pornosex69.net

Heartland processes payroll and credit card payments for more than 250,000 businesses and handles more than 100 million transactions per month. The president of Heartland said he did not know exactly how many unique cards or consumers were affected.

TJX disclosed in 2007 that 45.7 million customer accounts were compromised

The sale initially was negotiated to be part of a court settlement but did not end up in the final agreement. The Framingham, Mass.-based company decided to hold the sale anyway, according to The Boston Globe.

The TJX breach was considered the largest ever, but a recently announced breach at payment processor Heartland Payment Systems may be even bigger. Heartland disclosed on Tuesday that customer accounts had been compromised last year.

TJX stores, including T.J. Maxx and Marshalls, are holding a one-day 15-percent-off sale on Thursday as a way to show appreciation for customers after a data breach at the company.

(Credit:
TJX)

“TJX has chosen to hold a previously planned, one-time Customer Appreciation Day to express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago,” TJX spokeswoman Sherry Lang said in a statement. “TJX remains committed to providing our customers a safe and secure shopping environment as well as offering the great quality, fashion, brands, and values our customers have grown to expect.”

TJX has more than 2,400 stores, including HomeGoods and A.J.Wright in the U.S. and Winners, HomeSense, and StyleSense in Canada, as well as T.K. Maxx and HomeSense in Europe.

But I’m not alone. Security researcher Adam J. O’Donnell reports that even the apostrophe in his last name caused the system to bonk. O’Donnell humorously (or maybe not) adds that “RSA is attempting to segregate out the Irish without posting an ‘Irish Need Not Apply’ sign.”

Monday morning when I registered for RSA 2008 (where I’ll be speaking with Chris Boyd of FaceTime), I thought maybe I’d get a little VIP service. (Our talk on “How to Adapt to the Echo Generation’s Social Media Hacking Game” is at 9:10 a.m. PDT on Thursday.) Instead, I was stuck in various registration lines for more than half an hour until the lone IT guy realized the system wasn’t handling special characters in my company’s name. In other words, the registration at RSA could be vulnerable to SQL injections, where special characters cause the database system to behave differently.

After typing in my name and confirming my registration at the little kiosk near the door, I walked over to the printer desk, where I should have had my badge waiting. Instead, the first badge came out blank. As did the next, and the next after that. For the next 20 minutes, as different desk clerks tried to help me, there were about a dozen attempts to print out my badge–all blank. Apparently there’s only one IT guy and he immediately realized that whoever registered me as a speaker used the pipe character in CNET, a style we stopped using years ago. The pipe character in most SQL systems is used to indicate a concatenation.

Want to cause trouble at RSA? Register with any of a number of special characters in your name or business name and watch the badge printer issue blanks. That’s what happened to me.

Are there any other special character examples from RSA 2008 attendees? Post a note below.

Sapphire’s “green crude” has been certified with a 91-octane rating, but the company disclosed few details about its technology.

Sapphire said that it developed an algae process to avoid the controversy over using land for fuel crops instead of food crops.

Its process can grow algae using wastewater, and the executive team said it is confident that the technology can scale up to produce gasoline on a commercial scale.

From green scum to black gold?

Sapphire is not the only company creating technology to make hydrocarbons from plants. Others include LS9, Amyris Biotechnologies, Codexis, and J. Craig Venter-founded Synthetic Genomics.

(Credit:
Sapphire Energy)

Algae is touted as the feedstock with perhaps the most promise for growing fuels; a number of companies are developing algae farming technologies.

The San Diego, Calif.-based company also disclosed that it has raised $50 million from Arch Venture Partners, Venrock, and the Wellcome Trust.

But at this point, algae fuels are largely experimental and no company is making fuel on a commercial scale.

Sapphire Energy has come out stealth mode, saying it’s producing the chemical equivalent of gasoline from algae.

GreenFuel Technologies, which had to scale back a pilot site, said that it has landed a large European customer to make fuel from algae but has not shared any more information.

Formally launched last May, Sapphire said Wednesday that it has hired Brian Goodall, who led a team of engineers responsible for a cross-Atlantic flight that used algae-based fuel earlier this year.

Update on May 30: Corrected name of Arch Venture Partners.

The advantage of this approach is that the fuels can be integrated into existing transmission infrastructure and can run in
cars or planes without modification.

In a statement, CEO Jerry Yang had this to say:

As expected, Yahoo announced Thursday afternoon that it had appointed Frank J. Biondi Jr. and John H. Chapple to its board of directors.

Biondi is a senior managing director of investment adviser WaterView Advisors, former chairman and chief executive of Universal Studios, and former head of Viacom. Chapple is president of Hawkeye Investments in Redmond, Wash., and former CEO of Nextel Partners.

