I Shopped at Target, Now What?

So you shopped at Target between Nov. 27 and Dec.15, now what should you do? Here is some information that may help.

If your card information was compromised you are likely to notice small charges on your statement that show someone is testing out your card or targeted email scams. Be sure to look at your charges on your card and specifically for your debit card and make sure you change your PIN.

If you notice activity call your bank or credit card company and Target. They will report the activity to your credit card companies and call Target at (866) 852-8680.

I would recommend cancelling your card and requesting a new number.  In addition it will be necessary to continue to monitor your account for the next six months for fraud.

Q: I shopped at Target during that time. What should I do?

A: Check your credit card statements carefully. If you see suspicious charges, report the activity to your credit card companies and call Target at 866-852-8680. You can report cases of identity theft to law enforcement or the Federal Trade Commission.

You can get more information about identity theft on the FTC's website at www.consumer.gov/idtheft, or by calling the FTC, at (877) IDTHEFT (438-4338).

Q: How did the breach occur?

A: Target isn't saying how it happened. Industry experts note that companies such as Target spend millions of dollars each year on credit card security, making a theft of this magnitude particularly alarming.

Experts disagree about how the breach might have happened. Avivah Litan, a security analyst with Gartner Research, says given all the security, she believes the breach may have been an inside job.

But thefts of this size are too big to be the work of company employees, says Ken Stasiak, founder and CEO of Secure State, a Cleveland-based information security firm that investigates data breaches like this one. Stasiak says that such breaches are generally perpetrated by organized crime or an overseas, state-sponsored hacker group.

Stasiak's theory is that the hackers were able to breach Target's main information hub and then wrote a code that gave them access to the company's point of sale system and all of its cash registers. That access allowed the hackers to capture the data from shoppers' cards as they were swiped.
James Lyne, global head of security research for the computer security firm Sophos, says something clearly went wrong with Target's security measures.

"Forty million cards stolen really shows a substantial security failure," he says. "This shouldn't have happened."

Q: Who pays if there are fraudulent charges on my account?

A: The good news is in most cases consumers aren't on the hook for fraudulent charges.
Credit card companies are often able to flag the charges before they go through and shutdown your card. If that doesn't happen, the card issuer will generally strip charges you claim are fraudulent off your card immediately.

And since the fraud has been tied to Target, it'll be the retailer that ultimately compensates the banks and credit card companies.

Q: How can I protect myself?

A: Like they say, cash is king. You can only lose what you're carrying, though admittedly many people may not feel safe walking around with a wad of bills in their pocket.

As stated before, credit card companies don't hold consumers liable for charges they don't make. Usually the worst thing consumers have to deal with is the hassle of getting a new credit card.
And the paper trail generated through credit card transactions can often make it easier do things such as return items you've purchased, or keep track of work-related expenses.

It's worth noting that while debit cards offer many of the same perks as credit cards, without the worry that you'll spend more than what's in your bank account, they often don't come with the same kind fraud protections.

As a result, those card holders may have a tougher time getting their money back if their number is stolen.

Q: How much is this going to cost Target?

A: It's too soon to tell. In addition to the fraud-related losses, banks may start charging Target a higher merchant discount rate, which is the amount retailers pay banks for providing debit and credit card services. While the percentage difference may be tiny, it could result in steep costs given the volume of transactions Target does, Litan says.

Litan added that the company could also face class action lawsuits from consumers, though most of them will be meritless, and fines from federal agencies. When combined, the costs of the breach could be so steep that they actually prompt Target to raise prices, she says.

"The real winner in this is Wal-Mart," she says.

Q: Can the bad guys be caught?

A: Stasiak says that given the sophistication of this attack, there's only about a 5 percent chance that the perpetrators will eventually be caught and prosecuted.

He notes that in cases like this, it's hard to determine where the attack originated and given the large mass of information involved it's not going to be found housed on someone's home computer.

