Friday, February 28, 2014
Sunday, February 23, 2014
Thursday, February 20, 2014
Tuesday, February 18, 2014
Monday, February 17, 2014
Friday, February 14, 2014
Tuesday, February 11, 2014
Sunday, February 9, 2014
Friday, February 7, 2014
Pa. vendor confirms link to Target data probe
Getty Images: Patrick T. Fallon, Bloomberg
Customers purchase merchandise at a Target Corp. store opening ahead of Black Friday in Chicago on Nov. 28, 2013.
Internet security bloggers identified the cyber attack operation as the third-party vendor through which hackers accessed Target's customer information.
Fazio Mechanical Services Inc., of Sharpsburg, Pa., issued the statement late Thursday saying it was the victim of a "sophisticated cyberattack operation." The statement came days after Internet security bloggers identified it as the third-party vendor through which hackers accessed Target's computer systems.
Target has said it believes hackers initially gained access to its vast computer network through one of its vendors. Once inside, the hackers moved through the retailer's network and eventually installed malicious software into the company's point-of-sale system.
The series of hacks, experts believe, gave thieves access to some 40 million debit and credit card numbers, along with the personal information of another 70 million people.
Related: Target: Hackers attacked with stolen credentials
The new details about Target's breach illustrate just how vulnerable large corporations have become as they expand and connect computer networks to offer greater convenience and increase productivity.
U.S. Secret Service spokesman Brian Leary confirmed that Fazio Mechanical Services is being investigated, but wouldn't provide details.
Molly Snyder, spokeswoman for Minneapolis-based Target, declined comment citing the ongoing investigation.
Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, where Assistant U.S. Attorney Steve Schleicher, acting criminal division chief, declined comment on the Fazio link, in particular, and the overall investigation.
"Like Target, we are a victim of a sophisticated cyberattack operation," Ross Fazio, the company's president and owner, said in a statement. Fazio's company is cooperating with the Secret Service and Target to identify the possible cause of the breach, he said.
Fazio Mechanical Services also denied reports on blogs and other outlets that said the company remotely monitored heating, cooling and refrigeration for Target, which has about 1,800 stores nationwide.
Fazio's statement explained that his company has an electronic connection with Target, which it uses to submit bills and contract proposals.
Target has said hackers breached its systems during the holiday shopping season and stole about 40 million debit and credit card numbers and the personal information, including names, email addresses, phone numbers and home addresses of as many as 70 million customers.
Banks, credit unions and other entities that issued debit and credit cards have had to cancel and reissue cards, close transactions or accounts, and refund or credit card holders for transactions made with the stolen data.
Target has said its customers won't be responsible for any losses.
Related: Target: Data breach caught up to 70M customers
Thursday, February 6, 2014
That fake iPhone is probably full of lead
Reuters: Aly Song
Fake iPhones are displayed at a mobile phone stall in Shanghai August 11, 2011.
Many legitimate electronic devices contain some trace amounts of lead, cadmium and mercury, but counterfeit phones have "alarmingly high proportions of hazardous substances."
If you bought your phone through less-than-legitimate channels, beware: Fake phones are often full of lead. Why? Lead and tin have been used to solder components onto circuit boards since the 1940s. The European Union adopted regulations restricting lead, mercury, cadmium, and other hazardous substances in all imported electronic devices in 2003, so most brands have adapted to make their devices compliant. But some counterfeiters—and even legitimate brands—are still eschewing the safety restrictions.Many legitimate electronic devices contain some trace amounts of lead, cadmium and mercury, but counterfeit and substandard phones—that is, mobile devices passed off as a particular brand, and ones made to mimic the style of well-known brands—have “alarmingly high proportions of hazardous substances,” according to a report released this week by the Mobile Manufacturers Forum (pdf). They’re also quite common: In 2011, 125 million substandard and counterfeit phones were sold worldwide, and last year 148 million units were sold, the report estimates. Projected global cellphone sales for 2013 were 1.86 billion—suggesting that as many as 8% of all mobile devices sold last year could be substandard or counterfeit.