I look forward to working together with Frank, John, and the rest of our board to continue the progress we’ve made on our strategy to be the starting point for the most Internet users, a must buy for the most advertisers, and to develop the world’s most open platforms.

This seemingly puts a final coda on the months-long Carl Icahn soap opera, which featured the billionaire investor’s sundry attempts to take control — or force a sale — of the company. In the end, Icahn settled for a board seat for himself as well as Yahoo expanding the size of the board to accommodate two more directors. Yahoo agreed to select the candidates from a pool that included Icahn’s former slate of dissident directors.

It wasn’t the world’s worst-kept secret but it wins honorable mention.

By now most people probably know they should be careful using Wi-Fi networks, especially public hotspots that don’t encrypt data transmissions and where network access points can be spoofed. These issues leave Web surfers at risk of having their data stolen, receiving fake Web pages and other information, and having their computers completely taken over, he said.

RenderMan suggests that people disable Wi-Fi when it is not in use and use VPNs and firewall software.

RFID used in transit and building access badges has also been proven to be insecure, allowing someone to use an RFID reader to copy data off the card and make a clone of it, he said.

Even airplane passengers who either ignore stewardess requests to disable Wi-Fi or don’t know how to turn it off are not immune to attacks from others in the airplane, he added.

A security flaw in the Mifare Classic Chip used in transit systems is the subject of a court case in The Netherlands. The maker of the chip, NXP Semiconductors, sued to block a university from publishing details of the problems, but a court ruled on Friday that the research can be made public.

NEW YORK–Using a laptop, cell phone headset, building access badge, credit cards, or even a passport can make you a walking target for data thieves and other criminals, a security expert warned at the Last HOPE hacker conference here late Friday.

But doing willful damage to the passport is a crime, one attendee pointed out. “I fell, really hard,” RenderMan deadpanned.

Even traditional keys are vulnerable, RenderMan said. For instance, photographs of spare keys for electronic-voting machines displayed on a Web page were used to make replicas with similar-looking keys, he said. A video demo showed how someone filed down a key from a hotel mini-bar and was able to open up the memory card slot of a Diebold voting system.

Security expert RenderMan discusses the insecurity of RFID chips, Bluetooth headsets and laptops using Wi-Fi at the Last HOPE hacker conference.

Credit: CNET News Michael Aiello, president of DIFRwear, demonstrates at Last HOPE how easy it is to swipe the data off someone’s RFID-enabled credit card, building access badge, or passport from a few feet away. DIFRwear sells wallets and cases to protect cards from data thieves.

Many people don’t realize that new U.S. passports have RFID technology with weak encryption that makes the data on the chip easy to read with the proper reader device. (See related video below).

Bluetooth headset users are at risk because of a security hole in the technology and default PINs that don’t get changed, he said. Exploiting vulnerabilities someone can break in and steal data from the phones, make calls without the cell phone owner knowing, listen in on and break into conversations, and even spy on people by turning the device into a bug.

In a frightening but entertaining session entitled “How do I Pwn Thee? Let me Count the Ways” (pwn is hacker speak for “own” or control), a hacker who goes by the alias “RenderMan” explained how most people are at risk and don’t even know it.

He advises that people change the default password, disable the Bluetooth on the phones, turn off the headsets when not in use, and limit access to the data and features when communicating with other Bluetooth devices.

(Credit:
Elinor Mills/CNET News)

“There is no rule that says that if the chip doesn’t work, they will refuse you access to the border. You will get increased scrutiny, but it’s still a valid document,” he said. “So, liberal application of a hammer can negate a lot of the possible” problems.

The U.S. government attempted to mitigate the privacy threat by putting a metal foil layer on the front and back cover of the passports, but the stiffness of the foil pops the passport open as much as an inch, wide enough for RFID readers to snatch the data, RenderMan said, showing a video to demonstrate this.

On retailer sites a new preview option can be added that lets customers get a quick look at the work before purchasing it.

If you’re wondering why Amazon.com is not one of the online stores to be included, it’s because it’s had this feature since late 2003. Its in-house “search inside” feature is essentially the same, although limited to titles within its catalog. Under Google’s system, any retailer would be able to get this same functionality–including the capability to let readers view the entire work with whatever titles had been indexed. Back in 2006, the two companies traded legal blows due to the suspicion that Google’s book search program was leading towards this functionality.

How to get the books on your blog:

Google has put out a cool update to its book search service that lets anyone embed entire books, or just book previews on their site. While aimed mainly at online retailers and educational institutes, it’s also a great way to drop entire public domain works onto your blog in case you want to give your visitors something more exciting to flip through than your latest ramblings.