Q: How can future breaches be prevented?

A: Litan says an easy way to prevent fraud would be to eliminate the use of easily cloned magnetic strip cards and upgrade to the kind of microchip technology used in most other parts of the world.
But she says banks have pushed back against the idea, because the microchip cards cost significantly more than the magnetic strip version and changing over all the country's ATMs could drive the total costs into the billions of dollars.

Lyne says it's unclear if the use of microchip cards would have prevented the Target breach, since it's unclear how it happened, but that it certainly wouldn't hurt.

Q: Why is the Secret Service investigating?

A: While it's most famous for protecting the president, the Secret Service also is responsible for protecting the nation's financial infrastructure and payment systems. As a result, it has broad jurisdiction over a wide variety of financial crimes. It isn't uncommon for the agency to investigate major thefts involving credit card information.

China Explores the Moon

This is not really a tech story that this blog handles normally however tech news slows down during the holidays and I wanted no one to miss this story so I decided to write a little about it here.

This past Saturday, December 14, China became only the third nation (after the U.S. and Russia) to accomplish a soft-landing on the moon, which is an amazing task.

What Does This Mean for the U.S. Space Program?

If China is successful with their new space program and they decide to focus on Mars and landing on an asteroid it will probably kick off a new space race, this time between the United States and China as Sputnik did in 1957 between the U.S. and the Soviet Union.

 Back to China's Moon Mission

In order to move the moon probe into a gentle landing, the Chinese lander was equipped with state-of-the-art mini rockets, which allowed it to gently hover above the lunar surface.  This allowed it to avoid small boulders and large rocks that litter parts of its Sinus Iridum (Bay of Rainbows) landing site.
 

The successful landing occurred at 8:11 a.m. EST.

_{Chang'e 3 used its hovering jets to touch down softly on Saturday. [Image Source: News.cn]}

Using its high-resolution imaging and hovering capabilities, the craft safely touched down in the Bay of Rainbows, a basalt sand/rock crater plane in the Lunar north.  After landing safely, the Yutu ("Jade Rabbit") rover climbed off the Chang'e 3 spacecraft without issue on Saturday, snapping pictures.

_{Chang'e 3, post-landing. [Image Source: News.cn]}

The Yutu rover stands roughly 5 feet and features a six-wheel independent bogie-style suspension, similar to the rovers that the NASA used to rove the moon in decades past. It has been nearly four decades since the U.S. and Russia last roamed the moon. 

 

_{A picture of the offloaded rover is snapped by Chang'e 3 [Image Source: CCTV]}

 

China's first and second Lunar probes provided mankind with unprecedented map of the Lunar surface.  Over the next few months Yutu will add yet more insight, "tasting" the chemicals in Lunar rock and exploring the Lunar dirt/crust with ground-penetrating radar. 

 

 

The lander is powered by a radioisotope heater, while the rover is powered by a solar panel.  Both will only operate by day to safeguard their sensitive electronics from the chilling northern Lunar night.

You can be assured that the United States Space Program will be watching this closely and we can all hope that we, as a nation will be exploring the stars again with a new inspired mission we can all collectively get excited about.

Target Customers Beware

Living in a digital world does not comes without it's dangers and if you recently shopped at Target it just got a little scarier. Happy Holidays from the cybercriminals.

That is because credit and debit card information of many Target customers have apparently been stolen during the Black Friday weekend, according to reports. In fact this may be been continued for another two weeks after black Friday weekend.

The thieves got access to data stored on the magnetic stripe on the back of the credit and debit cards through card swiping devices that could have been tampered with at the retailer's stores. This fact was reported by the Wall Street Journal on Wednesday, citing people familiar with the matter.

This is a real security problem because it is the data on the stripe which can be used to make counterfeit cards. If the thieves also intercepted PIN (personal identification number) data for debit transactions, they would have the ability to reproduce stolen debit cards and use them to withdraw cash from bank accounts through ATM's.

