Daily Archives: January 22, 2024

Thieves steal 35.5M customers’ data from Vans, Dickies, Timberlands parent comp’s sales systems

Posted on by

a vans sneaker and timberland boot with an axe through them

VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December.

The announcement was made in a Thursday 8-K/A filing with the Securities and Exchange Commission (SEC), and we’re only left to speculate about what kind of information the attackers may have scrambled away with.

The parent company of fashion labels, which also include Supreme, Timberland, and Dickies did, however, confirm the type of data that couldn’t have been accessed.

VF Corp said that customers’ social security numbers (SSNs), bank account information, and payment card information remain uncompromised as these are not stored in its IT systems.

There’s also no evidence to suggest that consumer passwords were accessed, it confirmed, although it did caveat this with “the investigation remains ongoing”.

If you want to really look between the lines of the document’s wording, you’ll see that VF Corp explicitly said SSNs, financial information, and passwords – all excluded from potential compromise – were all explicitly defined as being consumer-related specifically.

The same goes for the number of individuals affected – 35.5 million “individual consumers” had their personal information stolen.

[…]

When the attack was first disclosed, the clothes seller said its ability to fulfill orders was affected, but online and retail stores were still up and running as normal.

This week’s filing said the company’s ability to replenish retail stores’ inventory was affected and combined with the fulfillment issues. This led to customer order cancellations and reduced demand across some of its brands’ e-commerce sites.

“Since the filing of the original report, while VF is still experiencing minor residual impacts from the cyber incident, VF has resumed retail store inventory replenishment and product order fulfillment, and is caught up on fulfilling orders that were delayed as a result of the cyber incident,” the filing reads.

“Since the filing of the original report, VF has substantially restored the IT systems and data that were impacted by the cyber incident, but continues to work through minor operational impacts.”

The attack on VF Corp is suspected to have involved ransomware. The filings mention parts of its IT systems being encrypted, and the AlphV/BlackCat gang claimed the attack days after its disclosure, but the company has not confirmed this to be the case.

[…]

Source: Thieves steal 35.5M customers’ data from Vans sneakers maker • The Register

The real question here is why on earth these guys were holding so many customers information? And in a centralised system?

HP CEO: You’re ‘bad investment’ if you don’t buy HP supplies

Posted on by

hp printers printing money over your dead body

HP CEO Enrique Lores admitted this week that the company’s long-term objective is “to make printing a subscription” when he was questioned about the company’s approach to third-party replacement ink suppliers.

The PC and print biz is currently facing a class-action lawsuit (from 2.42 in the video below) regarding allegations that the company deliberately prevented its hardware from accepting non-HP branded replacement cartridges via a firmware update.

When asked about the case in a CNBC interview, Lores said: “I think for us it is important for us to protect our IP. There is a lot of IP that we’ve built in the inks of the printers, in the printers themselves. And what we are doing is when we identify cartridges that are violating our IP, we stop the printers from work[ing].”

Later in the interview, he added: “Every time a customer buys a printer, it’s an investment for us. We are investing in that customer, and if that customer doesn’t print enough or doesn’t use our supplies, it’s a bad investment.”

[…]

HP has long banged the drum [PDF] about the potential for malware to be introduced via print cartridges, and in 2022, its bug bounty program confirmed that third-party cartridges with reprogrammable chips could deliver malware into printers.

Kind old HP is, therefore, only concerned about the welfare of customers.

Sadly, Lores’s protestations were somewhat undermined by the admission that the company’s business model depends – at least in part – on customers selecting HP supplies for their devices.

“Our objective is to make printing as easy as possible, and our long-term objective is to make printing a subscription.”

This echoes comments by former CFO Marie Myers, who said in December:

“We absolutely see when you move a customer from that pure transactional model … whether it’s Instant Ink, plus adding on that paper, we sort of see a 20 percent uplift on the value of that customer because you’re locking that person, committing to a longer-term relationship.”

