SAP Hybris adds facial recognition, Internet of Things-triggered campaigns and attribution – MarTech Today

SAP Hybris adds facial recognition, Internet of Things-triggered campaigns and attribution – MarTech Today

http://ift.tt/2hRbLIb

Last month, Germany-based SAP acquired consumer identity provider Gigya for its Hybris Marketing Cloud.

The move signaled that SAP is getting serious about identity management across its marketing and e-commerce platform, as marketers get ready for the Government Data Protection Regulation (GDPR) in May.

This week, SAP is introducing several new features to help distinguish itself from major competitors like Adobe or Salesforce. They include facial recognition, Internet of Things-based marketing, integrated attribution and full GDPR support.

The new capabilities include:

  • Facial recognition software that can determine a shopper’s gender and age, allowing targeted recommendations based on available inventory.
  • Internet of Things campaigns that can be triggered by data from a sensor in a “thing,” such as a message about new sneakers on sale when a consumer’s fitness tracker hits a milestone.
  • Customer attribution across channels, available as a single view. “Customer attribution embedded within a marketing platform is a real game changer,” Global VP Jackie Palmer told me via email.
  • Full support for GDPR.
  • Integration with WeChat, the messaging app that is popular in China.

Along with these new features, SAP is also announcing a version of Hybris for telecommunication and media industries, developed in conjunction with IBM. It provides a ready-to-use, regulation-compliant framework designed for such service providers’ needs as streamlining complex purchases.


Security News,IoT News

via IoT – Google News http://ift.tt/2pYPKZV

October 20, 2017 at 04:16PM

Everything Worth Knowing about Lockwire

Everything Worth Knowing about Lockwire

http://ift.tt/2hSFpN5

We were tipped off to an older video by [AgentJayZ] which demonstrates the proper use of lockwire also known as ‘safety wire.’ In high vibration operations like jet engines, street racers, machine guns, and that rickety old wheelchair you want to turn into a drift trike, a loose bolt can spell disaster. Nylon fails under heat and mechanical lock washers rely on friction which has its limits. Safety wire holds up under heat and resists loosening as long as the wire is intact.

Many of our readers will already be familiar with lockwire since it is hardly a cutting-edge technology — unless you are talking about the cut ends of lockwire which [AgentJayZ] warns will slice up your fingers if you aren’t mindful. Some of us Jacks-or-Jills-of-all-trades, with knowledge an inch deep and a mile wide, may not realize all there is to lockwire. In the first eight minutes, we’ll bet that you’ve gotten at least two inches deep into this subject.

[Editor’s Note: an inch is exactly 25.4 mm, if the previous metaphors get lost in translation. A mile is something like 2,933.333 Assyrian cubits. Way bigger than an inch, anyway.]

Now, those pesky loose bolts which cost us time and sighs have a clear solution. For the old-hands, you can brush up on lockwire by watching the rest of video after the break.

Thank you [Keith Olson] for the tip, and we’ll be keeping an eye on [AgentJayZ] who, to date, has published over 450 videos about jet engines.

If safety isn’t your highest priority, consider this jet engine on a bicycle or marvel at the intricacies of a printable jet engine.

Filed under: car hacks, Engine Hacks

Security News

via Hackaday https://hackaday.com

October 20, 2017 at 04:04PM

Credit card data breach hits Hyatt hotels — again

Credit card data breach hits Hyatt hotels — again

http://ift.tt/2yFSjrV

The Hyatt Corp. is no stranger to security breaches involving guest credit card data. Back in December 2015, the hotel chain experienced a massive credit card data breach that affected 250 hotels in 50 countries. While Hyatt at the time promised that they had taken significant steps to mitigate the damage and prevent further attacks, they have recently learned the hard way that hackers will always find a way.

