Monthly Archives: May 2017

Celebrity Cyber Report – Serena Williams, Wendy Williams and JayZ

Serena Williams

Serena Williams and SurveyMonkey CEO Zander Lurie (Image courtesy of Recode)

Tennis superstar Serena Williams has taken on the challenge of diversity in the technology industry. Williams has joined the board of directors of SurveyMonkey along with Intuit CEO Brad Smith.  Williams says she wants to help solve the diversity problem in Silicon Valley.

SurveyMonkey employs about 650 workers. Women represent 27 percent of its technology jobs. Just 14 percent of its total payroll consists of African-Americans according to numbers the company provided.

“I feel like diversity is something I speak to,” Williams said in an interview with The Associated Press. “Change is always happening; change is always building. What is important to me is to be at the forefront of the change and to make it easier for the next person that comes behind me.”

Although Williams exact goals are not clear she feels that her presence on the board can help open up the valley to more diversity.

Williams is pregnant and engaged to technology entrepreneur, Alexis Ohanian co-founder of the online forum Reddit. Williams expressed her disappointment in the lack of diversity in high paying technology jobs.

SurveyMonkey, like many technology companies, are looking for a way to change the diversity equation. Williams’ appointment is part of the solution, according to SurveyMonkey CEO Zander Lurie. “My focus is to bring in change agents around the table who can open our eyes,” he said.

Williams’ became linked to to SurveyMonkey through her friendship with Facebook’s chief operating officer Sheryl Sandberg, another member of SurveyMonkey’s board.

“I have been really interested in getting involved in Silicon Valley for years, so I have been kind of in the wading waters,” Williams said. “Now, I am jumping into the deep end of the pool. When I do something, I go all out.”

Wendy Williams

Day time talk show host Wendy Williams is reaching out to her audience using a new app. Williams just launched ‘Wendy Digitala new entertainment and lifestyle app. Williams is deploying the technology to strengthen her already powerful connection with her audience. 

‘Wendy Digital’ will allow her audience to get to know her better by extending the show to their smartphones and mobile devices increasing interactivity. The app will offer staples of her television show that includes the very popular Hot Topics. Fans will able to participate in the often saucy discussions. The app will also offer shopping from her HSN Collection and outfit of the day or “OOTD.” The ETrivia function permits her audience to test their celebrity knowledge and win prizes. Wendy is using the app to share a little of herself by offering ‘Suddenly Wendy” that gives her fans exclusive video and behind scenes  views of “Wendy’s World.” 

‘Wendy Digital’ is free and available for Apple and Android devices.

JayZ and Tidal

JayZ continues to struggle with his Tidal Music Streaming service. The company announced the loss of yet another CEO. Tidal confirmed that it had jettisoned its third CEO in two years, Jeff Toig. In a statement to Billboard.com  the company wrote, “As part of Tidal’s continued expansion this year we will be announcing a new CEO in the coming weeks. We wish Toig all the best in his future endeavors.”

Toig took the reigns of CEO in January 2016 during its rocky launch. Toig replaced Peter Tonstad who replaced Andy Chen.

JayZ purchased Aspiro a Swedish ­technology company and its Winamp ­streaming service in 2015 for $56 million dollars. He renamed it Tidal and added powerful music stars like his wife Beyonce, friend Kanye West, Daft Punk, Nicki Minaj, Prince and many others. All seeking a away to get their fair share of music streaming revenue.

However, Tidal has struggled in the highly competitive music streaming business. Most importantly Tidal has struggled to attract and hold paid subscribers. Tidal has an estimated one million paid users falling far behind streaming leaders Spotify, 50 million subscribers and Apple Music, 20 million subscribers.

Adding to JayZ’s headaches is a report from a Norwegian newspaper saying Tidal has been inflating subscriber numbers to the media, the public and investors.

 

Breach Brief – Chipotle Hit By Nationwide Data Breach

Chipotle restaurants have been hit by a major nationwide data breach of hits payments systems. The restaurant chain was infected with malware that stole customer payment data from March 24th-April 18th. According to the company hackers have stolen customer payment data from nearly all of its 2,250 restaurants. The stolen data includes account numbers and internal verification codes that could be used to drain customers debit card accounts or clone their credit cards. Chipotle didn’t reveal the details of the attack or affected locations until Friday, May 26th.

