Monday, November 24, 2014

Retailer-Backed Apple Pay Rival CurrentC Has Been Hacked, Testers’ Email Addresses Stolen

MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked. The data breach involves the theft of email addresses, but the CurrentC mobile application was not affected, the company confirms to TechCrunch.

Within the last 36 hours, MCX says it learned that unauthorized third parties obtained the email addresses of some of its CurrentC pilot program participants and other individuals who had expressed interest in the app.
The group has now notified its merchant partners about the incident and is communicating directly with those individuals whose email addresses were involved, a company spokesperson tells us.

At this time, it appears that only the emails of these early mobile app testers have been stolen, which is not as significant a data breach as having payment data or other personal information taken, like home addresses or phone numbers, has been the case with other large-scale data breaches, like the one which took place over the last holiday season at Target.

In addition, many of these email address were dummy accounts used for testing purposes, which means there may not be that many end users affected at this point, as the solution was still in its pilot phases.

However, MCX says it’s continuing to investigate the situation and will provide more updates as they arrive.

Below, is the email being shared with these users, in its entirety:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

 In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
It’s unclear at this time how exactly the addresses were stolen. As dummy accounts were taken, too, that would seem to rule out a phishing scheme. Phishing requires getting users to click malicious links or taking some other action, and is usually kicked off by sending users a legitimate-sounding email in order to trick them. It’s not likely that the creators of the dummy accounts would have responded to phishing attempts.

CurrentC’s maker MCX, for those unfamiliar, is a group of over 50 retailers who have been working to develop their own mobile wallet technology. Essentially, they want to own the mobile wallet experience for themselves, instead of turning it over to a company like Apple, whose Apple Pay mobile payments solution prevents them from gaining access to customer data. Instead, retailers involved with MCX want to use mobile payments as a way to learn more about their customers’ shopping behavior, which could mean they could better target offers to them in the future.

The system works via a mobile application, live now on the app stores, called CurrrentC. It’s sort of a clunky tool when compared with Apple Pay, as it involves the use of QR codes. But some retailers, like Starbucks, have seen success with QR codes, and these special barcodes aren’t tied to one platform, like Apple’s, so it makes sense that this is the technology the retailers would adopt. (More information on CurrentC is here.)

CurrentC began making headlines recently, when retailers involved with the initiative shut off NFC in their stores. NFC is the technology that makes Apple Pay and other NFC-based payment solutions, including Google Wallet, work. Customers were trying to use Apple Pay at stores like Rite Aid and CVS, where at first Apple Pay-initiated payments were functioning properly, thanks to the retailers NFC-enabled point-of-sale terminals.

But then those retailers disabled NFC at their registers, ending their unofficial support for Apple Pay. The problem, apparently, stemmed from the fact that retailers’ contracts with MCX states they’re not supposed to accept rival mobile payment products. (Walgreens, an Apple Pay partner, has taken advantage of this situation, telling customers via social media that #ChoiceIsEverything.)

With interesting timing, MCX this morning published a blog post to clear up misconceptions about its technology and its aims as a company. One section in the post discussed the security aspects to CurrentC, saying “the technology choices we’ve made take consumers’ security into account at every aspect of their core functionality.”

After a number of high-profile data breaches in recent months, which have seen consumer data stolen from Target, Home Depot, Nieman Marcus, Staples, P.F. Chang’s, Supervalu, and others, there’s a feeling among consumers that retailers should not be trusted with our sensitive information, including payment card data and other personal details any longer.

Perhaps the CurrentC hackers agree, and decided to make that point by way of this latest hack.

Thursday, November 6, 2014

'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security

National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat. 

The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans. 

DHS said in a bulletin that the hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to “damage, modify, or otherwise disrupt” the industrial control process. So while U.S. officials recently became aware the penetration, they don’t know where or when it may be unleashed. 

DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction. 

The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies. 

DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year. “Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said. 

The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone, sources said. The software allows information sharing and collaborative control.

Friday, October 24, 2014

Why the Rockefellers are betting on renewable energy

Sure, it's mostly symbolic. But the global energy business is also on the cusp of a dramatic transformation. 
John D. Rockefeller (far right) was a man on the move. His descendants are just following suit.
John D. Rockefeller (far right) was a man on the move. His descendants are just following suit. (Bettmann/CORBIS) 

The name Rockefeller is deeply synonymous with turning oil into gold. Familial patriarch John D. Rockefeller founded Standard Oil in 1870 and bought up most of the oil refineries in the United States, eventually controlling over 90 percent of the American oil business. "Competition," he said, "is a sin."

That empire, in inflation-adjusted terms, made him the richest man in history with a fortune estimated at $336 billion in 2010 dollars. The Standard Oil monopoly, meanwhile, was broken up and evolved into the global oil brands Exxon-Mobil, Amoco, and Chevron.

But the times they are a-changin', and you don't need to be a weatherman to know which way the wind blows.

Rockefeller's descendants — who still control a cool $860 million through the family philanthropy, the Rockefeller Brothers fund — are dumping the endowment's investments in the oil business and reinvesting at least a portion of that wealth into renewable energy.