Source: HP CEO: You’re ‘bad investment’ if you don’t buy HP supplies • The Register

Suno AI – make amazing songs with your own prompts

Posted on by

Suno AI is created by a team of musicians and artificial intelligence experts based in Cambridge, MA.

This machine makes the music and lyrics in the style you want and then sings it for you.

You get some free credits to play with but if you want longer songs then you need to go pro.

They keep copyright of everything generated when you use it for free, but under pro subscriptions you can sell the music it makes, under their terms.

It’s awesome!

Source: Suno AI

I can have app store? Apple: yes but NO! Give €1,000,000 + lock in to Apple ecosystem. This is how to “comply” with EU anti competition law

Posted on by
a rotting apple core with a closed padlock running through it

Apple is keeping a firm grip on people with alternative marketplaces, fleecing them for money but also for other control. Here are some of the terms Apple requires you to conform to in order to start up your own app store (which they call alternative marketplace):

If you’re interested in becoming a marketplace developer in the EU, the Account Holder of your Apple Developer Program membership will first need to agree to the Alternative Terms Addendum for Apps in the EU. Once they’ve agreed, they can submit a request for the entitlement.

To qualify for the entitlement, you must:

  • Be enrolled in the Apple Developer Program as an organization incorporated, domiciled, and or registered in the EU (or have a subsidiary legal entity incorporated, domiciled, and or registered in the EU that’s listed in App Store Connect). The location associated with your legal entity is listed in your Apple Developer account.
  • Agree to build an app whose primary purpose is discovery and distribution of apps, including apps from other developers.
  • Agree to provide and publish terms, including those pertaining to content and business model, for apps you will distribute, and accept apps that meet those terms.
  • […]

But what rankles most is the amount of money Apple not only fleeces from marketplaces for every installation – especially considering that Apple is not doing anything for the download – but that the barrier to entry is set at ONE MILLION DOLLARS!

Understanding payments, fees, and taxes

Stand-by letter of credit

In order to establish adequate financial means to guarantee support for developers and customers, marketplace developers must provide Apple a stand-by letter of credit from an A-rated (or equivalent by S&P, Fitch, or Moody’s) financial Institution of €1,000,000 prior to receiving the entitlement. It will need to be auto-renewed on a yearly basis.

Core Technology Fee

The DMA requires Apple to support distribution and payment processing alternatives that are facilitated outside the App Store. To reflect the value Apple provides marketplace developers with ongoing investments in developer tools, technologies, and program services, Apple has introduced a Core Technology Fee.

  • Marketplace developers will need to pay €0.50 for each first annual install of their marketplace app. First annual installs included in your Apple Developer Program membership can’t be used for marketplace apps.
Source: Getting started as an alternative app marketplace in the European Union

Of course, Apple is the one deciding if you are allowed to create an app store. What is the likelihood of that happening? Should you be one of the happy few (uhm, wait – didn’t the EU have this ruling as part of the Digital Markets Act (DMA), an anti competitive set of laws, aimed at allowing EVERYONE access?), then you still have to build an Apple App – ie you have to pay Apple to have your app in the app store and they will review your app in their app store. In the words of Apple:

An alternative app marketplace is an iOS app from which someone can install other third-party apps. To create a marketplace, fill out a webform that outlines the qualifications. If approved, Apple enables a code-signing entitlement on your account to distribute your marketplace app on the web. Apple also provides you with a framework that facilitates the secure installation of apps that your marketplace hosts.

To set up a marketplace, upload a public key, or marketplace key, to App Store Connect that regularly verifies the agreement, or relationship, you make with other developers that distribute their app on your marketplace.

The architecture of an app marketplace includes an iOS app, a webpage, from which people download your app, and a webserver that stores app data it regularly receives from App Store Connect.

Source: Creating an alternative app marketplace

So the value Apple describes above is basically that they force you to set up your App store from inside their App store. Apple then tells you how to run it and wants to know exactly what is going on inside it, so they can grab their €0.50 per year per app downloaded from it.

So really, the way in which Apple is conforming to the EU DMA is by offering a massive finger to the EU and it’s developers.