Selfies may be all over social media, but reports now suggest they may be all over your wallet, too. At Mobile World Congress in Barcelona, MasterCard said it would roll out a “pay by selfie” facial recognition program to 15 countries this summer.
The company has already piloted the service, and said that more than nine in 10 people preferred it to passwords. Participants have to blink at the camera to stop people faking their ID with a photo. Selfies are the latest option in an array of biometric inputs, including fingerprint scanners already on many smartphones. Anything that accelerates the death of the password — no matter how narcissistic — is okay by us.
Freshly minted compromise shocks Linux users
Is there any such thing as a safe download? Perhaps not, given what happened to Linux Mint this week. The software, said to be the third most popular distribution of the open source operating system, was hacked. The attacker told journalists that he had gained unauthorized access to the Linux Mint website and used it to upload a compromised version of the OS with a back door. Hundreds of users downloaded the version, which the hacker said took just a few hours to modify. That’s the questionable appeal of open source software, we guess.
Administrative access to the site allowed the hacker to change the legitimate checksum, which is normally used to verify the identity of a file. His primary purpose was to build his own botnet, he said. It just goes to show: checking twice to ensure that a download is legitimate may not be enough.
New clues in NK-Sony whodunnit
Remember the brouhaha over attribution for Sony’s late 2014 data breach? The U.S. government said North Korea was responsible. Experts disagreed. Now, a team of cyber-security vendors has made a connection between that attack and earlier ones on military, government and commercial interests by a team of hackers that it’s calling the Lazarus Group.
Operation Blockbuster matched the malware and modus operandi involved in the Sony attack to a 2009 cyber espionage campaign against South Korea. It also bears the hallmarks of another attack, called Operation DarkSeoul, which targeted South Korea’s financial industry. The team’s finding supported the U.S. government’s claim that North Korea was behind the attack, it said.
Best of expertIP
Do you want the good news or the bad news first? In her blog post for expertIP this week, Christine Wong leads with the positive: company revenues are going up. Citing a Spiceworks State of IT Report, she revealed that more than half of IT pros expect their companies to make more money in the coming year. The bad news? They won’t be seeing any of that green in their own budgets. Companies aren’t seeing the relevance of IT, she said, which means that tech budgets are staying flat — and where they are being spent, they’ll be on mundane, must-do things like end-of-life, rather than shiny new products and exciting new IT initiatives.
The upshot? IT departments will be doing more with the same cash, which means that you’ll have to work smarter. Ask yourself: what can you automate and make more efficient? Even something as basic as more sysadmin scripting can strip away some manual overhead. Give every dollar a job, and if possible, make it work overtime.
Image courtesy of Free Digital Photos