And the Rockefeller fund is not the only big name fund divesting from fossil fuels and moving into renewables. The Divest-Invest movement — which the Rockefeller fund has joined — consists of 800 global investors, and has now moved $50 billion away from coal, oil, and gas and into renewable energy as part of a broader push to battle climate change and promote economic and energy sustainability.

Now, the Rockefellers' $860 million isn't much in the grand scale of the global energy business. The global energy trade is a $5 trillion a year business, so even the larger $50 billion divestment equates to merely 1 percent of the size of the global energy trade. And renewables today are merely 11 percent of the global energy business. Plus, the Rockfeller Brothers fund has a philanthropic purpose, not an amoral money-making one, and the primary goal of the divestment seems mission driven.

But this is still an important symbol because the global energy business is on the cusp of a dramatic transformation.

As Stephen Heintz, president of the Rockefeller Brothers Fund, said in a statement:

John D Rockefeller, the founder of Standard Oil, moved America out of whale oil and into petroleum. We are quite convinced that if he were alive today, as an astute businessman looking out to the future, he would be moving out of fossil fuels and investing in clean, renewable energy. [The Guardian]

Why? As I wrote last December, renewable energy and particularly solar are on a very steep price trend downward thanks to a continued spurt of technological innovations that have reduced the cost of manufacturing. If the trend of falling prices continues for another 10 years, solar-generated electricity in the U.S. will descend to a point where it's competitive with coal and nuclear — by 2020, or even 2015 for the sunniest parts of America. And if the trend continues for the next 20 years, solar costs will be half that of the price of coal today.

Meanwhile, as fossil fuel stocks have been gradually burned away, the costs of drilling are rising as the easy-to-extract stuff near the surface is exhausted. Today, complex extraction practices such as fracking are unleashing new fossil fuel supplies onto global markets but at a vastly higher cost than in John D. Rockefeller's day. That makes the renewable energy revolution low hanging fruit for the next generation of energy tycoons.

So it's no surprise to me that the Rockefeller family believes their ancestor would be behind their move. They're right.

U.S. Opposing China’s Answer to World Bank

A freight train hauling coal in Shanxi Province. China has been lobbying neighbors to establish a new regional development bank. Credit via Associated Press

Wednesday, October 15, 2014

Amazon plans to open its first brick-and-mortar store

Midtown Manhattan location will open in time for the holiday shopping season, according to a report.

The world’s largest e-commerce company is finally going to embrace bricks and mortar.
The Wall Street Journal on Thursday reported that AMZN -0.76% will open its first physical store in New York in time for the holiday shopping season, citing people familiar with its plans.

The store would be located on 34th Street in Manhattan, close to a shopping district that includes Macy’s M -1.03% flagship and serve as a mini-warehouse, with limited assortment used for same-day delivery within New York, returns and exchanges, and pickups of online orders, according to the Journal’s report.

Amazon was not immediately available for comment.

Sucharita Mulpuru, an e-commerce analyst at Forrester Research, tells the Fortune the space sounds “closer to a post-office” than a retail store and that it remains to be seen what economic boost the location will provide to the company.

“They need to figure out what resonates with shoppers with respect to Amazon in a physical store,” Mulpuru says. “Do they want to look at product? Do they just want to pick up product? Do they want to look at Amazon electronics equipment?”

Sources told the Journal that Amazon might use the space to showcase its own devices like the Kindle e-readers, Fire smartphone or Fire TV set-top box. If the New York store works out, it could serve as a model for a rollout to other U.S. cities, the Journal’s sources said.

The news comes at a time traditional brick and mortar chains like Macy’s and Neiman Marcus are testing same-day delivery, while others are trying out a service offered by Google. GOOG -1.47% It also comes as those physical retailers get nimbler at using merchandise in their hundreds of stores to speed up delivery, turning them into de facto distribution centers to help them compete with the Amazon facilities that dot the country. For example, Macy’s is now using all 800 or so of its stores to help its online efforts, while others like Target TGT -2.77% are gearing up for that capability.

A number of online-only retailers have experimented with physical stores of late, showing the enduring value of brick-and-mortar locations. They include eyewear retailer Warby Parker, Bonobos, Birchbox, and Rent-the-Runway.

Monday, October 6, 2014

Solution Spotlight TelecomeTemps latest offerings No More Blackboards

Solution Spotlight:

No more blackboards, texts, notes, emails!

TelecomTemps is proud to offer an expanding line of pre-vetted products to our clients. We invite you to check them out and contact us for availability and special pricing.

Office AnyWhere, from Telespeak, is a permanent (24×7) online collaboration / communication service and work environment designed to unify and engage Distributed/Remote teams!  Now offered by TelecomTemps, this dynamic platform allows users to:   
  • See Work Happening:
Rich social context - see who is around and what's going on. An always-on office space provides one place for your team to interact.
  • Meet Instantly Now:
Integrated voice, video, chat and screen sharing is an intuitive User Interface. No dialing or conference codes. Built-in phone to conference anyone.
  • Always Feel Connected: Gather every day in Office Anywhere no matter where your people are. Build persistent project rooms with your cloud applications.
Check out these other great solutions from TelecomTemps: 

Professional Servicesduct)