The number is much higher in some countries than others: In India, more than 20% of mobile phones on the market are counterfeit or substandard, and the Mobile Manufacturers Forum estimates that saturation in Tanzania has fluctuated between 10% and 20% in recent years. In Libya, an estimated 80% of mobile devices are smuggled into the country illegally, leaving the safety of their components unknown.
One Brazilian study referenced in the report tested five counterfeit phones for hazardous substances, and found lead and cadmium levels to be much higher than EU regulations allow:
You can find some tips for spotting a fake phone here, but the most useful indicator is also the simplest: If you find an iPhone that seems too cheap to be real, it probably isn’t. And it isn’t just your own safety that’s at risk.
Related: Apple’s admitting the “cheap” iPhone 5c failed by bringing back the iPhone 4
Related: Will Apple find enough consumers in China to buy its iPhone?
Related: Apple sold 10% fewer iPhones than predicted, and other reactions to Apple’s earnings
Wednesday, February 5, 2014
Report: Target Hackers Slipped In Via Vent ... Maintenance Company
Cybersecurity blogger Brian Krebs, who first broke the Target hack story in December, cited "sources close to the investigation" as saying that Fazio Mechanical Services, a company providing refrigeration and HVAC services to Target, was likely the vector through which the hackers attacked. It was previously known that an unspecified vendor's credentials had likely been pilfered, but this is much more specific — specific enough, in fact, that the company reportedly received a visit from the Secret Service.
It sounds a little strange, but in a way it's no different from a thief putting on one of the maintenance worker's overalls in order to sneak into a store. Companies like Fazio must work closely with customers' systems. Since their workers have to get in and out, they might have to sync with company payroll services, and so on.
Such companies may have a similar level of access to the people running Target's servers or managing a store — but may also have more lax security policies.
It seems, according to Krebs' sources, that the hackers tested the waters by uploading their credit card skimming software to a few stores on Nov. 15, then once the system showed itself to be working satisfactorily, installed it en masse on Nov. 28.
Target is working with Congress and federal authorities to track down the perpetrators of what has been called the largest single credit card credential theft of all time; at least 40 million people had their card information stolen, and millions more had phone numbers and addresses leaked. At the same time, the company will be determining the extent of its financial responsibility for the breach: estimates put its potential losses in the hundreds of millions.
Update these 5 items on your résumé
By Debra Auerbach, CareerBuilder writer
When it comes to your résumé, it's smart to periodically revisit and refresh it, even if you aren't looking for a new job at that moment. Having a current résumé will come in handy should you find yourself in a position where you need or want a new job right away.
No need to panic that your résumé needs a total overhaul. There are a few basic items that you can update easily. Here are five:
1. Contact information
This might seem like an obvious one, but if you haven't touched your résumé in a while, you may still have your old address or cellphone number on there. Also, check to see which email address you've included; you want the email address on your résumé to be as professionally sounding as possible. If your email address is still likestoparty28@hotmail.com, it's time to create a new one. Consider [first name].[last name]@hotmail.com instead.
2. Objective statement
Your objective statement may be up-to-date, well thought out and well written. The problem? You have an objective statement in the first place. Objective statements are outdated and are being replaced by professional summaries or summaries of qualifications. The difference between the two is that objective statements talk about what you want in a job; professional summaries recap your job-seeker "brand" and explain why you're the right fit for the position in question. Since this is usually the first thing hiring managers will read on your résumé, you want to make sure it grabs their attention and makes them want to learn more about your skills and qualifications.
3. Skills/areas of expertise section
The skills or areas of expertise section is usually where you list out in bullets everything you're proficient at; so anything from a certain Web design program you've mastered to your negotiating skills. Take a look at your list to make sure you can still confidently say you excel at all those skills, and see if there are any new skills you've acquired that you'd like to add. Also think about the "So what?" for each skill listed; if you can't answer or speak in depth about your expertise, don't include it. Something else to consider? Removing this section all together and incorporating your skills into the professional summary/summary of qualifications section.
4. Education
You may be proud of your 3.9 GPA or that you graduated with honors. And if you're entry level, you should include such achievements, along with relevant coursework, on your résumé. However, if you're an experienced job seeker, it's no longer necessary to mention your GPA or go into specifics about what classes you took as an undergrad. Instead, keep this section simple, listing the college you went to and its location, the degree(s) you graduated with and years attended.
