I hope you’ve had a lovely Thanksgiving, Data Sheet readers.
If you chose to avoid the stampedes at brick and mortar stores on Friday—as I did, after awakening from a kingly coma and brushing a pile of pie crumbs off my belly—and plan instead to shop online, then please read on. I’ve got a simple, yet substantial cybersecurity tip for you.
First, context: Cyber Monday, the e-commerce bonanza that kicks off the beginning of the week, is set to be the biggest payday on record for electronic merchants. (We at Fortune prefer Cyber Saturday™, of course.) Crooks are no doubt eyeing the opportunity to score. Don’t let them.
One easy way to prevent hackers from profiting off the occasion involves securing your digital identity. So, the advice: Add what’s called multi-factor authentication to your online shopping accounts.
Here’s how it works. Whenever you log in to an online profile, the website’s entry field will prompt you to submit a second passcode, one on top of your usual password. This will either be a string of numbers that is sent directly to your mobile phone via text message, or a string of numbers that can be read off an “authenticator” app, which generates one-time passcodes. (See Google Authenticator, for example.)
Multi-factor authentication—sometimes called “two step” or “two factor” authentication, or abbreviated “2FA”—is one of the simplest measures you can take to lock down your digital persona. Think of it as adding another lock to your money vault. Amazon recently added the feature to its website. Go, take advantage.
As you know from this holiday season, there are many things in life to be thankful for. Cybercrime is not one of those things. Take a stand against it; here’s a list of the places that let you armor up.
Robert Hackett
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.
THREATS
Dell bungles computer security. The PC-maker installed self-signed security certificates alongside private keys on its computers, making it easy for anyone to crack Dell customers' encrypted Internet connections. After that revelation surfaced, researchers discovered that the company did it more than once. (Fortune)
Facebook alerts State Department about hacks. Iranians have been upping their cyber espionage, taking over the email and social media accounts of State Department officials. No victim realized until Facebook—one of the social network's new security features—notified them. (New York Times, Fortune)
Hilton confirms data breach. The hotel chain said it had been the victim of a cyber intrusion that targeted the company's point of sales systems. Hilton did not disclose how many, if any, guests' payment cards had been compromised. (Fortune)
Sneaky malware strikes retailers. The cybersecurity firm iSight Partners warned U.S. retailers ahead of the shopping season that it had discovered a stealthy, active hacking campaign affecting payment terminals. There's not telling yet how many companies—and customers—are affected. (Fortune)
Hacks matter to credit ratings. Moody's said that cyberattacks are becoming a more important factor in its corporate credit analyses. The ratings agency compared the threat to natural disasters in terms of impact. (Reuters)
Walmart hired Lockheed to snoop on workers. The retailer reportedly employed Lockheed Martin to keep tabs on employees' social media feeds in 2012. Walmart wanted to know about planned protests and labor activity. (Bloomberg, Fortune)
Amazon's latest cryptography has a hole. The code, known as s2n, is meant to securely encrypt and authenticate Web sessions. Researchers discovered that the crypto is vulnerable to an attack that lets hackers access restricted parts of websites. (Ars Technica)
FCC hires rising privacy star. The Federal Communications Commission has added Jonathan Mayer, an aggressive privacy advocate, to its payroll. He'll serve as the agency's chief technologist. (Washington Post)
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Fortune contributor Anne Fisher asks whether employee cybersecurity training does any good.
Found an unidentified USB stick lying around in a public place lately? If so, did you plug it into your computer?
Don’t laugh. Almost one in five (17%) of the 200 people who recently came across one at random—in an airport, coffee shop, or public square in Chicago, Cleveland, or Washington, D.C.—plugged it in, then proceeded to open a text file and click a link or email an address in it.
If this weren’t part of a harmless “social experiment” conducted by a team of researchers from trade association CompTIA, the results could have been disastrous, inviting trouble like viruses, malware, and security leaks not only into people’s own devices, but their employers’ networks too. Read the rest on Fortune.com.
TREATS
Grandma scammer. Wire me $3,000. (Narratively)
$5 computer. Pi Zero. (Wall Street Journal)
Beyond Bitcoin. Blockchain for music. (Fortune)
One email = 4 grams of CO2. (Phys.org)
Life. After ISIS. (Roads & Kingdoms)
FORTUNE RECON
What Should the Media Do When Donald Trump Blatantly Lies? by Mathew Ingram
Here's What You Should Do When You Have to Make a Tough Decision by Alexander Goldstein
Meet the Woman Behind Hallmark's Christmas Movie Juggernaut by Dina Eng
I Was a Clown in the Macy's Thanksgiving Day Parade. Here's What I Learned by Polina Marinova
Pfizer Says No Merger Tax Help For Our Top Execs by Dan Primack
ONE MORE THING
How safe are nuclear weapons programs from cyberattacks? Former UK defense secretary Des Browne has warned that his nation's "trident" program could be vulnerable. (Guardian)
EXFIL
"Rooting out small bands of terrorist groups who maintain good operational security and are using modern technologies in ways that are hard to track, that's a tough job."
President Barack Obama, speaking at the White House earlier this week alongside French President Francois Hollande. Though he did not mention encryption, per se, his post-Paris attacks comments suggested that the subject was on his mind. The president also said that nations should share intelligence while preserving peoples' privacy. (Whitehouse.gov)
