A week with iOS 8

Here’s why the iPhone ‘Masque Attack’ security flaw is so scary


iOS 8 Security Flaw

Earlier this month, researchers at cybersecurity firm FireEye discovered a vulnerability in the iOS operating system which could allow hackers to replace legitimate apps with malicious copies, giving them access to any data the user entered into the hacked app. These “Masque Attacks” were enough of a threat to convince the U.S. government to release a statement warning iPhone users to avoid downloading apps from third-party sources until the issue could be resolved.

Apple was quick to issue its own response, downplaying the severity of the vulnerability, but further research by Trend Micro seems to indicate that the threat is even more serious that originally reported.

FROM EARLIER: Apple says iOS 8 ‘Masque Attack’ has not affected a single person yet

According to Trend Micro, malicious apps installed on an iOS device could allow hackers to access unencrypted data from legitimate apps on the device.

“We tested several apps and found that some of the popular iOS apps do not employ data encryption for their databases,” writes Trend Micro’s Brooks Hong. “In our analysis, we simply used file browsers to access these files. Additionally, the apps we tested are messaging/communication apps, which means that they store a lot of sensitive information like names and contact details.”

Once hackers successfully infiltrate an iPhone or iPad through a Masque Attack, they will be able to trawl through unencrypted messaging and communication apps to find information they could use maliciously.

Interestingly, many of the Android counterparts to the iOS messaging apps Trend Micro tested were encrypted. This might be a result of Android being more susceptible to malware, whereas iOS developers haven’t had to deal with these issues in the past.

Apple says that it is not aware of any users who have been affected by Masque Attacks, but based on the potential outcome of being a victim of one of these attacks, we should all remain cautious when downloading software to our iOS devices.

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars will need to be protected from hackers who could take control of vehicles to cause chaos on the roads, cyber security and transport experts have warned.

While autonomous vehicles, such as Google’s self-driving car, could reduce road casualties by eliminating human error, they could also increase the risk of accidents amongst motorists who continue to use manual cars if they are allowed to mix on the same roads.

Recent research conducted in driving simulators has shown that human drivers change their behaviour when using the same road as autonomous cars by copying the driving styles and leaving less space between the vehicle in front.

While an autonomous vehicle equipped with sensors would be able to react almost instantaneously, reaction times in human drivers are slower.

The warnings come as the Institution of Engineering and Technology (IET) publishes a report on autonomous vehicles and how they can be integrated onto British roads.

It predicts that within 15 years there will be fully autonomous vehicles taking goods and people around Britain, bringing cheaper and safer mobility for passengers.

Driverless cars could also lead to more people living in the countryside as the vehicles will make it easier to get around in rural locations without being able to drive.

This could prove particularly beneficial for older people who retire to the countryside and find they can no longer drive themselves as they get older, yet still need to access shops and healthcare.

The first driverless vehicles are expected to begin appearing on Britain’s roads from January next year under a series of trials to be conducted in three cities by the Department for Transport.

However, Hugh Boyes, cyber security lead at the IET, said the reliability and security of software used in driverless cars will be a major issue for manufacturers and insurers.

He said: “If the hacker community could start to target vehicles we can imagine a fair amount of chaos.

“The motor industry is really strong on safety but if someone tries to interfere with the vehicle, tries to hack it and disrupt it, then these don’t fall under the typical safety issues.

“Unfortunately living in the world today people do try to tamper with technology. The industry is only just starting to recognise this.”

He also said that software would have to be reliable and bug free. “Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.

“If ultimately you want to use autonomous vehicles, we need to make sure they don’t have a defect.”

Earlier this year Vince Cable, the business secretary, announced that trials of driverless vehicles on public roads will begin in Britain in January 2015.

In January Newcastle will also start trialling technology where traffic lights can communicate with vehicles to help traffic flow more smoothly.

Major companies including Nissan and Volvo have already begun testing driverless cars in other countries while Google’s own driverless car has clocked up more than 1m miles on the open road.

During that time Google has said its autonomous vehicle was only involved in one accident, which occurred when a human driver took control.