As reported by Kaspersky Lab’s Threatpost, the hotel giant suffered another credit card data breach that directly targeted its customers. The breach affects 18 hotels in China, three hotels in the United States (specifically Hawaii), and an undefined number of hotels in India, Japan, and Saudi Arabia. Customers susceptible to the breach are those who stayed at Hyatt properties between March 18 and July 2.

According to Hyatt’s official statement by Chuck Floyd, global president of operations, the attack can be traced to “an insertion of malicious software code from a third party onto certain hotel IT systems.” Floyd went on to state that they estimated that only “a small percentage of payment cards used by guests who visited the group of affected Hyatt hotels during the at-risk time period.” Paradoxically, however, following this declaration Floyd admits that “the available information and data does not allow Hyatt to identify each specific payment card that may have been affected.”

As this is the case, it really isn’t clear as to how many individuals may have been affected by this credit card data breach, so every possible victim should monitor their credit card accounts carefully for unauthorized purchases. Hyatt assured that they have taken measures to prevent this from occurring again, just like in December of 2015, which is an exercise in futility. The threat needs to be understood as something dynamic and adaptable to changes in security, rather than a singular attack method that protocols alone can prevent.

In general, the hospitality industry has been dealing with complex and damaging attacks thanks to one singular network of criminals. As researchers at Trustwave note in an extensive report on the group’s attack methods, a large contingency of the hospitality industry has been targeted by threat actors deemed the “Carbanak gang.” This group is responsible for numerous high-profile incidents, from “stealing over $1 billion dollars from banks in 2015” to “orchestrating an attack on the Oracle Micros POS support site that put over one million Point of Sale systems at risk.” While the most recent attack against Hyatt has not been proven to be the Carbanak gang, it wouldn’t be far-fetched to believe that they could easily pull it off.

No matter who is pulling off the attacks, hotel chains need to brace for more cyberattacks in the future. As these previous breaches have shown, the attacks are quite effective, and until they are somehow prevented at a higher rate, they will continue to occur.

Photo credit: Wikimedia

The post Credit card data breach hits Hyatt hotels — again appeared first on TechGenix.

Security News

via Comments on: http://techgenix.com

October 20, 2017 at 03:05PM

Hack-back bill would legalize companies hacking their attackers

Hack-back bill would legalize companies hacking their attackers

http://ift.tt/2xc7Yvy

A couple of years ago, a counterterrorism expert had an idea: let’s arm US companies with cyber weaponry so they can hack-back cyberattackers, suggested Juan Zarate, a former US deputy national security advisor for counterterrorism during the administration of US President George W. Bush.

Mike Rogers, a former Republican congressman from Michigan and former FBI agent, said at the time that given the plethora of attacks coming from other nations, many businesses would wind up in over their heads in an escalating conflict – a nasty can of worms to open.

Besides, Rogers argued, who says that a given company has the capacity to track down culprits behind an attack? It’s not like all companies are adept at the forensics needed. Sources can be spoofed.

Figuring out the origin of an attack can hinge on subtle clues: what inference should be drawn, for example, in the similarities between the code in the WannaCry ransomware worm and the malware created by Lazarus, a hacking group believed to be linked to North Korea?

Nor is it a given that companies can launch a counter-attack that doesn’t wind up harming a slew of innocents. For example, a hack-back at the vast array of Internet of Things (IoT) devices that got sucked into the Mirai botnet would have seen attacks on home users’ cameras, with the perpetrators left unharmed.

Would we really want to empower an Equifax or a Yahoo, giving them a “cyberwarrant” that would grant private companies license to protect their systems, “to go and destroy data that’s been stolen, or maybe even something more aggressive,” as Zarate suggested?

Their histories of protecting their assets, after all, don’t inspire confidence. Why would we believe they have the ability to competently attack hackers without causing harm?

Rogers:

Some can do it very, very well. Some don’t have a clue of how to do it, but that wouldn’t stop them from [responding] anyway. How do you contain that?

Well, here’s how two legislators have contained the hack-back suggestion: they want to make it the law of the land.

