melamacrae00

EBay initially believed that its customers' data was safe as forensic investigators reviewed a network security breach discovered in early May and made public last week.

EBay has come under fire over its handling of the cyber attack, in which hackers accessed personal data of all 145 million users, ranking it among the biggest such attacks launched on a corporation to date.

"For a very long period of time we did not believe that there was any eBay customer data compromised," global marketplaces chief Devin Wenig said, in the first comments by a top eBay executive since the e-commerce company disclosed the breach.

EBay moved "swiftly to disclose" the breach after it realised customer data was involved, he said.

Wenig would not say when the company first realised that the cyber attackers accessed customer data, nor how long it took to prepare last week's announcement.

He said hackers got in using the credentials of three corporate employees, eventually making their way to the user database.

The attackers accessed email addresses and encrypted passwords belonging to all eBay users. "Millions" of users have since reset their passwords and the company had begun notifying customers, though it would take some time to complete that task, Wenig said.

"You would imagine that anyone who has ever touched eBay is a large number," he said. "So we're going to send all of them an email, but sending that number all at once is not operationally possible."

At least three US states are investigating the company's security practices, and New York's attorney general called on eBay to provide free credit monitoring services to users.

But the internet retail giant has no plans to compensate customers or offer free credit monitoring for now because it had detected no financial fraud, Wenig said.

Wenig declined comment when asked if he thought eBay had good security prior to the breach. He said the company would now bolster its security systems, and has mobilised senior executives in a subsequent investigation of the attack.

"We want to make sure it doesn't happen again so we're going to continue to look our procedures, harden our operational environment and add levels of security where it's appropriate."

The breach marked the latest headache for eBay this year. In January, it crossed swords publicly with activist investor Carl Icahn, who mounted a campaign to get it to spin out PayPal. Then in April, the e-commerce company disappointed investors with a weak second-quarter outlook, pressuring its shares.

Avoiding back doors

Buying and selling activity on eBay remained "fairly normal" though eBay is still working out the cost of the breach, which included hiring a number of security firms. Wenig, who was previously a senior executive at Thomson Reuters, declined to comment on whether the cost could be material to eBay's results.

Wenig's revelation that the company initially believed that no customer data had been compromised might take some of the heat off eBay's executive team.

Cyber forensics experts said it's not uncommon for large companies to take weeks to grasp the full impact of an attack, because hackers are often able to steal data without leaving obvious clues.

"In some cases you go in and find the smoking gun immediately. Other times, it takes a few days or even a few weeks," said Kevin Johnson, a cyber forensics expert who was not involved in the eBay investigation but has worked for other Fortune 500 companies.

Daniel Clemens, a forensics expert and CEO of Packet Ninjas, said investigators often ask companies to hold off on disclosure until they believe they understand the full extent of an attack.

Otherwise, they risk tipping off attackers who might cover their tracks or leave "back doors" so they can return after the investigators complete their probe.

Last week, the e-commerce company announced that hackers raided its network between late February and early March. The company said financial information was not compromised and its payments unit PayPal was not affected.

When eBay first discovered the network breach in early May, the senior team was immediately involved and held multiple daily calls on the issue. EBay staff have been working around the clock since then.

Wenig said he could not provide much more detail about what happened in the attack beyond the scant information given out so far.

He declined to provide further specifics, citing ongoing investigations by the Federal Bureau of Investigation and several forensics firms including FireEye's Mandiant division.

The article above is a repost from Abney and Associates.

Forscher haben einen besseren Weg schlecht Klicks herausgreifen, Blick auf Werbeeinnahmen pro Benutzer gefunden.

Eine Gruppe von Forschern haben geplant, dass einen Algorithmus heißt Hilfe Werbe-Netzwerke besser betrügerische Klicks erkennen könnte.

Betrüger haben ausgefeilte Möglichkeiten, Klick-Betrug zu begehen, die umfasst das Verwenden verschiedener Methoden zum Generieren gefälschte Klicks auf anzeigen, betrug Inserenten entwickelt. Digital marketing Umsatz sind schnell wachsende und US$ 36 Milliarden im Jahr 2012 in die USA, nach dem Interactive Advertising Bureau überschritten.

Werbe-Netzwerke sind geheimnisvoll über die Technologien, die sie verwenden, klicken Sie auf Spam zu stoppen. Oft, es geht um herausfiltern Angriffe, z. B. wenn kommen Tausende von Klicks auf eine Anzeige von einer einzelnen IP-Adresse. Aber defensive Bewegungen noch vermissen Angriffe, Inserenten Geld zu verschwenden.

Die Forscher-Algorithmus, genannt Viceroi, ist kostenlos und kann von Werbe-Netzwerke verwendet werden. Viceroi sucht nach Verlagen, die pro Benutzer ungewöhnlich hohe Einnahmen, haben die einen Hinweis auf Betrug sein können. Für ihr Experiment wurde Viceroi mit eine großen Ad-Netzwerk getestet kennzeichnen mehrere hundert Verlage als Verdächtigen aus Zehntausende nach ihrer Forschungsarbeit.

Vacha Dave, Postdoktorand an der University of California in San Diego und Co-Autor des Papiers, sagte im Interview Donnerstag, dass pro Benutzer Einnahmen Preise an einige Verlage viel höher als die von Google oder Microsoft gesammelt wurden.

Viceroi funktioniert, weil die Wirtschaftlichkeit von Klick-Spam. In einer Variation des Betrugs kannst jemand anderem ein Klick-Spammer eine Gebühr pro installieren, eine zweifelhafte Suchleiste entwickelt, um Menschen zu ihrer Werbung direkt zu verteilen bezahlen.