Experts predict that using such vehicles can help improve road safety and allow busy road networks to cope with greater numbers of vehicles.

Autonomous cars, fitted with radar systems, cameras and other sensors to detect their surroundings, will be able to drive closer together while those connected to central networks can be rerouted to ease congestion.

According to Dr Nick Reed, principal human factors researcher at the Transport Research Laboratory in Crowthorne, Berkshire, 95% of the 1.2m annual deaths worldwide on the road involve human error. However, he warned that integrating human drivers and autonomous vehicles on the roads at the same time could present serious challenges.

This article originally appeared on guardian.co.uk

Researcher disputes report BlackPOS used in Home Depot, Target attacks

Attackers trading malware for privilege

Hackers will use malware, among other techniques, to break into enterprise systems but once they’re in, they’re likely to switch away from malware to abusing privileged accounts, according to a report released today by CyberArk Software, Ltd., an Israel-based vendor of security solutions for privileged accounts.The report analyses the experience of some of the world’s top cybersecurity and forensics teams — Cisco’s Talos Security Intelligence and Research Group, Deloitte’s Computer and Cyber Forensics Team, Deloitte & Touche’s Cyber Risk Services, FireEye’s Mandiant, EMC’s RSA security division, and the Verizon RISK Team.”A lot of the industry equates malware to the means by which an attack is carried on,” CyberArk CEO Udi Mokady told CSO Online. “But the more computers are infected with malware, the easier it is for a victim to detect an attack.”Instead, hackers switch to using privileged accounts once they’re in a system.”When you’re able to do do that, you can come and go to the organization as you please, and set up additional users that blend in with the normal traffic,” he said.According to Mokady,  most enterprises are unaware of how many privileged accounts they actually have.”Companies typically have three to four times as many privileged accounts as employees,” he said. In fact, compromised privileged accounts are at the heart of 80 to 100 percent of the attacks that cybersecurity teams investigate, he said.”This also explains why attacks are so hard to discover and stop,” he added. “An attacker with access to a privileged account can lie there undetected for 200 days or more.”For example, according to the report, privileged accounts can be used to delete log data and other evidence of illicit activity.In addition, hackers are using a wider range of privileged accounts than ever before.”Security investigators report a range of privileged account exploits, from hacking embedded devices in the Internet of Things to establishing multiple privileged identities in Microsoft Active Directory to ensure redundant points of access,” said the report.One particularly dangerous type of privileged account is the service account used for machine-to-machine communication.”Most companies expect service accounts to be used only internally, so they keep the default passwords,” said Christopher Novak, global managing principal for investigative response for the Verizon RISK Team, one of the experts who contributed to the report.“We’ve seen 25 or 30 attacks recently in which attackers used default passwords,” he added. “And because it’s presumed individuals aren’t using [these accounts], analysts dial down the sensitivity on alerts. Service accounts are out of sight, out of mind.”The report also provides some details about how far attackers will go to gain access to high-value targets.“We’ve set up fake online personas, pretending to be a PhD researching cancer therapies oran engineer developing a new laser module for a defense system,” said Peter Tran, senior director of RSA’s Worldwide Advanced Cyber Defense Practice, in the report. “And what we’re seeing is attackers have gotten really good,” he said. “They’re masquerading as recruiters and reaching out to high-value targets such as senior engineers, business managers. They use social media to start dialogs with valuable insiders, and they take time to cultivate relationships. Based on what we’ve seen, [attackers are] credible enough to fool most people into providing the entry point they need.”

The Boeing logo is seen at their headquarters in Chicago

Boeing eyes revamp of cyber business to focus on key areas

EL SEGUNDO Calif. (Reuters) – Boeing Co said this week it is reevaluating its cybersecurity business and could divest or reassign some units as it focuses more on a few critical areas, including classified work it is doing for some U.S. government agencies.

Boeing, the Pentagon’s No. 2 supplier and the world’s largest aerospace company, bought a handful of cybersecurity companies several years ago, but the market has not proven to be as promising as once expected.