Of course, if you recently went back to school to obtain a post-graduate degree or certification, that information should be included, especially if it shows how you have gained skills that will help you succeed at the job for which you're applying.
5. Formatting
With the limited amount of space that you have to include your entire work and education history, it can be tempting to use a ton of different font sizes, bullets and section breaks to break up the content and keep it organized. If your résumé looks like an eye sore, it's time for a formatting refresh. Sleek and simple is the name of the game -- use easy-to-read fonts and clean formatting. You can use all caps or a different font color to emphasize section headers, but keep it consistent and stick with basic colors such as blue.
Sure, change is never easy, but with a few simple updates to your résumé, you'll be in good shape to tackle a new job search -- whether that's a few days, months or years down the road.
Debra Auerbach is a writer and blogger for CareerBuilder.com and its job blog, The Work Buzz. She researches and writes about job search strategy, career management, hiring trends and workplace issues.
Fact Check: Will Obamacare kill 2.3 million jobs?
AP Photo: Eric Gay, File
Rosemary Cabelo uses a computer at a public library to access the Affordable Health Care Act website in San Antonio on Dec. 11, 2013.
The nonpartisan Congressional Budget Office report says more than 2 million people will decide not to work, or will decide to work less, due to Obamacare – not that they will "lose their jobs."
House Majority Leader Eric Cantor falsely claims that a new report confirms the long-held Republican belief that "millions of hardworking Americans will lose their jobs," because of the Affordable Care Act. The nonpartisan Congressional Budget Office report says more than 2 million people will decide not to work, or will decide to work less, due to the law – not that they will "lose their jobs."
Shortly after the CBO released the report that updated, and nearly tripled, its initial estimate on the reduction in the supply of labor due to the Affordable Care Act, Cantor fired off two messages via Twitter.
Cantor, Feb. 4: The CBO's latest report confirms what Republicans have been saying for years now.
Under Obamacare, millions of hardworking Americans will lose their jobs and those who keep them will see their hours and wages reduced.
That's not what the CBO report said. The report estimated a reduction in full-time-equivalent employment of about 2.3 million by 2021. But the drop is "almost entirely" due to a reduction in "the amount of labor that workers choose to supply" (see pages 117-127).
CBO, Feb. 4: The estimated reduction stems almost entirely from a net decline in the amount of labor that workers choose to supply, rather than from a net drop in businesses' demand for labor, so it will appear almost entirely as a reduction in labor force participation and in hours worked relative to what would have occurred otherwise rather than as an increase in unemployment (that is, more workers seeking but not finding jobs) or underemployment (such as part-time workers who would prefer to work more hours per week).
That last part — which notes that the drop is not due to an increase in unemployment or underemployment — makes clear that comments like Cantor's are misleading.
Back in August 2010, the CBO estimated the health care law would "reduce the amount of labor used in the economy by a small amount — roughly half a percent," a percentage CBO Director Douglas Elmendorf later pegged at 800,000 jobs. When Republicans, including Michele Bachmann, misused that report to claim the ACA would "kill 800,000 jobs," we noted that the figure was mostly due to some Americans deciding to work less.
Why? The CBO has explained that those with low incomes would have more financial resources due to the expansion of Medicaid and subsidies to purchase health insurance, which would "encourage some people to work fewer hours or to withdraw from the labor market."
Plus, the CBO said, some workers nearing retirement will retire earlier than normal because the law provides more protections for health insurance, such as limiting how much more companies can charge older people and requiring the coverage of preexisting conditions. In other words, the law will allow people the ability to leave their jobs or cut back their hours without fear of losing their health insurance.
Republicans also have made claims before about the ACA leading to an increase in part-time employment, but our previous analysis of trends in the number of people working part-time for economic reasons didn’t bear that out. And the CBO report confirms that "there is no compelling evidence that part-time employment has increased as a result of the ACA."
CBO, Feb. 4: In CBO's judgment, there is no compelling evidence that part-time employment has increased as a result of the ACA. On the one hand, there have been anecdotal reports of firms responding to the employer penalty by limiting workers’ hours, and the share of workers in part-time jobs has declined relatively slowly since the end of the recent recession. On the other hand, the share of workers in part-time jobs generally declines slowly after recessions, so whether that share would have declined more quickly during the past few years in the absence of the ACA is difficult to determine.