The number of restaurants  locations attacked includes many major U.S. cities. Chipotle spokesman Chris Arnold said that “most, but not all restaurants may have been involved.”

Chipotle’s Blog reported,  “During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures.”

Chipotle, working with an unnamed cyber security firm, reported it had completed it’s investigation. Law enforcement and payment card networks were also involved in the investigation.   Although the company did not give exact numbers it did say that “many” customer’s payment information was compromised.

According to Chipotle’s security alert the point-of-sale (POS) malware attack went on for three weeks. “The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.”

For customers of Chipotle the company has set up a tool to search if their local restaurant was hit by the malware. Check the Chipotle security alert.

Customers of Chipotle are warned to closely monitor their credit card and debit accounts for unusual activity.

 

Apple Diversity in the Hands of a Black Woman

Denise Young Smith

Apple has named Denise Young Smith, Apple’s Global Head of Human Resources  to Vice President of Diversity and Inclusion. The newly created position will be responsible for opening up Apple’s work place to more women, minorities and the LGBTQ community.

Smith is a twenty year veteran of Apple and because of her new role will have direct access to Apple CEO Tim Cook who is also gay.

Apple’s latest diversity report reveals it’s workforce is 68 percent male and 56 percent white. Apple’s workforce breaks down as follows, 12 percent identify as Hispanic and only 9 percent as black or African-American. Smith’s primary challenge is to improve those numbers. As VP of diversity she will examine Apple’s hiring practices and culture with a focus on ensuring Apple is not losing potential employees early in the hiring process.

Smith’s job will not be easy. Silicon Valley tech companies are stubbornly white and male dominated. Diversity appears to be an intractable problem for many major technology companies. Human resource experts point to the talent pipeline and the lack of outreach to black colleges as one source of the diversity problem. Companies like Google have attacked this problem by bringing HBCUs into the fold. Google has recently teamed with Howard University to create Howard West on the Google campus.

Smith is a graduate of Grambling State University and previously headed up the global HR team. Smith also ran HR for Apple’s global retail operation.

Is Facebook Playing with Your Emotions?

Is Facebook playing mind games? Toying with your emotions? The answer is yes and its been going on for some time.

A recently leaked confidential document prepared by Facebook revealed the social media giant offered advertisers the opportunity to target advertising at 6.4 million teens some only 14 years old. The document exposed that Facebook was using keywords such as “worthless,” “insecure,” “stressed,” “defeated,” “anxious,” and like a “failure,” to focus ads.

Facebook prepared the 23-page report for a potential advertiser to show that Facebook has the ability to micro-target ads. Specifically to target ads at vulnerable teens at “moments when young people need a confidence boost.”

According to The Australian’s report, Facebook monitored teen social media activity in real time including posts, photos and other Internet activity to track these emotional lows. Although Facebook has confirmed it did indeed create the report it has declined to respond to questions.

According to Facebook the research may not have been approved by company leadership.Facebook issued a public statement claiming the article was misleading. “Facebook does not offer tools to target people based on their emotional state.”

Facebook has become notorious for privacy invasion but claimed that the research “was never used to target ads.” Facebook went on to write that the analysis on young users violated Facebook’s research review protocols and they would  be “reviewing the details to correct the oversight.”

But here is the problem with Facebook’s claim. They’ve manipulated user’s emotions before. In 2012 Facebook ran an experiment on 689,003 users in an attempt to discover if they could manipulate user’s emotions by carefully placing posts in their news feeds. Some users were fed stories with positive words filtered out. Another group were fed stories with negative words filtered out. Even though the overall effect on the group as a whole was small it still shows Facebook’s attempts to affect emotions. The question must be asked; what would have happened if the outcome of the experiment was different?

Facebook’s experiments revealed that relatively minor manipulations of its pages can have tremendous and reverberating social effects. One 2012 study showed in 2010 Facebook reminded user to vote. The result was that 340,000 more people voted than otherwise would have. (“How Facebook Drove Voters to the Polls”).

