Month: June 2015

Business owners don’t need IT skills to understand that data breaches are serious. Certainly big names in retail and health care know by experience that such breaches have serious after-effects. Breaches have an impact on customer trust and in turn threaten profits.

Sponsored by IBM, the Ponemon Institute’s “2015 Cost of Data Breach Study: Global Analysis,” reported that the average total cost of a data breach for the 350 companies participating in the research increased from 3.52 to $3.79 million.
“In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”
One company with a solution has a distinct point of view. Terbium Labs said, “We are a different sort of information security company.” Consider this: Critical data and intellectual property are always at risk, they said. Data security does not exist. Maryland-based Terbium Labs said at least it can give you the power to immediately counter data theft. They cannot promise you will never lose data, but they can tell you that they will help to find data that is lost, and quickly.
“We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today’s insecure digital world, your organization’s critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That’s why modern organizations are shifting their information security focus from prevention to risk management,” said the team.
Terbium Labs’ Matchlight system enables breach discovery to be immediate and automatic. The company’s “immediate” is a key point, indicating breach discovery within seconds or minutes instead of months. (The average data breach traditionally has taken over 200 days to discover, and 85 percent of those breaches are discovered by external third parties.) The speed-up may enable an organization to start remediation plans before real damage occurs.
“Overall, the system allows companies, such as retailers and financial institutions, to detect whether a criminal has published some of their data on the Dark Web without revealing to anyone the exact nature of the sensitive data,” said MIT Technology Review.
A patent-pending, one-way digital fingerprinting technique is put to work. Matchlight collects fingerprints from across all places on the Internet where stolen information is traded, including Dark Web markets and forums. They monitor for matches. If a match is found you get an alert.
Matchlight could be used by health care providers, banks, payment card providers, payment processors and other financial services and by engineering and manufacturing companies, among other sectors. “Organized crime and foreign nation-states make up a majority of industrial-espionage attacks, and their frequency continues to rise,” said the company.
(The data fingerprinting technique uses “cryptographic hashing.” It makes sure no one including Terbium Labs can decipher the originating data. A cryptographic hash function is described as a hash function which takes an input or message and returns a fixed-size alphanumeric string.)
So what actually happens after a breach is found? With Matchlight, organizations are alerted when elements of their data as short as fourteen bytes appear on the Internet. The alerts are sent immediately. Organizations can begin their remediation plans before any further damage can occur.
A number of companies have been testing Matchlight and now Terbium is inviting further signs of interest. “We have been testing Matchlight with a select number of alpha and beta clients. If your organization would like access to Matchlight, contact us today!” said the company.
What good does it do to help find data that has already been stolen? For companies, it could mean reducing damages. “Already the system has helped companies testing the system find thousands of credit-card numbers that had been put up for sale on the Internet. While the Matchlight system catches attackers only after they post data following a breach and does not prevent the original compromise, it does reduce the time between compromise and discovery,” said MIT Technology Review.
Referring to a major retailer breach incident which cost the company millions, the article said, “Catching the attack as soon as the thieves attempted to sell the data could have given the attackers less time inside the company’s network and the buyers of the data less time to rack up fraudulent charges.”
Jeremy Kirk, IDG News Service, talked about the finding-out process.”Where we’re looking at are places where people are leaking or are trying to monetize data,” CEO Danny Rogers said. Companies using Matchlight can get alerts when a piece of data is found. A fingerprint ID number can be looked up to see what original data it corresponds to. Companies can then potentially start the breach mediation process, Rogers said in the article by Kirk. Signs of success so far? According to Kirk: “Rogers said the first day Terbium turned Matchlight on, it found in a single 24-hour period 20,000 to 30,000 credit card numbers and 600 leaked email addresses and passwords. Both sets of data were detected minutes after being posted, Rogers said.”

