Nordstrom tracking customer movement via smartphones’ WiFi sniffing
A posting from Naked Security:
You’ve spent quite some time in the lingerie department, but you haven’t even peeked at our display of Bose® ‘OE2′ Audio Headphones, which were $149.95 but are now ONLY $134.96! Can we talk?”
OK, so that’s not exactly what Nordstrom says it’s planning to do with the information it gleans from tracking customers’ movements throughout their stores.
But it certainly could market that aggressively, now that the department store – purveyor of apparel, shoes, jewelry, and the like – has implemented technology to track how much time you spend in specific departments within 17 stores in the US.
Tara Darrow, a company spokeswoman, told CBS DFW that sensors in the stores are collecting information from customers’ smartphones as those phones automatically scan for WiFi service.
To read more click here:
Senate Bill Calls For ‘Watch List’ Of Nations Cyberspying On U.S., Trade Sanctions
A posting from Dark Reading in there Advance threats section:
In a week that began with the rare move of the Pentagon calling out the Chinese government and military for attacks on U.S. government networks, some key senators have drafted a bill that would create a watch list of nations conducting cyberespionage against the U.S., and spell out just what technologies and products are being stolen — as well as which foreign firms benefit from the intellectual property stolen from the U.S.
The bipartisan bill, co-sponsored by Sens. Carl Levin, D-Mich.; John McCain, R-Ariz.; Jay Rockefeller, D-W.Va.; and Tom Coburn, R-Okla., is the latest move by the U.S. to ratchet up pressure on China, which has been outed as one of the world’s biggest cyberespionage actors. China, in typical fashion, yesterday shot down the Defense Department’s claims of cyberspying, calling them “irresponsible and harmful” and denying any state-sanctioned hacking.
To read more click here:
Unpatched Remote Access Tools: Your Gift To Attackers
A posting from Information Week in there Security section:
Help desk teams love remote-control software. When employees call with computer problems, the IT department can remotely take control of the user’s machine, copy over files and set all application and operating system wrongs to right.
Unfortunately, they’re not the only group interested in putting TeamViewer, Symantec PCAnywhere, UltraVNC or other remote access software to work. Attackers love the software too, because it allows them to avoid sneaking complex Trojan malware onto a targeted PC. Instead, they use the already installed remote control software to do the heavy lifting for them, and even run attacks from memory, thus making the exploits more difficult to detect, trace or investigate.
Take the three-year old “TeamSpy” espionage operation, first publicly disclosed Wednesday, that’s been targeting high-profile users of the TeamViewer remote control, desktop sharing and file transfer software, which counts over 100 million people as users.
To read more click here:
Pentagon OKs Androids, BlackBerrys for soldiers
A posting from Naked Security about the Pentagon OKs Androids, BlackBerrys for soldiers:
The US Department of Defense (DoD) announced on Thursday that it has approved the use of Samsung phones running a hardened version of Android.
According to the BBC, the approval for other types of smartphones and mobile devices for use by US soldiers is coming soon.
Specifically, approval for other Android devices and for Apple phones and tablets is expected later this month.
According to Federal News Radio, the move is part of a broader DoD plan to more than double the number of secure mobile devices used by armed forces by 2014.
The approved Samsung smartphones will run a hardened version of Android called Knox.
The Pentagon has also given a nod to several recent BlackBerry products, which Federal News Radio refers to as “the overwhelming incumbent in the market for DoD handhelds”.
To read more click here:
Metasploit Module Released For IE Zero-Day Flaw Used In Labor Attack
A posting from Dark reading: A targeted attack discovered last week serving up malware from the U.S. Department of Labor’s (DOL) website employed a previously unknown vulnerability in Internet Explorer 8 that Microsoft says it will fix either with an emergency patch or via its monthly patch process.
And as is tradition, Metasploit also has quickly added an exploit pack for the new flaw, a use-after-free bug that has been assigned as CVE-2013-1347. “Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability,” a security advisory issued by Microsoft late on Friday said. “Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.”
Security researchers at AlienVault Labs and Invincea initially attributed the exploit to a patched bug in IE 8, CVE-2012-4792, but further investigation into the attacks found it was a new flaw. FireEye is credited with reporting the find to Microsoft.
To read more click here:
5 Ways For SMBs To Boost Security But Not Costs
A posting from Dark reading: For many businesses, improving their security seems like the proverbial money pit: but it doesn’t have to be that way.
While the time crunch of attending to the demands of the daily business has typically created an accumulation of security problems for many businesses, information technology professionals at SMBs can improve their company’s security posture by focusing on small fixes to those problems that require time but not a lot of money, says Dylan O’Connor, chief technology officer for Thrive Networks, a Staples company that offers managed information technology for small and medium businesses.
“There are some things that are not just low cost–they are no cost–that customers can do to improve their security,” he says. “These steps may be obvious to IT managers, but a lot of our customers do not have IT administrators.”
To read more click here:
