|
Saturday, November 10, 2007
Eat at Joe's, Just Bring Cash
This is not your average Joe's restaurant on Massachusetts Avenue in Arlington Center. It's a small, regional chain - 13 locations in all. A few weeks ago,
the chain was identified as the common factor in a number of credit card fraud cases. That has led to the disclosure that
a whole mess of credit card numbers have been stolen from the chain, credit card numbers used by customers of the restaurants.
Now, it took Joe's awhile to notifying the public. Much like the recent Monster incident, they wanted to figure some
things out first. They currently have a warning popup when you hit the site that contains all the customer outreach information. Unfortunately, there's a nasty bug in the way
they implemented it. In my browser, if I even rollover the link that mentions the popup it is invoked. Man, that's really
annoying.
Anyway, this is a tough break for Joe's, but what is the consumer to do? My recommendation, if you like the place, is
to continue to patronize it and just use cash. Personally, I have reservations about using a credit card there just yet. Since
I have a bit of experience in computer security, let me share my thoughts about what happened.
First, let's actually review what happened. The Globe has a solid roundup of the major events:
- Some folks who bank at Cape Cod Five Cents Savings Bank and eat at Joe's in Hyannis report fraudulent charges
- As other banks report similar problems, a bunch of people start investigating and find that Joe's is the common denominator
- They discover a fairly savvy fraud scheme, complete with overseas counterfeit cards (i.e., fake cards with real Joe's
customer information on them)
- Up to 3,500 numbers were stolen, most likely between August and September
- They do not suspect any employee involvement
OK, now let's break down what this really means:
- Someone probably hacked into a server in their main data facility (either on-site or at a hosting company) and found a
way to access the numbers. That's why there's no employee involved, although they must have ruled out an employee conspiring
by giving away passwords and access.
- Although they say forensics are ongoing, they have found something. They have an established time-frame and an estimate
of the number of records accessed.
- What they probably don't know is the initial attack vector, i.e., how the person broke in.
Unless they are able to determine #3, they are going to have a hard time feeling comfortable saying things like, "We have
put additional safeguards in place since becoming aware of this issue and are confident that customer data is secure." That
was not what they said a few weeks ago: "We're fairly confident that a customer walking into one of our places today could
use their credit card safely."
Despite the confidence of the former assertion, the fact remains that the following statements in their current warning
message need to be resolved for customers to feel confident:
- The external investigation into the cause and impact of this activity is still underway
- ...contracted with an external forensic analyst to help us identify the cause; that analysis is ongoing
- Immediately took steps to further increase the security of our data systems ... we believe all
credit card transmittals are secure (emphasis mine)
- Of utmost importance to us is maintaining the integrity of all credit card data going forward, identifying the cause of
the problem and ensuring this does not happen again
George Jenkins over at I've Been Mugged has a different take, wondering why they need to keep the numbers in the first place.
So it's still a bit messy. Like I said, bring cash. There's an ATM right next to the one in Arlington Center.
Sunday, November 4, 2007
Sunset and Skyline
This evening wasn't a great sunset, but I had a mysterious plan up my sleeve. Kara got home early and I was able to run
up to Wright's Tower in Medford to see the new roof, check out the Boston skyline, and find out exactly where it was in relation
to southwest on a compass.
The answer, it turns out, was 90º away. Still, even a mediocre sunset can be beautiful. I have to say, one nice thing
about this location is that the foreground does get a fair amount of ambient light from the sunset. As a result, you can generally
get the whole sunset within the dynamic range of the camera. That's a nice change from gradient filters and other tricks I
use when appropriate. In this shot, it means you can pick up the fall foliage colors in the foreground trees - I like that.
Anyway, you are probably wondering what all the mystery is about where southwest is? Well, tomorrow morning there is
going to be another ISS/Shuttle flyover. The shuttle is scheduled to undock at 5:32AM, EST and both craft will become visible in the Boston area 10º over the horizon to the southwest about 20 minutes later. At a maximum of 60º of elevation when
it's halfway across the sky, it won't be directly overhead. The last time I shot this event, it did pass almost directly overhead and that was challenging to say the least.
So I also brought my film camera with me, because it's loaded with Fuji Velvia ISO 100 slide film and that's just fine
for astrophotography. It's also fine for cityscapes, so I shot about 15 slides while I was there of the sunset. Velvia is
a stunning film, so I can't wait to see the chromes. I shot these with my Canon FX with a 20mm lens on it. This lens is really
something. There is quite a bit of distortion when it's not parallel, but it's very, very wide. So I jacked that puppy on
the tripod and I could frame the rocks under the tripod all the way to the horizon and get them all sharp, but the structures
on the horizon at the edges are leaning in noticeably due to the off-level angle of the camera.
Anyway, my last task was to try to snap a quick grab shot of Wright's Tower before I left. I managed to get a shot of the tower when they were working on the roof, but it was a pretty cheap deal. I put the long lens on and just pulled over,
stuck the camera out the window and boom. Not very artistic, really. But now I was up there at nightfall and so I put the
wide lens on the digital and took a series of three long exposures with augmentation (I'll explain). They were 40, 53 and
77 seconds. During these exposures, I used my flashlight to paint the tower, ground and surrounding areas. I used
a different technique or approach for each exposure. On this last one, I concentrated a lot of flashlight time panning around
the inside of the roof at the top of the tower and it paid off. The detail in there is superb considering the flashlight was
really the only source of light.
|