In any event, because the employer penalty will not take effect until 2015, the current lack of direct evidence may not be very informative about the ultimate effects of the ACA.
In fact, the CBO report says in the short term (2014 to 2016) the law will increase employment while the economy is still weak.
With unemployment expected to remain higher than normal over the next few years, the CBO states, even if some people decide to work less, "other applicants will be readily available to fill those positions and the overall effect on employment will be muted." Meanwhile, the report notes, health care subsidies to low-income Americans will lead to those people spending money on other things — which will create jobs.
CBO, Feb. 4: [T]he ACA's subsidies for health insurance will both stimulate demand for health care services and allow low-income households to redirect some of the funds that they would have spent on that care toward the purchase of other goods and services — thereby increasing overall demand. That increase in overall demand while the economy remains somewhat weak will induce some employers to hire more workers or to increase the hours of current employees during that period.
The CBO report does provide some new fodder for Republicans who criticize the law for providing disincentives to work, much like other social welfare programs such as food stamps and welfare. The CBO says the ACA’s sliding scale of subsidies based on income will provide incentives for some not to work, or to work less, in order to avoid losing out on health care subsidies.
CBO, Feb. 4: Subsidies that help lower-income people purchase an expensive product like health insurance must be relatively large to encourage a significant proportion of eligible people to enroll. If those subsidies are phased out with rising income in order to limit their total costs, the phaseout effectively raises people's marginal tax rates (the tax rates applying to their last dollar of income), thus discouraging work. In addition, if the subsidies are financed at least in part by higher taxes, those taxes will further discourage work or create other economic distortions, depending on how the taxes are designed.
Finally, we should note that the CBO cautions that its ACA projections are "highly uncertain," due to the government's "limited experience with this type of program" as well as the "many uncertainties about how the market for health insurance will function under the ACA." Nonetheless, to twist the CBO’s projections on voluntary job reductions into job losses is misleading.
Related: Obamacare to cut work hours by 2 million jobs: CBO
Shortly after the CBO released the report that updated, and nearly tripled, its initial estimate on the reduction in the supply of labor due to the Affordable Care Act, Cantor fired off two messages via Twitter.
Cantor, Feb. 4: The CBO's latest report confirms what Republicans have been saying for years now.
Under Obamacare, millions of hardworking Americans will lose their jobs and those who keep them will see their hours and wages reduced.
That's not what the CBO report said. The report estimated a reduction in full-time-equivalent employment of about 2.3 million by 2021. But the drop is "almost entirely" due to a reduction in "the amount of labor that workers choose to supply" (see pages 117-127).
CBO, Feb. 4: The estimated reduction stems almost entirely from a net decline in the amount of labor that workers choose to supply, rather than from a net drop in businesses' demand for labor, so it will appear almost entirely as a reduction in labor force participation and in hours worked relative to what would have occurred otherwise rather than as an increase in unemployment (that is, more workers seeking but not finding jobs) or underemployment (such as part-time workers who would prefer to work more hours per week).
That last part — which notes that the drop is not due to an increase in unemployment or underemployment — makes clear that comments like Cantor's are misleading.
Back in August 2010, the CBO estimated the health care law would "reduce the amount of labor used in the economy by a small amount — roughly half a percent," a percentage CBO Director Douglas Elmendorf later pegged at 800,000 jobs. When Republicans, including Michele Bachmann, misused that report to claim the ACA would "kill 800,000 jobs," we noted that the figure was mostly due to some Americans deciding to work less.
Why? The CBO has explained that those with low incomes would have more financial resources due to the expansion of Medicaid and subsidies to purchase health insurance, which would "encourage some people to work fewer hours or to withdraw from the labor market."
Plus, the CBO said, some workers nearing retirement will retire earlier than normal because the law provides more protections for health insurance, such as limiting how much more companies can charge older people and requiring the coverage of preexisting conditions. In other words, the law will allow people the ability to leave their jobs or cut back their hours without fear of losing their health insurance.