Craig Cooning, who took over as head of the Boeing division that includes satellites, networks and missile defense, said Boeing was reassessing its work in the cyber arena, which he described as a highly disaggregated market.

“We’re looking at … where are the businesses that we want to go all in on, and (where) there may be other businesses that are reassigned to other parts of Boeing, or that we may not do,” Cooning told Reuters in an interview at his office in El Segundo, California, on Monday.

Cooning said it was difficult to reach sufficient scale with a number of smaller acquisitions, particularly given the large number of customers and producers that have rushed into the sector in recent years.

“There doesn’t seem to be a common core or thread that runs through it,” he said. “The critical thing is to find our niche and extrapolate and exploit it … We’re not going to do everything, soup to nuts.”

Cooning said he could not rule out divestments of certain units but provided no specific details. He said the company was pleased with the classified cyber work it was doing for some government agencies but declined to comment further.

He singled out Argon, which Boeing acquired in 2010 for $775 million in an all-cash deal, and Digital Receiver Technology (DRT), which Boeing bought in 2008, as successful parts of the company’s cyber portfolio.

One of Boeing’s strengths, he said, was protecting its own platforms and linking them, noting that Boeing operated one of the biggest virtual private networks in the world.

(Reporting by Andrea Shalal; Editing by Ken Wills)

Internet Corporation for Assigned Names and Numbers (ICANN) President and CEO Fadi Chehadé speaks on Internet governance on April 4, 2014 in Washington, DC

ICANN chief urges wide Internet control

The head of the private agency that acts as gatekeeper for the Internet called Tuesday for international discussions to ensure control of the web remains decentralised.

Fadi Chehade, president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), called for the “preservation of a decentralised, transnational and not too fragmented governance” of the Internet.

He told a Geneva conference that the Internet should remain “polycentric” but that the private and public sectors should work together.

“Only initiatives involving the private sector and governments can successfully and effectively address crucial issues like cybercrime, taxation of e-commerce, and child protection,” Chehade said.

ICANN, which is in charge of assigning domain names, is likely to break free of US oversight late next year.

Washington said in March it might not renew its contract with the Los Angeles-based agency, provided a new oversight system is in place that ensures the Internet addressing structure is reliable.

“ICANN is not and shall not be an island disconnected from other stakeholders,” Chehade said.

The agency plans to submit a proposal on oversight to the US Department of Commerce next year.

In an interview published Tuesday in Swiss daily Le Temps, Chehade said the role of the United States — one of ICANN’s 147 member countries — would remain important.

“If our DNA remains American, our openness to the world is a reality.”

US Commerce Secretary Penny Pritzker pledged at a meeting of Internet leaders in October that the United States would “protect and preserve a free, vibrant and open Internet”.

Pritzker said that while the United States might not renew its contract with ICANN, it still had a responsibility to encourage a decentralised Internet.

“The United States will not allow the global Internet to be co-opted by any person, entity, or nation seeking to substitute their parochial world view for the collective wisdom of this community,” she said.

Maassen attends a ceremony marking the 10th anniversary of the Joint Counter-Terrorism Centre in Berlin

Top German spy says Berlin under cyber attack from other states

BERLIN (Reuters) – German government and business computers are coming under increasing cyber attack every day from other states’ spy agencies, especially those of Russia and China, Germany’s domestic intelligence (BfV) chief said on Tuesday.

Addressing a cybersecurity conference in Berlin, Hans Georg Maassen said that of an estimated 3,000 daily attacks by hackers or criminals on German government systems, around five were the handiwork of intelligence services. The latter are so sophisticated that they can easily be overlooked, he added.

“We have seen that there are ever more frequent attacks by foreign intelligence agencies on the German government IT infrastructure,” he said.

These occur most frequently, Maasen said, before major international meetings such as a G20 conference, where government advisers might receive a virus email purporting to be from another country’s negotiators.

He described Berlin as the capital of “political espionage”, saying Germany’s economic, defense, foreign and arms policies were all targets for hackers, as well as major firms for their cutting-edge high technology.