As CNN Money reports, H.R.4036 – formerly called the Active Cyber Defense Certainty (ACDC) Act and informally called the hack-back bill – was introduced as an amendment to the Computer Fraud and Abuse Act (CFAA) last week. Its backers are US Representatives Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.

ACDC would give a company the go-ahead to take active defensive measures to access an attacker’s computer or network to identify hackers, as well as to find and destroy stolen information. It makes sense to introduce it as an amendment to the CFAA, given that the CFAA outlaws unauthorized access to somebody else’s computer: a big legal hammer that’s found many nails.

ACDC would give authorized individuals and companies the legal authority to leave their network to:

  1. Establish attribution of an attack.
  2. Disrupt cyberattacks without damaging others’ computers.
  3. Retrieve and destroy stolen files.
  4. Monitor the behavior of an attacker.
  5. Utilize beaconing technology.

Will this lead to cyber-vigilantism? Graves says no; he told CNN that the bill is not opening the door to the Wild Cyber West. The horse is already out of the barn: we’re already living in the Wild Cyber West:

We are already dealing with the Wild West and there’s a lot of outlaws out there but we don’t have a sheriff, we don’t have a deputy and all we were asking for is a neighborhood watch.

But just as they did when Zarate brought up the notion two years ago, security experts are warning that the bill could have dire unintended consequences. CNN quotes digital forensics expert Lesley Carhart on the difficulties of determining whether the source of an attack has been spoofed:

In cybercrime and in nation state attacks, there are often lots of attempts to mislead and confuse researchers analyzing the attack timeline or malware. A savvy bad guy could fairly easily emulate an innocent third party, and draw down the wrath of unskilled analysts on them.

And if an attack were in fact coming from, say, North Korea, the ACDC wouldn’t be worth much. That’s because it limits hack-back actions to within the US. It also requires companies to report to the FBI-led National Cyber Investigative Joint Task Force before taking active-defense measures: a measure that “will help federal law enforcement ensure defenders use these tools responsibly.”

OK… so, why not just entrust cyber investigations and countermeasures with the FBI and the Department of Justice (DOJ) to begin with? According to a news release (PDF) from Graves, we can’t – they’re swamped.

While DOJ and the FBI do great work, the number of cyberattacks far exceeds the government’s ability to respond, identify and prosecute criminals.

At any rate, Graves told CNN, whether we like it or not, companies are already hacking back:

Word on the street is many companies are already doing some of these things. They know, you know, and I know that what they are doing is illegal. What we would be doing is bringing clarity to what some might already be doing and what tools might be successful.

In fact, he’s hoping that if the bill passes, it could spark the creation of new tools to protect against hackers.

One security expert likened the bill to the old Biblical law about retaliation: an eye for an eye, a tooth for a tooth. That dates back to Hammurabi, King of Babylon from 1792-1750BC.

Wise he may have been, but Hammurabi didn’t have to deal with (and nor could he have foreseen) the complex issue of figuring out who hacked who.


Security News

via Naked Security http://ift.tt/1pHdTOi

October 20, 2017 at 02:50PM

Cloudflare Counters MPAA and RIAA’s ‘Rehashed’ Piracy Complaints

Cloudflare Counters MPAA and RIAA’s ‘Rehashed’ Piracy Complaints

http://ift.tt/2xTIwul

A few weeks ago several copyright holder groups sent their annual “Notorious Markets” complaints to the U.S. Trade Representative (USTR).

While the recommendations usually include well-known piracy sites such as The Pirate Bay, third-party services are increasingly mentioned. MPAA and RIAA, for example, wrote that Cloudflare frustrates enforcement efforts by helping pirate sites to “hide”.

The CDN provider is not happy with these characterizations and this week submitted a rebuttal. Cloudflare’s General Counsel Doug Kramer says that the company was surprised to see these mentions. Not only because they “distort” reality, but also because they are pretty much identical to those leveled last year.