Breaking It Down

Yes, Facebook is playing mind games and they are extremely dangerous at that. Zuckerberg is starting to become a Dr. Frankenstein. This experiment, even though they claim not to have sanctioned it, reveals that the monster is out of control. What kind of internal culture would even allow this type of thinking? What has Zuckerberg preached to his employees that they would believe it was ok to even try emotional manipulation of vulnerable teens? Are we looking at a company that is moving toward outright mind control? Lets take this a step further. There are laws governing human experimentation. I would wager they have probably violated at least the spirit of these laws. You simply cannot manipulate information in order to control human actions. But Facebook seems to be trying. And something needs to be done. There’s a new word in our vocabulary for this activity, “Fake news!”

 

Celebrity Cyber Report -JayZ, Meadows Music and Arts Festival

Tidal music streaming has had its ups and downs. But owner JayZ is not the give up kind of brotha. Tidal announced that they will live stream the second Meadows Music and Arts Festival taking place in Queens, New York. Last year the music streaming site only streamed select performances. This year JayZ is stepping up the game taking the festival from two to three days.

 JayZ himself will headline the festival along with the Red Hot Chili Peppers, and the Gorillaz other acts include Nas, LL Cool J, M.I.A., Weezer, Run The Jewels and Future. The festival claims to have dozens of other bands lined up to perform. The only way to live stream the event is through Tidal. Tidal’s live-streaming will offer performances from all four stages of the concert. It is unclear if the all performances will be streamed or just the featured acts from each stage. 

Tidal has gained a reputation as a strong player in live streaming music performances. Tidal has live streamed dozens of concerts including Chance the Rapper’s “Magnificent Coloring Day” concert, the last two “Made In America” festivals, as well as Prince’s last live streamed performance the 2015 “Rally 4 Peace”concert.

Meadows Music and Art Festival 2017 will happen at Citi Field, Queens New York, September 15 through 17. Tickets go on sale May 10 at the festival’s official website.

Three day general admission  will range between $275-$305, before fees.

 

WannaCry Ransomware – So Whats Happening?

WannaCry notice

A worldwide ransomware attack launched this past weekend hit computers in over 150 countries. The United States was less affected than other countries. Security experts estimated that the cyber attack crippled 200,000 computers in more than 150 countries. But that number could be low. Scarce reports have Russia and China as being especially hard hit by the malware.

The global attack was carried out by hackers who exploited a flaw in Microsoft’s Windows operating system first discovered by the National Security Agency (NSA).  In April of this year the flaw and a hacked NSA cyber tool to exploit it became public when they were posted on the Internet by a hacker group known as Shadow Brokers.

In Great Britain the loss of computing systems prevented doctors from accessing patient files and caused emergency rooms to divert patients. According to Prime Minister Theresa May there is no evidence that patient data had been stolen. British officials stated 48 of Britain’s 248 public health trusts had come under attack. All but six are back to normal.

A spokesman for FedEx said:  “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”

One reason the U.S. seems to have been spared from this global attack may have been the work of a British researcher.

The unknown attackers included a “kill switch” in the form of a URL in the malicious code. Experts believe it was a way to control the malware. The kill switch would shut down the attack when the virus sent an online request to a specific website. 

A 22-year-old British researcher whose Twitter handle is @MalwareTechBlog discovered the kill switch’s domain name had not been registered. Thinking quickly he purchased the domain name for about $11.00. According to security experts the researcher shut down the malware before the it could reach the U.S. The cyber hero probably stopped a catastrophic malware attack from taking place on U.S. soil. The researcher has confirmed his involvement in a blog post but has insisted on anonymity.

Matthieu Suiche founder of Comae Technologies a cyber security company located in the United Arab Emirates said, “That kill switch is why the U.S. has not been touched so far. But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name.” These variants have sense been discovered on the Internet.

The hackers who launched the attack asked for $300US or $600 in bitcoins to unlock computers but experts advise not paying the hackers. According to security experts victims are left waiting and hoping WannaCry’s hackers will remotely free the hostage computer. The process is done manually over the Internet. That means hackers may have the near impossible task of unlocking thousands of computers one at a time. But the real issues is the payment method, usually in bitcoins. The hackers have no way to know who paid the ransom.

Owners of the locked computer may become desperate and pay the ransom. “But don’t count on getting your files back,”said Matthew Hickey, director of security provider Hacker House.

“The culprits can only restore user’s systems by manually sending the decryption key to each affected computer, which will amount to a time-consuming process,” he said.

“You’re really at the mercy of the human operator. Someone at the other end of the connection,” Hickey said.