Millions of cardholders could be vulnerable as a result of the breach that is believed to have affected about 40,000 card devices at store registers, the Journal said, citing people familiar with the incident. The breach extends to nearly all Target locations in the United States.

If you have shopped at any Target store from late November through today I would recommend that you cancel the card you used there and have a new one issued. Also double and triple check your account (you used) and your bank account if it was a debit card.

Surface Sales Surging This Season?

Here is some good holiday cheer for Microsoft. I have been a proud user of first the Microsoft Surface then the Surface Pro 2 tablet. This mobile device is much more then a tablet and performs in many ways like a really good laptop. I have been able to travel several times exclusively with this device which is really saying something because I often need to provide remote support, work on webpage design in addition to all of the other work related tasks many of us do when away from the office. The Surface can also compete in many ways with the iPad as well in respect to consumer tasks, although it is in this area where Microsoft is still working to catch up.

Now it appears that Microsoft’s Surface Pro 2 and Surface 2 tablets are selling very well. Many retailers are sold out with just over a week to go until Christmas. It’s unclear whether Microsoft built smaller quantities of tablets and might be manufacturing the sellouts, or whether the company is actually enjoying a hot streak with Surface Pro 2 and Surface 2 sales. I tend to believe it is selling well, simply because I believe it is a very good solution for those who want a good mobile solution that performs well for both work and home.

Either model is listed as “sold out” on Microsoft’s online store, no matter which configuration buyers try to purchase. The same goes for Walmart’s online store and Best Buy’s retail stores – interestingly though, Best Buy’s website shows the devices as available. According to a Best Buy salesperson in New York City, the new Surface tablet is “extremely popular” with shoppers, although no actual sales numbers were provided by the stores. Amazon, on the other hand, still has Surface Pro 2 and Surface 2 units for sale, although "stock is limited".

Interestingly, Microsoft is not willing to reveal sales numbers for its new Surface tablets. “With regards to specific inventory levels or sales numbers we don’t comment on those specific figures,”

Microsoft Surface senior manager Ben Reed recently stated, “I would say that it’s our goal to get these two tablets into as many people’s hands as possible, and we’re actively working with manufacturing teams and retail partners to replenish stock where it’s been sold out as soon as possible.”

It’s not clear when more Surface stock will be available in these stores.

The Surface 2 and Surface Pro 2 are Microsoft’s second-generation Windows tablets, which were released on October 22nd.

You can learn more about the Microsoft Surface from these earlier blog articles I posted.

Much of this story was originally reported at Mashable.com.

FAA Looks to Expand New Cell Phone Use Policy

I have written about this story several times now and one final twist is here. I never accepted that mobile devices could impact airplanes in any meaningful technical way and I was thrilled to see that the FAA finally lifted that unnecessary restriction from passengers (on takeoff and landing). On a recent trip by air it was awesome to have US Airways simply direct everyone to switch their mobile devices to "airplane" mode for takeoff and again on approach for landing. The only restrictions at this point were the use of laptops (over 5lbs) which needed to be put away.

However it seems many are pushing for the use of "cell phone" while in flight. Now here - technology issues aside I believe that this should remain restricted. Airplanes are crowded places and the aggravation this will cause to those around someone carrying on a conversation (by phone) while in flight will more then likely lead to confrontations by frustrated passengers.

Regardless of my opinion here, the Federal Communications Commission is actually proposing a new rule, permitting cellphones in the air. Unsurprisingly, many, just like me are unhappy about the prospect of sitting next to a loud yapper for hours. However, help could be at hand, in the form of the Department Of Transportation. It may prohibit voice calls, for being unfair to consumers. I will stay on top of this ongoing story and keep you, my dedicated readers up to date. What do you think? Should we be allowed to talk on the cellphone while in flight?