References:http://phys.org/

Researchers in UC Santa Barbara professor Yasamin Mostofi’s lab are proving that wireless signals can do more than provide Internet access. They have demonstrated that a WiFi signal can be used to count the number of people in a given space, leading to diverse applications, from energy efficiency to search-and-rescue

‘Our approach can estimate the number of people walking in an area, based on only the received power measurements of a WiFi link,’ said Mostofi, a professor of electrical and computer engineering. This approach does not require people to carry WiFi-enabled telecommunications devices for them to be counted, Mostofi emphasized.
To accomplish this feat of people-counting, the researchers put two WiFi cards at opposite ends of a target area, a roughly 70-square-meter space. Using only the received power measurements of the link between the two cards, their approach can estimate the number of people walking in that area. So far, they have successfully tested with up to and including nine people in both indoor and outdoor settings. The findings of Mostofi’s research group are scheduled for publication in the Institute of Electrical and Electronics Engineers Journal on selected areas in Communications’ special issue on location-awareness for radios and networks.
‘This is about counting walking people, which is very challenging,’ said Mostofi. ‘Counting this many people in such a small area with only WiFi power measurements of one link is a hard problem, and the main motivation for this work.’
This people-counting method relies in large part on the changes of the received wireless signal, according to the researchers. The presence of people attenuates the signal in the direct line of sight between the WiFi cards if a person crosses the line of sight, and human bodies also scatter the signal—resulting in a phenomenon called multi-path fading—when they are not in the direct line of sight path. By developing a probabilistic mathematical framework based on these two key phenomena, the researchers have then proposed a way of estimating the number of people walking in the space.
With the near-ubiquity of WiFi in many settings, the researchers’ findings have the potential for many diverse applications. For instance, the ability to estimate the number of people in a given space could be used in smart homes and buildings, so air conditioning and heating could be adjusted according to the level of occupancy. ‘Stores can benefit from counting the number of shoppers for better business planning,’ noted Mostofi.
Security and search-and-rescue operations could also take advantage of occupancy estimation. Previous work in the research lab involved imaging stationary objects/humans through walls with WiFi signals, and Mostofi plans to eventually bring the two projects together in the future.

References:http://phys.org/

Brain activity can be monitored in real-time with tiny injectable flexible electronics, according to a new study done in mice.

Such devices could one day be used to map brain activity, or even stimulate activity to help treat people with disorders such as Parkinson’s disease, scientists added.

Traditional electronics are rigid, but inventors have recently developed flexible and stretchable electronics. These new devices could potentially lead to video screens one could roll up or fold to fit in a pocket.One key way flexible electronics could be used would be applications within the body, where they could help monitor and manipulate living tissue. However, current flexible electronics are usually flat sheets, designed to lie on surfaces.

As such, a sheet can be placed into the body only by cutting a slit into the tissue that is at least as wide as the sheet, for example, cutting a slit into a person’s skin or skull, said study co-author Charles Lieber, a nanoscientist and nanotechnologist at Harvard University. “It is difficult yet critical to protect the complex and fragile electronics when it is delivered,” he said. “Traditional procedures all involve surgery that would make an opening equal to the size of the structure.”

Now scientists have designed electronics flexible enough to get stuffed into the needle of a syringe — a tube with a diameter as small as about 100 microns, or about the average width of a human hair. [10 Technologies That Will Transform Your Life]

“Our new mesh flexible electronics are 1 million times more flexible than the state-of-the-art flexible electronics,” Lieber told Live Science.

The new devices start off as tiny flat sheets about the size of a postage stamp made of metal electrodes and silicone wires that are each only nanometers, or billionths, of a meter thick. These sheets are meshes like chicken wire, consisting of about 90 percent empty space.

A variety of sensors can incorporated into these meshes. To feed data from these sensors outward, one side of each of the meshes contains metal pads that researchers can hook up to outside wires.

When suspended in liquid that is drawn into a syringe, the meshes naturally roll up into a scroll-like, tubular shape. After they are injected, they return back to their original shapes in less than an hour.

“We can precisely deliver these ultra-flexible electronics through a common syringe injection into virtually any kind of 3D soft material,” Lieber said. “The injection process and ultraflexible electronics introduce no damage to the targeted structures.”

In experiments, the scientists injected these meshes into two distinct brain regions in live mice. “When we injected the electronics into a mouse brain with almost no bleeding and successfully recorded brain activity, we knew we were onto something very exciting,” Lieber said.

The flexible, thin nature of the wires and the porous quality of the meshes helped the devices to integrate into the living tissues they were implanted within. “There is no scar tissue or immune response around the injected ultra-flexible mesh electronics months after implantation, which contrasts to all work to date with larger and more rigid probes,” Lieber said. “This could be transformative for brain science and medicine.”