Was the malware attack the work of inexperienced cyber criminals or so called script kiddies? Evidence indicates that this could be the case. 

First of all the perpetrators included an obvious kill switch in the code but failed to register the domain name. Perhaps they were afraid it could lead back to them.

According to some reports the hackers did manage to rake in about $56,000 in bitcoin payments. But according to Hickey the inefficiency of the payment model may indicate the hackers were not after money at all. “If it was done for money, it wasn’t the smartest way to get it,” he said.

Hickey pointed out that because of the large number of computers infected the asking price could have been much lower and still brought in a nice pay off.

But these hackers do not appear to be experienced or ambitious cyber criminals. They demanded a large ransom and used, at best, a sloppy payment method leaving victims wondering if they were paying for nothing.

According to Hickey, “It removes the incentive to send any money to the attacker.”

But some experts see the fingerprints of North Korea on the malware attack. A New York Times report revealed that intelligence officials and private security experts have found digital evidence pointing to North Korean connected hackers.

The evidence is not definitive but security experts at Symantec believe they have found the same tools used in previous hacks of Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February in the WannaCry malware attack.

Regardless of who carried out the attack make no mistake WannaCry did indeed work and encrypted any machine unlucky enough to encounter it. Security experts and cyber sleuths are working to rescue computers already infected.

 

ALERT!-Google Docs Phishing Attack-ALERT!

Right now millions of email users are getting a seemingly innocent email asking them to view a Google Docs file. DO NOT CLICK ON IT! DELETE IMMEDIATELTY!

The email takes the user to an excellent replica of the Google Docs page you would normally see. The hackers are so clever they have copied the newest version of the page. To make matter worse the URL or web address is very close to the real Google Docs web address. The email itself will look as if it came from a legitimate email address and even uses a .gov email address.

The email does not deliver any malicious malware that we know of. But it does steal user names and passwords.

In a statement a Google PR representative said; “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google sent out another statement, this time directly from Google that read; “We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

If you have recieved the suspect email there are a few things you can do.

  1. Do not click on it even if it comes from someone you know. Always be suspicious of links and attachments you are not expecting or do not know where they come from. Anytime you get an email containing a link or attachments contact the sender and ask what is it. They may not know their email is being used to send out spam or malware.
  2. Use multi-factor authentication. Many websites offer multi-factor authentication. It is simply and extra step to protect you on the web. The system often works by sendng a second code via a text message to your smartphone. This is great when you are using a computer you don’t normally use and can prevent hackers from accessing your accounts or stealing passwords.
  3. If you have already clicked on the suspect email or are not sure then you can cancel third party access by visiting this Google site. Also change your Google passwords.
  4. Finally report the incident by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.”

Remember, try to avoid catching “click around fever.” This is the compulsion to click on links or attachments in your email or visit websites just out of curiosity. Many malware infections and viruses can be had by what’s commonly known as a drive by download.  This means the instant you click on the wrong thing or visit the wrong website you’re infected.

Breach Brief – Sabre Corporation

Sabre Corporation reported it is investigating a massive data breach of its hotel reservations system and payment systems. The company  provides technology services to 32,000 hotels and lodging businesses. Sabre Corp .reported the breach to the U.S. Securities and Exchange Commission in its quarterly reports.

The travel business giant annouced it is “investigating an incident of unauthorized access to payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system.”

But the breach may go much further than just the hotels reservation systems. Sabre provides software, data, mobile and distribution solutions used by hundreds of airlines and thousands of hotels to manage critical operations. These operations includes airline passenger ticketing, hotel guest reservations, payment and revenue management and flight, network and crew management. The company also operates a $110 billion a year worldwide travel marketplace connecting travelers, hotels, and transportation providers.

Currently Sabre has offered no further information about what data was compromised or how long the breach was going on.

But keep in mind that Sabre is a huge company. It services every facet of the travel industry including major airlines, care rental companies, cruise lines, hotels, online travel agencies and websites, rail carriers, tour companies and travel agents and travel management companies, and federal and local governements,

The company website reports that it services 104 brands, 36,000 hotel properties and handles 3.6 million booking per month and $18.3 billion in annual room sales.

Bottom line is if you traveled anywhere, for any reason, by any means and stayed in a hotel your credit card and payment information is in their system.

See also: Breach Brief – InterContinental Hotels Group