Freedom in the Sky

Yesterday was the start of a even better relationship between me and the FAA. I have been flying my entire adult life and the silly notion that my mobile device could cause dangerous havoc has always astounded me. Sure it was only an inconvenience to have to shut down my iPhone or tablet or Kindle on take off and landing but I always believed that there was no real technical reason for this rule being there.

Airplanes are one of the most amazing machines ever built by mankind. Think about, at 6:50 AM the wife and I are in cold and foggy Philadelphia and by 10:00 AM we are enjoying Florida weather and walking through EPCOT at Walt Disney World. Also being heavily involved in the tech world the mere notion that mobile devices were dangerous to air travel bugged me.

My believe was made certain about a year ago when an off duty US Airways crew member sat on her iPhone texting away as we took off on our flight while everyone else of course had turned there's off.

Anyway as I reported a couple of months ago the FAA has finally lifted this silly rule. Yesterday was my first flight where the passengers were simply directed to switch their mobile devices to "airplane mode". Airplane mode turns of the cellular and wireless services on your devices, but they continue to function otherwise. This means you can read you Kindle, listen to music, work on that critically important document or watch a movie on your iPad.

Laptops (anything over 5 labs) are still required to be put away during takeoff and landing which is simply so they do not start flying around if things get a little bumpy. This rule I understand.

For me, what did I do this time on my first flight of tech freedom? I simply continued listening to music on my old iPhone while we took off and landed. Maybe next time I will read my Kindle or watch a movie.

The Big Question

But why was this silly rule imposed on us air travelers for so long? I have also felt that there was no technical or mechanical reason but one of "safety". Yesterday's flight proved this to me. As we were getting ready for takeoff and the crew were running down all of the safety rules (oxygen masks etc.) almost no one was paying attention. You guessed it, almost every passenger was reading, watching a video, playing a game or like me, listening to music.

Passengers do need to hear these safety rules - so I am predicting that once this behavior is observed by the airlines on a regular basis there will be a modification that requires something more from the air traveler. So stay tuned and watch for this to happen in a year or so.

Reversible USB on the Way!

Why this took so long I really do not know but it is finally here. Am I the only one excited about the new reversible USB plug which is seemingly on the way to the market next year.

 

 

The next generation of USB is currently being developed, according to a press release by USB 3.0 Promotor Group. The new connectors, known as Type Cs, will sport a number of new features, including a smaller and thinner design. However the feature that has me most excited is that it will be reversible. "Users will no longer need to be concerned with plug orientation/cable direction, making it easier to plug in,” the press release explains.

 

That might seem like a minor detail, but everyone knows the nuisance of fiddling to orient a USB plug the right way, which probably collectively consumes a fair amount of time across the global population. The ports are used for everything from computers to phones and even car sockets. This new USB feature follows in the footsteps of Apple’s “Lightning” connector for its most recent generations of mobile devices, which are reversible as well. 

 

Copies of the new USB will be sent out in early 2014 for a 45-day review period before being formally released onto the market.

U.S Senate Moves Towards Taxing Online Shoppers

Tax Laws Are Catching Up To The Internet

Shopping on the internet is about to get a little more expensive. For years many states did not charge taxes when shoppers made purchases on the internet. I saw the writing on the wall that this was really going to end when last September internet giant Amazon.com began charging PA sales tax for shoppers in our state.

I saw another sign of this when a retailer we do business with contacted me a few weeks ago stating that we would be receiving an invoice in respect to the tax that we "should have been charged" on a purchase.

Another shoe dropped late yesterday evening when the U.S. Senate passed legislation to force Internet retailers to collect sales taxes for state and local governments.

The vote was 69-to-27 in favor, and included senators from both major parties which demonstartes support on both sides of the aisle.  The vote sends the issue to the House of Representatives, where it must be passed in the same form before it can be presented to the president to be signed into law.

The Marketplace Fairness Act, allows U.S. states to force online retailers with more than $1 million in annual out-of-state sales to collect sales taxes from customers and remit them back to state and local governments.