These devices were able to network with healthy neurons in the mouse brains and monitor their activity. The setup they used is much smaller and lighter than conventional electronic systems implanted in brains. “It allows the mouse to behave quite naturally, without a weight on its head,” Lieber said.

In the future, the researchers would like to see if their injectable devices can remain stable for long spans of time in the body. Such medical implants could help record and stimulate activity in the brain, such as in regions damaged by Parkinson’s disease, Lieber said. Mesh electronics could also go in the eyes, and be combined with stem cell therapies, he added.

In other experiments, the researchers showed they could inject and integrate their meshes into a variety of synthetic structures as well, such as cavities inside silicone rubber blocks. They suggest that injectable electronics could be used to monitor artificial structures with corrosion and pressure sensors.

The scientists noted that more than 90 percent of their devices worked after injection. Still, they would like to achieve total success in the future, which involves factors such as the best speeds for the injections. However, Lieber noted that even at 90 percent, their mesh electronics are better for commercial applications than conventional brain probes, many of which fail to work over time because they damage the brains they are implanted in.

References:http://www.livescience.com/

The entire U.S. federal workforce may be at risk after yet another intrusion from what security experts believe were hackers based in China. The Department of Homeland Security says that data from the Office of Personnel Management—the human resources department for the federal government—and the Interior Department has been infiltrated.

It is not the first and it follows massive data breaches at health insurance companies, major U.S. banks like JPMorgan and retailers such as Target and Home Depot.
Here’s what to do if you think you’ve been compromised.
FIRST THINGS FIRST
— Notify the credit agencies (Equifax, Experian, TransUnion) and request a 90-day credit alert. (Each reporting agency is supposed to notify the others, but you may want to contact all three yourself.) The alert tells businesses to contact you before opening any new accounts in your name. You can renew the alert every 90 days, or you’re entitled to keep it in effect for seven years if you find that your identity is stolen and file a report with police.
— You might consider asking the reporting agencies to place a full freeze on your credit. This blocks any business from checking your credit to open a new account, so it’s a stronger measure than a credit alert. BUT you should weigh that against the hassle of notifying credit agencies to lift the freeze—which can take a few days—every time you apply for a loan, open a new account or even sign up for utility service.
BE A DETECTIVE
— When your credit card bill comes, check closely for any irregularities. And don’t overlook small charges. Crooks are known to charge smaller amounts, usually under $10, to see if you notice. If you don’t, they may charge larger amounts later.
— Get a free credit report once a year from at least one of the major reporting agencies (Equifax, Experian, TransUnion), and review it for unauthorized accounts. Ignore services that charge a fee for credit reports. You can order them without charge at www.annualcreditreport.com . If you order from each agency once a year, you could effectively check your history every four months.
DO PAID SERVICES WORK?
— Some experts say there’s not much to be gained from a paid credit monitoring service. But it can’t hurt to sign up for any monitoring offered for free by a company or any other entity that may have held your information when it was hacked. NOTE: These services will tell you if a new account is opened in your name, but they won’t prevent it, and many don’t check for things like bogus cellphone accounts, fraudulent applications for government benefits or claims for medical benefits. Some do offer limited insurance or help from a staffer trained to work with credit issuers and reporting agencies.
SOMEONE DID STEAL MY IDENTITY, WHAT DO I DO?
— Contact the credit issuer to dispute fraudulent charges and have the bogus account closed.
— Request your credit report and ask the reporting agencies to remove bogus accounts or any incorrect information from your record. See tip #1 on setting up a credit alert and/or freeze.
— Submit a report through the FTC website: www.consumer.ftc.gov. Click the “privacy & identity” tab, which will walk you through creating an affidavit you can show to creditors.
— Keep copies of all reports and correspondence. Use certified mail to get delivery receipts, and keep notes on every phone call.
AVOID ADDITIONAL HACKS
— After a hack, scammers may try to use the stolen data to trick you into giving up more personal information. They can use that info to steal money in your accounts or open new credit cards.
— Don’t click on any links from emails. Bad software could be downloaded to your computer that can steal account passwords.
— You might get letters in the mail saying you won a tablet or vacation and give you a phone number to call. Don’t do it. It’s likely a ploy to gather more information from you.
— Hang up the phone if you get a call asking for account numbers or other information. Scammers may also send texts, so don’t click on any links from numbers you don’t know.

References:http://phys.org/