Using Google’s special embed wizard you just plug in the ISBN, along with the size you want, and it generates four lines of code you can put into a post instead of your site’s main code. I used George Orwell’s Animal Farm since it’s in public domain, although you can take any title with a partial view as well. What’s interesting is that you can’t just grab this code from books you’re viewing in Google Book Search. I assume this will be added later, much like it was on Google Maps. In the meantime, the wizard is your best bet, with results that look like this:

There are a handful of ways to drop books wherever you want. Putting the hard code on your site also allows for fun stuff like the Book Bar, and special preview links that will send readers straight to the live view of the book. Google’s documentation makes it sound like you need to use a lot of special HTML code onto your site’s header pages, but unless you’re planning to add books on a daily basis you can get by if you know any book’s ISBN number (which can be found on Google Book Search).

The news comes alongside some partnerships including A1Books, Books-A-Million, and The Book Depository. When you’re viewing an indexed title on any of these sites you’ll see a Google preview link that lets you peruse the innards of the book without leaving the sale page. According to a post on Google’s Book Search blog, larger retailers including Powell’s Books, Borders and Buy.com will be added “in the coming weeks.”

(Credit:
CNET Networks)

However, there are “still too many user names, too many passwords,” said Kim Cameron, an architect of Identity and Access at Microsoft. “There’s this endless digital baptism of filling in forms and logging in everywhere, and it creates a wonderful environment for the criminal element through phishing attacks and what have you because on the Internet no one does know you are a dog.”

“We need to come together in a neutral body to continue to promote the adoption of this technology,” said Paul Trevithick, CEO of Parity and chairman of the ICF.

A group including Equifax, Google, Microsoft, Novell, Oracle, and PayPal, plus nine leaders in the technology community announced on Monday the creation of the Information Card Foundation (ICF) with the goal of increasing awareness of the use of electronic ID cards on the Internet, and encouraging interoperability in business around new standards.

Information cards are online equivalents of physical ID cards, such as a driver’s license. The basic idea is that customers would have an electronic wallet with various information cards. This would allow customers to bypass typing in user names and passwords. One example for how it could work is a student accessing a university network would simply present his or her electronic student information card.

The foundation’s site with more information will be live on Tuesday.

That basic concept isn’t new. Various vendors have introduced variations on this before. Microsoft recently introduced its own CardSpace concept with the
Windows Vista operating system.

Trevithick said that nearly 50 companies participated in discussions at the RSA 2008 conference in February. Additional discussions are planned for upcoming security conferences through the end of 2008. The idea is to bring together as many players in the identification card space as possible. Currently, the ICF steering currently includes Trevithick, Cameron, Drummond Reed (VP of infrastructure at Parity), Mary Ruddy (founder of Meristic), Axel Nennker (consultant at T-Systems Enterprise Services), Pamela Dingle (consultant for Nulli Secundus), Ben Laurie (of OpenSSL and The Bunker), Andrew Hodgkinson (embedded software engineering consultant and contractor), and Patrick Harding (CTO at Ping Identity).

What ICF hopes to introduce instead is a tripartite system. In real time, a user would sync via encrypted connection with an ID provider (say a bank or credit card issuer), and also with a reliant party (a university network, a financial site, or an e-commerce site). Unlike having a credit card number, which anyone on the Internet can use anytime, the ID card model proposed by the ICF requires that all three players (user, provider, reliant party) be synced in real time before the transaction could proceed. The addition of a trusted third party in real time should make the new proposal more secure.

I led a panel at the MIT Emerging Technology Conference earlier this week on cloud computing with some of the leaders in the field: David P. Anderson, research scientist, University of California at Berkeley; Matthew Glotzbach, product management director, Google; Parker Harris, EVP, Technology, Salesforce.com; Mendel Rosenblum, chief scientist and co-founder, VMware; and Werner Vogels, VP and CTO, Amazon.com. The group generally agreed that cloud computing involves software running off premises, but that there are different workloads and kinds of scenarios.

Oracle CEO Larry Ellison

“The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?

(Credit:
Dan Farber)
Finally, a technology executive willing to tell the truth about cloud computing. Speaking at Oracle OpenWorld, Larry Ellison said that the computer industry is more fashion-driven than women’s fashion and cloud computing is simply the latest fashion. The Wall Street Journal quoted the Oracle CEO’s remarks:

The problem is that every tech company now wants to be associated with cloud computing, no matter if their products and services meet the basic criteria. At least Ellison isn’t afraid to address the hijacking of the phrase by marketers, including Oracle’s.

Frank Gillett of Forrester speaks about the cloud envy of various companies who jump on the cloud computing bandwagon by rebranding existing services in this interview with Beet.TV.

“We’ll make cloud computing announcements. I’m not going to fight this thing. But I don’t understand what we would do differently in the light of cloud.”