The actual bill, introduced in the Senate ss S.743 and you can read it here. The House version is named H.R.684 and you can read that one here.

The End of the Internet?

Today, IANA (Internet Assigned Numbers Agency) announced that it had handed out two more /8 IPv4 assignments to APNIC (Asia-Pacific Network Information Centre). As a result, IANA is down to 5 /8s, triggering its special policy to hand out one address to each regional registrar (RIR). The 5 RIRs are AFRNIC (Africa), APNIC (Asia Pacific), ARIN (North America), LACNIC (Latin America) and RIPE (Europe).

IANA hands IP address space to the RIRs in chunks of /8s, who then pass it on to ISPs, who then pass it on to end users. Some large end users may approach their RIR directly, and some "legacy assignments" are managed by IANA directly.

But in the end, what does this all mean?

1 - Will the Internet stop working?

No. As a matter of fact, it is unlikely that the IPv4 internet will stop any time soon. It will likely happily exist next to the IPv6 internet. There are some transition mechanisms set up. While not pretty, the two "internets" can talk to each other via proxies and tunnels.

2 - Why do we run out of addresses?

IPv4 allows for about 4 billion addresses. There are about 6 billion people on the world... how many addresses do you need (phone, home, work...)? Its a simple math issue compounded by the fact that for efficient routing sake, we can't assign all addresses.

3 - A lot of IPv4 space is still unused. Why don't we use it more effectively?

The problem is not just that we are running out of addresses, even though that is the killer issue here. Assigning addresses more effectively would mean that assignments would become smaller and routing tables would become more complex. In order to make this work, we would have to essentially "renumber" the internet, and still be out of addresses at some point.

4 - What about legacy space? Does Apple really need a /8?

In the beginning of the Internet, IPv4 address space was handed out very liberally. Remember it was just an experiment? Some of the original participants still have large IPv4 assignments which they don't use efficiently. However, even if all of them are handed back, it would delay the problem only by 1-2 years at great expense to the effected companies (and they have contracts giving them the rights to use the address space). Some "legacy allocations" have been returned in the past

5 - What do I need to do today?

Relax. Nothing is going to happen fast. the RIRs still have space left, depending on the region a few month to a year. After that, it will get tricky. You may already find it harder to get IP address space. Eventually, your ISP may ask for some space back as they can't get new addresses from the RIR. Over time, IPv4 will get more expensive then IPv6.

6 - So I can just wait and do nothing?

No. What you should do tomorrow (maybe today?) is setup a test lab to familiarize yourself with IPv6. It is easy to get going. Ask your ISP if they support it (or when), or setup a tunnel with a free tunnel provider like Hurricane Electric [2] or Sixxs [3] (there are others). You need a plan on how to deal with it. Even if you don't need IPv6, maybe your business partners start using it and you need to connect to them via IPv6.

7 - Can't I just ignore it?

Remember why you are using IP in the first place? It allows you to connect to everything on the internet. In short: It keeps you in connected. Once these people expect IPv6 connectivity, you will likely have to move along with it. It is like any technology in that it ultimately has to support the business (and well... it is fun too!).

8 - What will change from a security point of view?

Everything and nothing. The most important change is probably the fact that NAT will become less important. Endpoint protection and carefully configured firewalls will become more important. Passive asset detection will become more important compared to active scanning. There is a lot of security gear you own that probably does a lousy job dealing with IPv6. Did I mention it requires a plan and testing?

Entering Blogtown

The West Chester Employee's Tech Blog is now featured at the Daily Local News Website. You can find us on the bottom right of the Daily Local News website and clicking on Blogtown.

Is Surface 2.0 in Our Future?

Microsoft & Samsung recently announced a very cool technology called "Surface 2.0", which I believe will take computing into a completly new direction for service oriented computing. Check out this recent demo and consider the possibilities.