Der Symbolleiste Suchergebnisseite ist mit Werbung gefüllt, da der Klick-Spammer will den Benutzer so weit wie möglich zu nutzen, bevor das Tool deinstalliert wurde. Aber die steigenden pro-Benutzer-Einnahmen auf ein Verlags-Website von Viceroi entdeckt werden würde.

Viceroi, schlagen die "Klick-Spammer müssen reduzieren ihre Einnahmen pro Benutzer dazu von einem ethischen Verleger. Zu welchem Punkt, ohne den wirtschaftlichen Anreiz zum Ausgleich des Risikos erwischt zu werden, der Nettoeffekt ein Hemmnis, klicken Sie auf Spam zu begehen ist,"sagte die Zeitung.

Nicht alle Verlage sind unbedingt Verschulden, wenn sie ungewöhnlich hohe pro-Benutzer-Umsatz haben. Es gibt eine Menge Verkehr Vermittlung im Internet, und es ist oft schwer zu sagen, wo sich User-Traffic stammt, sagte Saikat Guha von Microsoft Research India, wer ist Mitautor des Papiers. Werbenetze Lehren aus Viceroi welche Verlage zu untersuchen.

"Einige der Verlage auf jeden Fall genutzt werden sind," sagte Guha. "Unsere Aufgabe ist zu helfen, den schlechten Datenverkehr zu finden."

Die Forschungsarbeit, auch Autor von Yin Zhang von der University of Texas at Austin, werden vorgestellt, auf der ACM Conference on Computer and Communications Security in Berlin, die 4 bis 8 November stattfinden wird.

Source link

The web was supposed to free our minds: instead, it has loaded us down with timeline trivia. No wonder self-destructing communication services have sprung up

Not so long ago, I took a year out with my small children and put most of my belongings into storage. When my time was up, I found myself back in storage staring at a pile of possessions that felt something like Rachel Whiteread's House, but with little idea what it included. The only thing I'd actually missed was my Collins guide to snakes, which for various reasons is handier than the internet.

Accumulation is a familiar tale; few of us in the privileged west don't have an attic, garage or spare room stuffed with things we can't admit we don't need. And the problem now extends to our digital lives, equally stuffed with things we've long since forgotten about, have duplicated in some form or simply don't have the time to revisit.

Facebook is just one culprit subtly reinforcing the document-it-all mentality of the current state of the web. Just last week, the company spent a portentous 90 minutes briefing the press about a news feed tweak that will bump "important" but unread older posts to the top of the feed. Given that Facebook claims that 700 million people read its news feed every day, the impact of tweaks at this scale can't be dismissed. But, like every other advertiser-driven site, is the goal of pulling more users into more pages really the most sophisticated way forward?

This bloated, unmanageable web of now, overloaded with more than we can read, or share, or like, is unsustainable. Facebook's team of 30 or so news feed engineers would argue that their powerful rankings are constantly improving the search for "interestingness", but the site's synthetic social, faux friendship, distorted reflection of real life does not and cannot document all the nuance of what truly matters to us. Where's the algorithm, or the app, that can meaningfully represent and distil life online and off, that can make sense of the complex constellation of our real lives?

Beyond a more sophisticated way of sorting this digital detritus, there is increasing promise in the growth of transient technology. In social networking, the app Snapchat has been lazily labelled a sexting app for teenagers, but the true use pattern is far more significant. Teens are sending photos and video of themselves that self-destruct after a few seconds – digital natives, it seems, aren't conditioned to cling and record every scrap of themselves. This is hugely significant in the evolution of the social web, a generation looking for liberation from unflattering search results, from parental scrutiny, from the precious, preening portfolios of Tumblr. Snap it, share it, forget it.

Viktor Mayer-Schönberger of Oxford University's internet institute has written compellingly of the human value of forgetting, of past events being allowed to fade with time so that we can concentrate on the present moment. Most of the internet's instant history does not allow for that; every fact, every conversation, every memory is a heartbeat away, with all the pain of a break-up email or the uncompromising recklessness of a drunken photo.

Being forgettable is as much a selling point as being undetectable online. While Snapchat's ephemeral nature is already being challenged by apps designed to save its content, auto-destruct is a key selling point of services such as Wickr and Gryphn (vowels seemingly being unavailable at time of naming). Gryphn sends secure text messages that can be set to self-destruct, and Wickr can also encrypt photos, video and audio using, it claims, "military-grade technology"; Mission: Impossible fans will enjoy watching their messages self-destruct.

For added bite, Wickr's co-founder Nico Sell told a reporter at the Black Hat hackers' convention last week that it had been approached by the FBI and asked for a back door into its data. "We said no," Sell said emphatically.

Encrypt it and then delete it. That's a powerful recipe for privacy and protection, though Wikr's claim does need further scrutiny, given that its founders including a former defence contractor and forensics investigator.

"Our private communications, by default, should be untraceable," Sell told the New York Times last year. "Right now, society functions the other way around."

This hunger for true privacy represents a way of living with a web that is more human, with the protections that private real-world conversations afford. For transience, too, a more gentle drift, fade and flux of our digital ephemera are attractive as a way of managing our currently unmanageable burden of data. Software should be freeing us up, not weighing us down. The web promised to free our cognitive load, as author Clay Shirky was wont to remark, opening up higher opportunities. The reverse has happened and now we are slaves to big data we are helping create.

I once, through bad luck and incompetence, lost everything on my personal hard drive and two backups. I was devastated at the time, the digital equivalent of losing my Rachel Whiteread everything in that storage centre. But I missed nothing from it at all and now I wonder what was even in those 30GB. Now I'm more ruthless about what I choose to keep and selectively store the important stuff in the cloud. But we need the software to do this sifting, sorting and suggesting for us. Internet, are you listening?