Republicans also have made claims before about the ACA leading to an increase in part-time employment, but our previous analysis of trends in the number of people working part-time for economic reasons didn’t bear that out. And the CBO report confirms that "there is no compelling evidence that part-time employment has increased as a result of the ACA."
CBO, Feb. 4: In CBO's judgment, there is no compelling evidence that part-time employment has increased as a result of the ACA. On the one hand, there have been anecdotal reports of firms responding to the employer penalty by limiting workers’ hours, and the share of workers in part-time jobs has declined relatively slowly since the end of the recent recession. On the other hand, the share of workers in part-time jobs generally declines slowly after recessions, so whether that share would have declined more quickly during the past few years in the absence of the ACA is difficult to determine.
In any event, because the employer penalty will not take effect until 2015, the current lack of direct evidence may not be very informative about the ultimate effects of the ACA.
In fact, the CBO report says in the short term (2014 to 2016) the law will increase employment while the economy is still weak.
With unemployment expected to remain higher than normal over the next few years, the CBO states, even if some people decide to work less, "other applicants will be readily available to fill those positions and the overall effect on employment will be muted." Meanwhile, the report notes, health care subsidies to low-income Americans will lead to those people spending money on other things — which will create jobs.
CBO, Feb. 4: [T]he ACA's subsidies for health insurance will both stimulate demand for health care services and allow low-income households to redirect some of the funds that they would have spent on that care toward the purchase of other goods and services — thereby increasing overall demand. That increase in overall demand while the economy remains somewhat weak will induce some employers to hire more workers or to increase the hours of current employees during that period.
The CBO report does provide some new fodder for Republicans who criticize the law for providing disincentives to work, much like other social welfare programs such as food stamps and welfare. The CBO says the ACA’s sliding scale of subsidies based on income will provide incentives for some not to work, or to work less, in order to avoid losing out on health care subsidies.
CBO, Feb. 4: Subsidies that help lower-income people purchase an expensive product like health insurance must be relatively large to encourage a significant proportion of eligible people to enroll. If those subsidies are phased out with rising income in order to limit their total costs, the phaseout effectively raises people's marginal tax rates (the tax rates applying to their last dollar of income), thus discouraging work. In addition, if the subsidies are financed at least in part by higher taxes, those taxes will further discourage work or create other economic distortions, depending on how the taxes are designed.
Finally, we should note that the CBO cautions that its ACA projections are "highly uncertain," due to the government's "limited experience with this type of program" as well as the "many uncertainties about how the market for health insurance will function under the ACA." Nonetheless, to twist the CBO’s projections on voluntary job reductions into job losses is misleading.
Related: Obamacare to cut work hours by 2 million jobs: CBO
Tuesday, February 4, 2014
Report fuels Obamacare debate with estimates of job loss
By Tom Curry, NBC News
Chairman of the Council of Economic Advisers Jason Furman reacts to a Congressional Budget Office report on the estimated impact of the Affordable Care Act on the U.S. labor market.
Even though total employment will increase over the coming decade, the CBO said, “that increase will be smaller than it would have been in the absence of the ACA.”
Four health-care takeaways from the Congressional Budget Office report
Elmendorf also told reporters that the employer mandate – the requirement that firms offer health insurance to workers– “will reduce the demand for labor in the short term because employers face this extra cost. It is analogous in some ways to raising the minimum wage.”
The CBO report said that “workers will choose to supply less labor—given the new taxes and other incentives they will face and the financial benefits some will receive.”
Both sides of the Obamacare debate used the new findings to buttress their arguments, with House Speaker John Boehner saying that Republicans had argued for years that “the president's health care law creates uncertainty for small businesses, hurts take-home pay, and makes it harder to invest in new workers. The middle class is getting squeezed in this economy, and this CBO report confirms that Obamacare is making it worse.”
But Obama spokesman Jay Carney said the CBO analysis was incomplete. The budget office, he said, did not take into account the beneficial effect of slower health care cost growth due to the ACA,
“Experts have estimated that slower growth in health costs due to the ACA will cause the economy to add an additional 250,000 to 400,000 jobs per year by the end of the decade,” he said.
“Moreover, CBO does not take into account positive impacts on worker productivity due to the ACA's role in improving workers' health, including reduced absenteeism.”
