use Bitcoin, you’ll have to install a “bitcoin wallet” app on your phone or computer, and then buy them from a bitcoin exchange. A bitcoin digital wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money via an exchange of public and private security keys. Bitcoin wallets can exist either in the cloud or on a user’s computer. The wallets have all the risks of any other app on your device or in the cloud. Unlike bank accounts, the FDIC does not insure bitcoin wallets. CNN Money points out some of the risks in using bitcoin.

Bitcoin miningIn order to buy bitcoins, you have to use a marketplace called “bitcoin exchanges” which allow people to buy or sell bitcoins using different currencies. These exchanges have a dubious history.

Bitcoin exchanges are vulnerable to hacking, collapse or a ”run on the bank.” A run on a bank occurs where customers are scared and demand to withdraw their deposits so fast that the bank makes payments and shutdowns. If something like that happens, good luck getting your money back: This isn’t like an FDIC-insured bank account.

Bitcoin can be used in a few places; Marketwatch says there doesn’t seem to be much rhyme or reason to where you can use Bitcoin:

rb-

The use of bitcoins in Michigan has not really taken off. Last summer, according to the FreeP, there were only a handful of businesses in metro Detroit that took bitcoin included:

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| August 6, 2016
Comments Off on Slam the Door on Hackers

Slam the Door on Hackers

Slam the Door on HackersLast year two white-hat hackers Charlie Miller and Chris Valasek, remotely compromised a Jeep Cherokee. The cybersecurity researchers used  existing functionality in the car to take control.  They were able to disable the car’s transmission and brakes, while the vehicle was in reverse, and take over the steering wheel.

Karamba SecurityThe Verge reports the researchers are back and have compromised their Jeep Cherokee, fooling the car into doing dangerous things. Things like turning the steering wheel or activating the parking brake at highway speeds. This year’s attack requires physical access to the car.

Hackers use the diagnostic port

The team used a laptop connected to the OBD II engine diagnostic port to control even more vehicle systems. The Verge says the researchers were able to update the electronic control unit. This allowed them to take control of the steering at any time. They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings.

Electronic control unit

Most operations in a car have their own designated electronic control unit (ECU) controller. Some ECU’s manage things like a car’s navigation and entertainment systems. Others manage more critical systems like braking and fuel injection.

Radio are a gateway for attackersA connected car’s ECUs all operate on one network, self-contained within the vehicle. Tel Aviv start-up Karamba co-founder David Barzilai, warns. “If hackers gain access to just one of these controllers, they can get to all of them.

Harden ECU

The Israeli company hopes to sell Carwall Detroit automakers. Carwall is a tool that installs anti-hacking technology into chip-bearing auto parts before they hit the assembly line. Rgis could prevent hackers from crashing your new connected car. Mr. Barzilai told TechCrunch the startup’s technology can head off hackers at the pass. Carwall “hardens” the controllers, or small computers, within a vehicle that are externally connected.

Carwell, a tool that installs anti-hacking technologyKaramba’s Carwall is installed on the controllers, either as a retrofit or before the controllers are built into new cars. The software locks in the factory settings, and prevents any foreign code or banned behaviors from running on them. This essentially blocks a hackers ability to reach into a car’s CAN Bus, and mess with the car’s critical functions.

If indeed we are successful – if all hacks are blocked – then [you] don’t have to worry,” said Karamba’s Barzilai. “A hack that crashes your software is bad enough. A hack that crashes your car takes it to a whole new level.

Karamba’s technology is designed to monitor every bit of code that tries to run on the ECUs and to make sure it comes from legitimate sources. “We are the gatekeepers,” Mr. Barzilai told MiTechNews.

Out of stealth mode

monitor every bit of code that tries to runTechCrunch says Karamba has not yet scored a contract with top automotive suppliers that make ECU’s. They are targeting firms like Continental, Robert Bosch, Delphi Automotive, or Panasonic. But it has only just emerged from stealth and begun to shop its security software around.

YL Ventures has invested $2.5 million to fund Karamba’s growth, MiTechNews reported. Compared with the funding that some Silicon Valley security companies pick up, that’s not a huge amount. But it’s enough to move CEO Ami Dotan to Ann Arbor, where he’ll start making sales calls.

Karamba isn’t alone in attacking car security. Symantec (SYMC), the old school antivirus firm is working on auto security within its “internet of things” unit. Symantec recently released a  white paper “Building Comprehensive Security into Cars,” (PDF) detailing the many electronics and sensors that have to be protected.

rb-

Chrysler is doing a small part to reduce connected car hacking. They recently launched a bug bounty program with Bugcrowd that will pay out as much as $1,500 per bug found. On the other hand, Apple is offering a bug bounty of up to $200,000 for bugs that won’t kill you.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »