Target Corp announced an overhaul of its information security processes and the departure of its chief information officer as the retailer tries to re-gain customers and investors after a massive data breach late last year.
CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.
Jacob, who comes from a sales background and has been CIO since 2008, will be replaced by an external hire, according to sources at Target.
“It’s a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model,” Belus Capital Advisors CEO Brian Sozzi said.
The breach at Target was the second largest at a U.S. retailer, after the theft of more than 90 million credit cards over about 18 months was uncovered in 2007 at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains.
Hacking has become a major concern for retailers in the United States. In the latest reported breach, beauty products retailer and distributor Sally Beauty Holdings Inc said on Wednesday its network had been hacked but no card or customer data appeared to have been stolen.
Target Chief Executive Gregg Steinhafel said the company would elevate the role of chief information security officer as part of its plan to tighten its security.
The company will also look externally to fill that position as well as the new position of chief compliance officer.
Steinhafel said Target would be advised by security consultant Promontory Financial Group as it evaluates its technology, structure, processes and talent.
“I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously,” Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, told Reuters.
Target, the third-largest U.S. retailer, said last week customer traffic had started to improve this year after falling significantly toward the end of the holiday shopping season when news of the cyber attack spooked shoppers.
AMD’s Mantle has been a hot topic for quite some time and despite its delayed birth, it has finally came delivered performance in Battlefield 4. Microsoft is not sleeping it has its own answer to Mantle that we mentioned here.
Oddly enough we heard some industry people calling it DirectX 12 or DirectX Next but it looks like Microsoft is getting ready to finally update the next generation DirectX. From what we heard the next generation DirectX will fix some of the driver overhead problems that were addressed by Mantle, which is a good thing for the whole industry and of course gamers.
AMD got back to us officially stating that “AMD would like you to know that it supports and celebrates a direction for game development that is aligned with AMD’s vision of lower-level, ‘closer to the metal’ graphics APIs for PC gaming. While industry experts expect this to take some time, developers can immediately leverage efficient API design using Mantle. “
AMD also told us that we can expect some information about this at the Game Developers Conference that starts on March 17th, or in less than two weeks from now.
We have a feeling that Microsoft is finally ready to talk about DirectX Next, DirectX 11.X, DirectX 12 or whatever they end up calling it, and we would not be surprised to see Nvidia 20nm Maxwell chips to support this API, as well as future GPUs from AMD, possibly again 20nm parts.
The deal would mirror a first-of-its kind agreement that Disney and satellite rival Dish Network Corp announced earlier this week.
The Internet rights being discussed are part of a large-scale programming agreement that would replace a deal between the companies that expires in late December. Disney and Dish are in negotiations but the timing of the new deal could be not be learned.
“The deal and terms are not unexpected as the Dish contract was the most recent in the Disney timeline to expire,” DirecTV spokesman Darris Gringeri said on Wednesday. “The DirecTV contract is up next and we’re in the process of working with Disney on a similar long-term agreement of our own.”
A Disney spokesman declined to comment.
A new pact could give both Disney and DirecTV, the No. 1 satellite operator, an additional revenue source as consumers gravitate toward online video services such as Netflix Inc and watch more television online.
The agreement between Dish and Disney marked the first time that a U.S. pay TV operator has been given the flexibility to offer its content over the Web through smartphones, tablets and computers outside of a pay TV subscription.
In that agreement, Disney allows for Dish to stream linear and on-demand content from ABC broadcast stations as well as cable channels, ABC Family, Disney Channel, ESPN and ESPN2. Dish has not revealed plans for its streaming service.
DirecTV, which has 20.3 million subscribers, is expected to secure better rates on programming than Dish, which has 14.1 million subscribers, because of its size. Both companies have complained about the rising cost of programming and have been involved in high-profile blackouts over the past few years.
DirecTV Chief Executive Mike White has previously said the company is working on an “over-the-top” video package to suit niche audiences featuring Hispanic or kids programming, but has not yet given details on that offering.
Analysts speculate that Facebook may want to use the drones to bring Internet connectivity to the two-thirds of the world that are not connected.
The social networking company is reportedly paying $60 million for Titan Aerospace, according to TechCrunch, which cited unnamed sources.
Neither Titan Aerospace nor Facebook responded to requests for confirmation.
The aerospace company builds light-weight, high-flying drones that can take off at 20 mph and remain aloft for five years. The company’s Solara 50 drone, for instance, can fly as high as 65,000 feet above Earth.
“Drones are the latest rage with tech companies these days,” said Dan Olds, an analyst with The Gabriel Consulting Group. “Amazon, Google and Facebook, plus a whole lot more seem to be looking for ways they can shoehorn drones into their business plans. And what young geek didn’t dream of having a remote control flying machine that could do anything they wanted it to do?”
But could Facebook use these drones to bring Internet connectivity to remote areas? Sure, but it’s not the only way they could go about it.
Last June, Google’s research arm, Google X, announced that it was working on affordable Internet connectivity through the use of a fleet of high-altitude balloons. The company tested its plan by launching 30 balloons that flew twice as high as commercial airplanes with 50 users trying to connect to the Internet from below.
Amazon.com had another use for drones, and in December announced plans to use the machines to deliver merchandise to customers. Possibly taking a page from Domino’s old promise of delivering pizzas in 30 minutes or less, Amazon said with drones, some customers could get their purchases within half an hour.
“Could drones be the way to provide net connections in Third World countries?” asked Olds. “Yeah, maybe, but wouldn’t a set of non-sexy, long-range cell towers or low-power, cost-optimized microwave repeaters be a better solution? Sure, there are some drawbacks to physical infrastructure on the ground, but they can be worked around.”
He reiterated that drones simply are the cool new tech tool. How could a tech company with very deep pockets resist?
Verizon Communications is engaged in discussions with content providers to deliver web-based TV services to mobile platforms, chief executive Lowell McAdam, said at an investor conference earlier in the week.
Just recently, Dish Network Corp and Walt Disney Co announced a landmark deal that will allow the No. 2 satellite TV provider to deliver Disney-owned network content online, outside of a traditional TV subscription.
Verizon’s goal “is to work with the content providers,” said
McAdam at the Morgan Stanley Technology, Media & Telecom Conference.
“I have personally had discussions with the CEOs of the large content companies, and we would love to partner with them to see how we can take FiOS contact mobilely across the country.” he said.
McAdam said the company could also look at providing a service delivered over wireless airwaves and not just broadband.
According to PwC’s annual entertainment and media forecast, North American consumers will spend $6 billion in 2014 on entertainment from services such as Netflix that are offered over the top, meaning they are utilized over a network but not offered by the network operator.
“I think you can actually get a virtuous cycle where broadcast viewing goes up and over-the-top viewing goes up, if you time this properly,” McAdam said.
In January, Verizon acquired Intel Corp’s OnCue service for an undisclosed sum to accelerate its push into next-generation video services, including integrating it with Verizon’s FiOS fiber-based Internet and TV service that has more than 5 million video subscribers, about 5 percent of pay TV households. The company said it was open to providing over-the-top content to any device.
McAdam also stressed that Verizon expects Netflix to pay for faster video delivery as part of a so-called interconnect deal, in an arrangement similar to the one the video provider has made with Comcast Corp.
“I have spoken live and via email with (Netflix CEO) Reed Hastings, and I believe that we will get some sort of an arrangement with them as well,” said McAdam.
We already knew that Android was the mobile operating systems most targeted by malware, and that isn’t about to change any time soon.
Security firm F-Secure has reported that malicious activity on Android accounted for 97 per cent of all detected mobile threats for 2013.
The figures were revealed in F-Secure’s latest Threat Report for the second half of 2013, finding that there were 566 more Android malware variants found last year than during the previous year.
“97 percent of the mobile threats in 2013 were directed at the Android platform, which racked up 804 new families and variants,” F-Secure said in its report (pdf). “The other three percent (23) were directed at Symbian. No other platforms had any threats. In contrast, 2012 saw 238 new Android threats.”
F-Secure found that the top 10 countries reporting Android threats saw a little over 140,000 Android malware detections, with 42 percent of the reported detections coming from Saudia Arabia and 33 percent from India. European countries accounted for 15 percent of the total and the US just five percent.
F-Secure said that due to Android itself having relatively few vulnerabilities, the main distribution method is still through shady apps downloaded from third-party app stores.
“For mobile platforms, the continued dominance of the Android operating system makes it almost the exclusive target for mobile threats we’ve seen this period,” F-Secure’s report explained.
“Though the relatively low number of vulnerabilities found in Android makes the operating system itself difficult to attack, this security is largely circumvented by the relative ease with which malware authors can provide their ‘products’ and dupe users into installing it on their own devices, with the necessary permissions to straightforwardly use the device (and the user’s data) for the attacker’s own benefit.”
The Android malware families most commonly reported in that period were Ginmaster, Fakeinst and Smssend, which either harvest data from the device or send premium-rate SMS messages.
The F-Secure report also found that web based attacks, which typically involve techniques that redirect the browser to malicious websites, were the most commonly reported type of attack for the period, making up 26 percent of malware detections, followed by the Conficker worm with 20 percent.
“The three most common exploits detected during the period were all Java-related,” the report said. “Java exploits, however, declined compared to [the first half of] 2013. Mac malware continues a slight but steady increase, with 51 new families and variants detected in 2013.”
The change, which will be rolled out gradually according to a Yahoo spokeswoman, will require users to register for a Yahoo ID in order to use any of the Internet portal’s services.
The move marks the latest change to Yahoo by Chief Executive Marissa Mayer, who is striving to spark fresh interest in the company’s Web products and to revive its stagnant revenue.
“Yahoo is continually working on improving the user experience,” the company said in a statement, noting that the new process “will allow us to offer the best personalized experience to everyone”.
The first Yahoo service to require the new sign-in process is Yahoo Sports Tourney Pick’Em, a service focused on the NCAA college basketball tournament which begins later this month. News of the change to Yahoo’s Tourney Pick’Em sign-in process was first reported by the technology blog Betanews.
Since Mayer took the reins in 2012, the company has rolled out new versions of many of its key products, including Yahoo Mail and Yahoo Finance. Last year, Yahoo announced a program to recycle inactive Yahoo user IDs, letting new users claim email addresses that have not been used for more than 12 months.
In eliminating the Facebook and Google sign-in features, Mayer, a former Google executive, is effectively reversing a strategy that Yahoo adopted in 2010 and 2011 under then CEO Carol Bartz.
The change to the Tourney Pick’Em sign-in process began on Monday, the Yahoo spokeswoman said, noting that users could still access other services with Google or Facebook IDs.
The sign-in buttons for Facebook and Google will eventually be removed from all Yahoo properties, the Yahoo spokeswoman, though she declined to provide a timeframe.
Fujitsu Labs have worked out a way to improve vibration feedback when typing on a virtual keyboard. The prototype haptic sensory tablet emits ultrasonic vibrations under the surface of the tablet’s display.
The company says that although producing ultrasonic vibrations would generally require a good deal of power, its engineers have come up with a way of shrinking down the tech and allowing a tablet prototype to run its haptic feedback system. Essentially, the vibrations create a layer of high pressure air between a user’s fingertips and the surface of the screen, resulting in reduced friction so the fingers can skate across the screen. This alternates between high and low friction to create the illusion of a textured surface.
It is possible to feel a CD beneath the fingers while spinning and scratching like a DJ, as well as physically feeling and manipulating the deck controls. Research continues to improve the technology, but the company is looking to commercialize the development by next year.
Worldwide sales of tablets to end users totaled 195.4 million units, fueled by sales of low-end, smaller screen devices, and purchases by first time buyers, the company reported.
Android has become the biggest tablet operating system with 62% of the market. In 2012, Google’s OS trailed Apple’s iOS by a margin of about 8 million tablets, but by the end of last year had turned that into a 50 million-unit lead.
The Android camp led by Samsung sold almost 121 million tablets, for a 61.9% share, compared to 53.3 million units and a 45.8% share in 2012. Apple’s tablet sales increased from 61.5 to 70.4 million units, but because the overall market grew faster, the company’s share dropped from 52.8% to 36%.
Microsoft’s Windows tablet sales improved but the share remained small at 2.1%, with shipments growing from 1.2 million to 4 million units. To compete, Microsoft needs to create a more compelling ecosystem for consumers as well as developers across all mobile devices, Gartner said.
Apple’s strong fourth quarter helped it maintain the top position among the manufacturers. Samsung, ranked in second place, had the biggest growth of the worldwide tablet vendors, at 336 %. The expansion and improvement of its Galaxy tablet portfolio, together with a lot of marketing, helped Samsung shrink the gap with Apple.
Samsung sold 37.4 million tablets for a 19.1% slice of the market.
The rest of the top 5 was made up of Asus, Amazon.com and Lenovo. Of those three companies, Lenovo did particularly well with tablet sales growing by 198% to 6.5 million units, or a 3.3% market share. The company’s success was due to a combination of new tablet models launched during the second half of last year, and sales of its Yoga model and its Windows tablets doing particularly well, Gartner said.
However, Lenovo is still behind Asus, with 11 million units sold, and Amazon, with 9.4 million. Asus’ market share grew from 5.4% to 5.6%, while Amazon’s share declined from 6.6% to 4.8%.
As the tablet market becomes even more competitive, this year it will be critical for vendors to improve user experience, technology and ecosystem value beyond just hardware and cost, Gartner said.
Sprint Corp and the federal government both agreed to fight in court over how much money law enforcement agencies owe the wireless provider for help the company was required to give investigators who wanted to tap phone calls.
The Obama administration filed a suit in U.S. District Court in San Francisco on Monday, alleging that Sprint overcharged the government $21 million for expenses it incurred while complying with court-ordered wiretaps and other surveillance help.
Sprint said it plans to defend the matter “vigorously.”
Telecommunications companies, including Sprint, are routinely asked to assist with investigations by helping facilitate phone surveillance such as wiretaps or so-called “pen registers,” which record data about phone calls, though not their content.
The companies are required to maintain equipment and facilities to be ready to assist. They are allowed to request reimbursements for related “reasonable expenses.”
In the case, San Francisco U.S. Attorney Melinda Haag alleged that Sprint “knowingly submitted false claims” to the FBI, Drug Enforcement Administration, Marshals Service and other law enforcement agencies from January 1, 2007 to July 31, 2010, inflating costs by about 58 percent.
The lawsuit said Sprint violated the anti-fraud law known as the False Claims Act and went against the federal regulations that prohibit carriers from using the reimbursements for wiretap cooperation to pay for updates to their equipment, facilities and services.
“Because Sprint’s invoices for intercept charges did not identify the particular expenses for which it sought reimbursement, federal law enforcement agencies were unable to detect that Sprint was requesting reimbursement of these unallowable costs,” the Justice Department said in the lawsuit.
Sprint, however, said its invoices to the federal agencies fully complied with the law that requires the government to reimburse reasonable costs incurred in assisting law enforcement agencies with electronic surveillance.
“We have fully cooperated with this investigation and intend to defend this matter vigorously,” said Sprint spokesman John Taylor.
The False Claims Act is the U.S. government’s main tool for recovering money when it think it has been defrauded, usually by a contractor such as an arms maker or hospital chain.
The site, which enables strangers to meet for shared-interest activities ranging from parents’ groups to software development, was back online but still being attacked , Meetup CEO Scott Heiferman told Reuters.
Meetup has refused to pay the small ransom as it believes doing so would make the perpetrators of the attacks demand more money.
“It’s a cat and mouse game,” Heiferman said, adding he was not yet sure how long it would take to keep the site reliably online.
A Meetup blog had earlier said the company was a victim of a distributed denial of service (DDoS) campaign, a type of attack that knocks websites offline by overwhelming them with incoming traffic. It said that no personal data, including credit card information, had been accessed.
Heiferman said he was open to the possibility of some financial relief for members who pay between $12 and $17 a month to organize Meetup groups in their geographic and thematic areas of interest. He said his first priority was to resume the service of creating communities wholly via an Internet connection.
“we’re going to come out of this much stronger. And I don’t mean that as just a trite euphemism, I mean it literally. Like, we are going to be much more secure,” he said.
The Federal Bureau of Investigation has been investigating the attack since late last week when the assumed criminal group first offered to withhold it if Meetup paid $300.
The attack was the first in the site’s 12-year history, and Heiferman defended the move not to pay the paltry ransom.
“We made a decision not to negotiate with criminals,” he said in the post. “Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spread in the criminal world.”
Meetup has almost 17 million members and, when online, was signing up between 15,000 and 20,000 people every day.
The site represents a soft target for online criminals, who often attempt to extort companies in return for calling off DDoS attacks, said Kevin Johnson, chief executive of cybersecurity consultancy Secure Ideas.
“It’s very common for this sort of attack to start off with a small demand,” Johnson said. “It’s not like Meetup can write a check for a million dollars.”
Heiferman’s blog post said the site should be able to protect itself over time, even though it has struggled to stay online since the attacks began on Thursday morning. He said Meetup spent millions of dollars a year to secure its systems.
The Meetup site and related mobile apps have been intermittently unavailable since Thursday.
Samsung appears to have delivered a huge snuff to Android OS maker Google. Samsung’s new smartwatch Gear 2 and Gear 2 Neo, the sequels to the poorly reviewed original Galaxy Gear are going to ship without Android.
Instead, the new Gears run Tizen, another open source operating system that Samsung, Intel, and others are working on. It is starting to look like Samsung wants to distance itself from its reliance on Google for software and services.
Samsung’s official reason is that Tizen has better battery life and performance. The new Gears can get up to an extra two days of battery life by running Tizen, even though they have the same size battery. The Galaxy Gear barely made it through a day on one charge.
To be fair Android isn’t optimized to run on wearable devices like smart watches, but Samsung didn’t want to wait around for Google to catch up. It was clearly concerned about beating Apple to market. So far Apple has not shown up.
