Behind the attack on a point-of-sales tech Target: Best of the web

US discount variety store retailer Target had its point-of-sales systems hacked in the lead-up to Christmas, with the credit card details and personal information of up to 70 million Americans potentially compromised.

It’s important to note that Target in the US is not affiliated with Target Australia, which is a subsidiary of Australian retail group Wesfarmers.

Nonetheless, the situation has been keenly observed by security researchers, and carries important lessons for Australian businesses.

Adam Tanner at Forbes points out one of the more surprising issues is the reluctance of the US to adopt “EMV” cards (credit cards that use a smartcard chip) for their credit cards.

Unlike Australia, and for that matter even countries like North Korea, the US prefers to rely on now-outdated magnetic stripes:

Europe introduced these so-called EMV cards, which take their name from Europay/MasterCard/Visa, in the 1990s. The cards contain a microchip that holds the sensitive credit card data in a much more hacker-resistant format than the magnetic stripes on U.S credit cards. There were 1.6 billion EMV cards worldwide accepted at 23.8 million terminals in the last quarter of 2012, according to EMV Co.

A world map shows only one dead zone when it comes to embracing EMV technology: the USA. Remote countries such as Bhutan, Bosnia and Iran all use it, as does every other country (yes, even North Korea).

While no cards are immune to fraud, the continued reliance on magnetic stripes has made the US a hotspot for it:

In the meantime, the United States continues to suffer a rising tide of card fraud, adding up to $4 billion in bogus transactions in 2012, according to a Federal Reserve study released last month. That’s $8 in cheating for every $10,000 spent.

According to Tracy Kitten of BankinfoSecurity, whether the attacks were the product of external attack or internal sabotage remains to be seen:

Experts can only theorize about what may have happened to Target. And while fraud expert and Gartner analyst Avivah Litan speculates about whether an insider is to blame for the breach, many other experts say Target’s compromise likely resulted from an external attack.

As fraud expert and Aite analyst Shirley Inscoe points out, Target’s reference to “unauthorized access” suggests an outside hack.

Nonetheless, the scale of attack appears to suggest the malware was downloaded from a central server within the company, rather than manually installed on 40,000 POS systems:

An executive with one of the leading U.S. card issuers affected by the Target attack, who asked not to be named, says he believes about 40,000 of the retailer’s 60,000 point-of-sale terminals were infected with an executable file, likely malware that was automatically downloaded from a hacked server. Once infected, the devices were instructed to store and forward mag-stripe data collected during transactions at the POS, the executive says.

As Michael Gregg at Huffington Post points, out, there are important lessons for business owners from the attack:

First of all, it’s important to realize that there is no such thing as a 100 percent safe company, website, app, card reader, etc. Instead of closing your eyes to the risk of hacking or hoping it doesn’t happen to you, assume that your debit cards, credit cards, online accounts, email, etc. will eventually be compromised. As a result, everyone should have a contingency plan in place for what to do after they’ve been hacked and how to mitigate the damage.

By now, everyone should realize that online privacy is a myth. Whether it’s a messaging app that promises to “erase” or securely store everything you share, or a social networking site, email or online shopping account, nothing is 100 percent private and 100 percent safe all of the time. Therefore, don’t share information online or via mobile apps that you wouldn’t want someone else to see. Assume that everything you do on the web will be public knowledge.

Quark XPress: The death of a design standard

Back in the 1980s and ‘90s, Quark XPress was the gold standard software in desktop publishing. In less than a decade, its market share had almost entirely eroded.

At Ars Technica, Dave Girard examines the demise of an industry standard:

As the big dog of desktop publishing in the ’80s and ’90s, QuarkXPress was synonymous with professional publishing. In fact, it was publishing. But its hurried and steady decline is one of the greatest business failures in modern tech… The widely reported statistics were that XPress enjoyed 95 percent dominance of the publishing market at that time. But when I left Vice in ’99, the privately held Quark Inc.’s best days were behind them. That was the year that Adobe’s InDesign 1.0 hit the market.

The opportunity for a competitor, such as Adobe In Design, to take over came when Apple switched from its classic Mac OS to OS X. At the time, Quark was not just slow to respond, but went so far as to tell designers to switch to a PC:

In 2001, Apple released OS X, which felt dog slow on existing hardware… Quark repeatedly failed to make OS X-native versions of XPress—spanning versions 4.1, 5, and 6—but the company still asked for plenty of loot for the upgrades. With user frustration high with 2002’s Quark 5, CEO Fred Ebrahimi salted the wounds by taunting users to switch to Windows if they didn’t like it, saying, “The Macintosh platform is shrinking.” Ebrahimi suggested that anyone dissatisfied with Quark’s Mac commitment should “switch to something else.”

However, it wasn’t just Quark’s arrogance that did them in.

Rather than creating a clone of XPress, Adobe decided to go back to the drawing board on how a design program should work. What it ended up creating, Girard argues, is a far more complete and intuitive feature set:

It didn’t hurt that InDesign was backed by the much larger Adobe, but it was the energy and excitement surrounding InDesign’s features that created a buzz you never saw with Quark. Adobe wasn’t just copying Quark’s approach or feature set—it made a program that was both for production nuts who needed to work efficiently and creatives who were shown how digital typography and layout was meant to be.

In many industries, it can feel like the market leaders are immortal and unshakable. Girard’s article is a timely reminder of how, when an arrogant market leader stumbles, an innovative competitor can overcome an established incumbent.

is tech dumbing us down?

Finally, are computers, tablets and smartphones dumbing us down?

It’s a controversial topic tackled by Tim Wu of The New Yorker. In his article, Wu imagines a time traveller from 1914 has been whisked a century forward into the future:

A well-educated time traveller from 1914 enters a room divided in half by a curtain. A scientist tells him that his task is to ascertain the intelligence of whoever is on the other side of the curtain by asking whatever questions he pleases.

Wu imagines that, on the other side of a curtain, is an ordinary person armed with a smartphone. To the time traveller, her ability to answer questions is astonishing:

The traveller’s queries are answered by a voice with an accent that he does not recognize (twenty-first-century American English). The woman on the other side of the curtain has an extraordinary memory. She can, without much delay, recite any passage from the Bible or Shakespeare. Her arithmetic skills are astonishing—difficult problems are solved in seconds. She is also able to speak many foreign languages, though her pronunciation is odd. Most impressive, perhaps, is her ability to describe almost any part of the Earth in great detail, as though she is viewing it from the sky. She is also proficient at connecting seemingly random concepts, and when the traveller asks her a question like “How can God be both good and omnipotent?” she can provide complex theoretical answers.

Wu raises a very interesting point about people and technology, namely that while we might not be as capable as our forbearers, when armed with technology, our immediate access to knowledge becomes astonishing:

The woman behind the curtain, is, of course, just one of us. That is to say, she is a regular human who has augmented her brain using two tools: her mobile phone and a connection to the Internet and, thus, to Web sites like Wikipedia, Google Maps, and Quora. To us, she is unremarkable, but to the man she is astonishing. With our machines, we are augmented humans and prosthetic gods, though we’re remarkably blasé about that fact, like anything we’re used to. Take away our tools, the argument goes, and we’re likely stupider than our friend from the early twentieth century, who has a longer attention span, may read and write Latin, and does arithmetic faster.

It’s certainly an interesting thought.


Notify of
Inline Feedbacks
View all comments