Senate grills Target CFO on data breach
Julianne Pepitone NBC News
Steven Senne / AP
Mulligan apologized twice in his opening remarks for the breach, saying the retailer is "deeply sorry." He reiterated that Target is "undertaking an end-to-end review of our entire network."
The hearing focused broadly on data breaches, not only the attack on Target. Sen. Chuck Grassley, R.-Iowa, noted the committee is concerned that several retailers have suffered attacks recently.
The Target breach grabbed the most headlines due to its massive size, but Neiman Marcus and possibly craft retailer Michaels also suffered breaches in similar attacks last year. The FBI reportedly warned retailers that it uncovered about 20 attacks similar to the one at Target.
"This attack has only strengthened our resolve," Mulligan said in his opening statement.
At the hearing -- which also included testimony from representatives of security firms, Neiman Marcus and several government agencies -- Mulligan provided more details about the timeline of the attack. He also laid out Target's plans to boost security.
The Senate panel spoke at length about a major part of that plan: Target now plans to implement chip-and-PIN technology in its own credit cards by early 2015, about six months earlier than its previous goal. (Mulligan previewed those plans in an article he wrote for The Hill late Monday, ahead of the hearing.)
Chip-and-PIN
That chip-and-PIN technology Mulligan referenced adds a smart microchip embedded in the credit card. Customers use a PIN number — rather than a signature — to complete the transaction. If card numbers are stolen, it's more difficult for thieves to create new cards because the chips are tough to copy.
The chip-and-PIN system is widely used in Europe and Canada already. But U.S. retailers and credit-card issuers have been loath to spend the billions of dollars required to create an entirely new payment system.
Target itself launched an aborted campaign for chip-and-pin cards about 10 years ago, in a pilot program that involved its own Target Visa REDcard. Target canceled the effort after three years.
A chip-based system could add a level of security, but the technology wouldn't have stopped the 2013 Target breach or others like it, Dave Aitel, the CEO of security firm Immunity told NBC News.
The hackers reportedly used software to directly infect the card swipers that Target uses in its physical stores. This software, called a "RAM scraper," grabs credit card data as it is briefly unencrypted as it passes through the computer's memory.
"[Chip-and-PIN] isn't the final answer, and I think Target knows that on some level," Aitel said. "If the card data is stolen, unencrypted, [chip-and-PIN] is just as vulnerable to that type of attack. But it does make it more expensive for [thieves] to copy the card."
Fran Rosch, an executive at security firm Symantec, echoed Aitel's point in his own testimony on Tuesday.
"It's not a panacea," Rosch said.
Still, he pointed out that chip-and-PIN technology keeps card data encrypted for a longer period. Plus, it's a form of what's called "two-factor authentication": added security that requires both something you have (the credit card) and something you know (the PIN number).
Mulligan, the Target CFO, spoke several times about the need for industry-wide solutions and support -- including banks, retailers and all other parts of the payments system.
"To prevent this from happening again, none of us can go it alone," he said. "We need to work together."
Difficult to legislate
Several of the witnesses testifying before the Senate on Tuesday will also appear at a similar House hearing on Wednesday.
In the House committee's memo about Wednesday's hearing, the group pointed out that federal law governs data security in only a handful of sectors: financial, health and children’s websites. But there is no federal law that mandates how breaches like Target's are handled.
The Senate Judiciary Committee members asked the panel on Tuesday about suggestions for legislation or other guidelines related to data breaches.
But Rosch, the Symantec executive, warned that any rules need to be "flexible enough" to account for the fact that technical attacks are ever-changing.
Michael Kingston, the chief information officer at Neiman Marcus, agreed.
"Standards are helpful," Kingston testified on Tuesday. "But as soon as we establish standards, the whole world knows about it ... and can come up with ways to defeat those standards."
Julianne Pepitone is a senior technology writer for NBC News Digital. Previously she was a staff writer at CNNMoney, where she covered large tech companies including Apple and Google, as well as the intersection of tech and media. Follow Julianne on Twitter at @julpepitone or email her at julianne.pepitone@nbcuni.com.
Subscribe to:
Posts (Atom)