The company’s PalmSecure scanners use near-infrared light to scan points in veins that lie beneath the surface of a user’s palm. There has to be blood flowing through a user’s hand for the sensor to work.
Every person’s palm pattern is unique, and scans of vein points are matched against previously registered scans to authenticate users and unlock whatever device or service they’re linked to.
“We have been reducing the size of our palm vein authentication units since their initial development,” a Fujitsu spokesman said. “In the future, we hope to eventually have these units embedded into smartphones.”
Fujitsu claims the biometric technology has a false acceptance rate of only 0.00008% and a false rejection rate of 0.01%.
The company first commercialized the technology in 2004 when palm-sized scanners were embedded in ATMs at Japan’s Bank of Tokyo-Mitsubishi to help authenticate customer identity and prevent fraud. In-store scanners at Suruga Bank also appeared in 2004.
Fujitsu later shrank the scanners and embedded them in laptops.
It recently showed off a stamp-sized version of the scanner that is the smallest yet. It’s been embedded in tablets for the first time and will be included in about 2,000 tablets provided to Fukuoka Financial Group, which includes the Bank of Fukuoka, Kumamoto Bank and Shinwa Bank.
“No one has this technology, and it’s significantly more secure than fingerprint,” the Fujitsu spokesman said, adding that some banks have shown interest in palm-vein scanners as a means of verifying identity in natural disasters in which ID or bank cards are lost or destroyed.
The customized 12.5-inch Fujitsu Arrows Q704/H tablets have Intel Core i5 processors and run Windows, acting as virtual desktops. Bank employees meeting customers off-site will be able to securely access their bank’s internal system by using the palm-vein authentication scanners.
Only users whose biometric info has been registered beforehand will be able to operate the tablets.
At CES in January, U.S.-based biometric payments company PulseWallet demonstrated a cardless point-of-sale terminal incorporating Fujitsu’s vein-imaging technology. It said registered users could leave their credit and debit cards at home and make payments simply by having their palms scanned.
Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.
“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.
“We have found no information based on our review of our systems to date indicating a breach,” he added.
He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.
Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.
Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.
The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.
A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.
The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.
As in-vehicle electronics become more sophisticated to support autonomous driving, cameras, and infotainment systems, Ethernet has become a top contender for connecting them.
For example, the BMW X5 automobile, released last year, used single-pair twisted wire, 100Mbps Ethernet to connect its driver-assistance cameras.
Paris-based Parrot, which supplies mobile accessories to automakers BMW, Hyundai and others, has developed in-car Ethernet. Its first Ethernet-connected systems could hit the market as soon as 2015, says Eric Riyahi, executive vice president of global operations.
Parrot’s new Ethernet-based Audio Video Bridging (AVB) technology uses Broadcom’s BroadR-Reach automotive Ethernet controller chips.
The AVB technology’s network management capabilities allows automakers to control the timing of data streams between specific network nodes in a vehicle and controls the bandwidth in order to manage competing data traffic.
Ethernet’s greater bandwidth could provide drivers with turn-by-turn navigation while a front-seat passenger streams music from the Internet, and each back-seat passenger watches streaming videos on separate displays.
“In-car Ethernet is seen as a very promising way to provide the needed bandwidth for coming new applications within the fields of connectivity, infotainment and safety,” said Hans Alminger, senior manager for Diagnostics & ECU Platform at Volvo, in a statement.
Ethernet was initially used by automakers only for on-board diagnostics. But as automotive electronics advanced, the technology has found a place in advanced driver assistance systems and infotainment platforms.
Many manufacturers also use Ethernet to connect rear vision cameras to a car’s infotainment or safety system, said Patrick Popp, chief technology officer of Automotive at TE Connectivity, a maker of car antennas and other automobile communications parts.
Currently, however, there are as many as nine proprietary auto networking specifications, including LIN, CAN/CAN-FD, MOST and FlexRay. FlexRay, for example, has a 10Mbps transmission rate. Ethernet could increase that 10 fold or more.
The effort to create a single vehicle Ethernet standard is being lead by Open Alliance and the IEEE 802.3 working group. The groups are working to establish 100Mbps and 1Gbps Ethernet as de facto standards.
The first automotive Ethernet standard draft is expected this year.
The Open Alliance claims more than 200 members, including General Motors, Ford, Daimler, Honda, Hyundai, BMW, Toyota, Volkswagen. Jaguar Land Rover, Renault, Volvo, Bosch, Freescale and Harman.
Broadcom, which makes electronic control unit chips for automobiles, is a member of the Open Alliance and is working on the effort to standardize automotive Ethernet.