“Most surprising is that their comments were basically the same complaints they filed in 2016 and contain the same mistakes and distortions that we pointed out in our rebuttal comments from October, 2016.”

“Simply repeating the same mischaracterizations for a second year in a row does not convert them into facts, so we are compelled to reiterate our objections,” Kramer adds (pdf).

There is indeed quite a bit of overlap between the submissions from both years. In fact, several sections are copied word for word, such as the RIAA’s allegation below.

“In addition, more sites are now employing services of Cloudflare, a content delivery network and distributed domain name server service. BitTorrent sites, like many other pirate sites, are increasing [sic] turning to Cloudflare because routing their site through Cloudflare obfuscates the IP address of the actual hosting provider, masking the location of the site.”

The same can be said about the MPAA’s submission, which includes a lot of the same comments and sentences as last year. That wouldn’t be much of a problem if the information was correct, but according to Cloudflare, that’s not the case.

The two industry groups claim that the CDN provider makes it more difficult to track where pirate sites are hosted. However, Cloudflare argues the opposite.

Both RIAA and MPAA are part of the “Trusted Reporter” program and use it frequently, Cloudflare points out. This program allows rightsholders to easily obtain the actual IP-addresses of Cloudflare-hosted websites that engage in widespread copyright infringement.

Most importantly, according to Cloudflare, is that the company follows the letter of the law.

“Cloudflare does not make the process of enforcing intellectual property rights online any harder — or any easier. We follow all applicable laws and regulations,” Cloudflare explained in its submission last year.

In its 2017 rebuttal, the company reiterates this position once again. Kramer also points to a recent blog post from CEO Matthew Prince, which discusses free speech and censorship issues. The message is that vigilante justice is not the answer to piracy, and all relevant stakeholders should get together to discuss how to handle these issues going forward.

For now, however, the USTR should disregard the comments regarding Cloudflare as irrelevant and inaccurate, the company argues.

“We trust that USTR will once again agree with Cloudflare that complaints implying that Cloudflare is aiding illegal activities have no place whatsoever in USTR’s Notorious Markets inquiry. It would seem to distract from and dilute the message of that report to focus on companies that are working to make the internet more cybersecure,” Kramer concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security News

via TorrentFreak http://ift.tt/JHJIUI

October 20, 2017 at 02:38PM

Hackaday Prize Entry: Two Leg Robot

Hackaday Prize Entry: Two Leg Robot

http://ift.tt/2gyreQR

Hackaday Prize Entry: Two Leg Robot

If you’re working on your own bipedal robot, you don’t have to start from the ground up anymore. [Ted Huntington]’s Two Leg Robot project aims to be an Open Source platform that’ll give any future humanoid-robot builders a leg up.

While we’ve seen quite a few small two-legged walkers, making a pair of legs for something human-sized is a totally different endeavor. [Ted]’s legs are chock-full of sensors, and there’s a lot of software that processes all of the data. That’s full kinematics and sensor info going back and forth from 3D model to hardware. Very cool. And to top it all off, “Two Leg” uses affordable motors and gearing. This is a full-sized bipedal robot platform that you might someday be to afford!

Will walking robots really change the world? Maybe. Will easily available designs for an affordable bipedal platform give hackers of the future a good base to stand on? We hope so! And that’s why this is a great entry for the Hackaday Prize.

Posted in robots hacks, The Hackaday PrizeTagged , , , , ,

Security News

via Hackaday https://hackaday.com

October 20, 2017 at 02:32PM

CVE-2017-15291

CVE-2017-15291

http://ift.tt/2yCOf9L

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 20, 2017 at 02:25PM

CVE-2017-15670

CVE-2017-15670

http://ift.tt/2yCKtPo

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 20, 2017 at 02:25PM

CVE-2017-15671

CVE-2017-15671

http://ift.tt/2yC87db

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 20, 2017 at 02:25PM