Thursday, December 19, 2013 - 08:34

Yesterday, security author and researcher Brian Krebs as well as the Wall Street Journal reported on a massive breach of credit card numbers involving Target and approximately 40,000 card scanning devices.  Details are minimal at this point, but the breach is being investigated by both Target and the U.S. Secret Service.


According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores...Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15 (source:


Until more details are provided, and notifications begin, we are advising the Duke community to keep an eye on credit card and debit card charges for cards they may have used at Target.  If you find an unexpected charge, please contact your bank or credit card company.


UPDATE:  Target has released a press statement indicating that approximately 40 million cards could be affected.  They also have asked that shoppers who suspect unauthorized activity contact Target at: 866-852-8680.



Thursday, March 21, 2013 - 20:04

Today Apple has (very wisely) introduced two-factor authentication for Apple IDs and iCloud accounts. Considering the level of access that iCloud provides to connected devices and the storage of financial data in iTunes/the Apple Store, the IT Security OFfice strongly encourages enabling the second factor if you use either of these types of accounts with Apple.


Lots of details can be found here:




Friday, January 25, 2013 - 07:50

January 28th is known as Data Privacy Day.  This should be of interest because of the erosion of privacy online.  Every year, we see more data breaches affecting our personal data (e.g. SSNs, medical information, or passwords), and we see companies increase their efforts to take advantage of our online presence for advertising or building demographic data.  Earlier this month Facebook launched a new "feature" called Graph, which they termed a social search engine.  The concept is that Facebook will use data that you have associated in your Facebook account to build a database that can be searched.  Want to find bicyclers in your area?  No problem.  What about who liked a product?  Sure.  What about married people?  Getting a bit more creepy.  While Facebooks says they will honor privacy settings, at what point do they enable it for "private" data as well as the data you have made broadly available?


This is just one example in the ongoing debate over how much the Internet and social media have eroded our individual privacy...and if we really care that it has done so.  Does it really matter that anyone on the Internet knows what you bought on Amazon or where you live?  Or do you care that the picture of your late-night adventure is out there for potential employers to find?  As the line blurs between personal and public, these are questions that can only be answered on an individual basis, but it would certainly be good to have the tools necessary to protect our online identities.


As a part of Data Privacy Day, you can download a free version of lol...OMG.  The book is a great resource for parents (and students!) about online reputations, digital citizenship, and cyberbullying.  From the book description:


The ease with which digital content can be shared online, in addition to its many benefits, has created a host of problems for today’s high school students. All too often, students are uploading, updating, posting and publishing without giving a second thought to who might see their content or how it might be perceived. 


lol…OMG! provides a cautionary look at the many ways that today’s students are experiencing the unanticipated negative consequences of their digital decisions – from lost job opportunities and denied college and graduate school admissions to full-blown national scandals. It also examines how technology is allowing students to bully one another in new and disturbing ways, and why students are often crueler online than in person. By using real-life case studies and offering actionable strategies and best practices, this book empowers students to clean up and maintain a positive online presence, and to become responsible digital citizens.


If you are interested in another way to think about data privacy, check out Obscurity: A Better Way to Think About Your Data Than "Privacy" from the Atlantic.