Germany is Europe’s economic powerhouse, a major United States and NATO ally, and many of its manufacturers are industry leaders. Maassen said companies sometimes struggle to protect their most valuable technology and products.

Disclosures by former U.S. intelligence contractor Edward Snowden that Washington had monitored Chancellor Angela Merkel’s mobile phone and conducted mass surveillance in Germany caused public outrage last year.

Germany is acutely sensitive about surveillance because of abuses under the Stasi secret police of former East Germany as well as under the Nazis.

(Reporting by Thorsten Severin; Writing by Alexandra Hudson; Editing by Mark Heinrich)

India, Australia agree on framework for security cooperation

India, Australia agree on framework for security cooperation

Canberra: India and Australia on Tuesday agreed on a landmark framework for security cooperation across the spectrum in defence, cyber and maritime security and combating terrorism, including the threats posed by foreign fighters joining extremists groups.

For picture gallery, click here

At the summit talks between Prime Minister Narendra Modi, the first Indian prime minister to visit Australia in 28 years, and his counterpart Tony Abbott, the two countries also decided to conclude a long-pending Free Trade pact by the end of next year and an “early closure” of the civilian nuclear deal that will facilitate uranium imports to India.

Significantly, Modi made a reference to the need for expanding security cooperation and deepening international partnerships in the region in his speech to a joint session of Australian Parliament after the talks.

 “But, what we do need is to work together and with others to create environment and culture that promotes the currency of co-existence and cooperation; in which all nations, small and big, abide by international law and norms, even when they have bitter disputes.

 “We should collaborate more on maintaining maritime security. We should work together on the seas and collaborate in international forums.And, we should work for a universal respect for international law and global norms,” Modi said in comments interpreted as a veiled reference to China.

 Both India and Australia have reservations over China’s growing military assertions in maritime disputes with its neighbours.

The framework cooperation also came as Chinese President Xi Jinping left here for Tasmania, an island in southern Australia, where he was joined by Abbott.

In a joint statement issued at the end of Modi’s visit, the two countries committed themselves to working together to combat terrorism and transnational crimes.

 The two Prime Ministers agreed that the existing Joint Working Group on Counter-Terrorism would be renamed to cover other transnational crimes, including on-going cooperation on illegal migration.

They noted the conclusion of a new Framework for Security Cooperation to guide closer bilateral collaboration across the security spectrum, including in defence, counter-terrorism, cyber policy, disarmament and non-proliferation and maritime security.

The framework demonstrates the unshakeable resolve of the two countries in combating and defeating terrorism, including the threat posed by foreign fighters joining extremist groups.

Noting that terrorism has become a major threat for all, Modi suggested a comprehensive global strategy and a resolve to isolate “those who harbour terrorists”.

After the summit talks at the Prime Minister’s office, just two months after Abbott’s maiden visit to India, the two countries signed five agreements on social security, transfer of sentenced prisoners, combating narcotics trade, tourism, and Arts and Culture.

“This is a natural partnership, arising from our shared values and interests, and our strategic maritime locations,”

Modi said at a joint press conference with Abbott. “Security and defence are important and growing areas of the new India-Australia partnership – for advancing regional peace and stability, and combating terrorism and trans-national crimes,” he said.

The security framework, finalised hours before the talks, lays out an extensive “action plan” including annual prime ministerial summits and maritime military exercises, besides cooperation in counter-terrorism, border control and close consultations on regional and international institutions.

 Modi said the two sides also “agreed on seeking early closure on the civil nuclear agreement, which will give Australia a chance to participate in one of the most secure and safe nuclear energy programme in the world.”

India is open for business and keen to forge stronger business relations with resource-rich Australia, Prime Minister Narendra Modi said on Tuesday and invited Australian business leaders to cooperate in developing green technology, LNG, gas and tourism sectors.

 Modi, who held a roundtable with top Australian CEOs here, discussed prospects for bilateral cooperation specially in the field of education, services, energy, banking and information technology and tourism.

 Modi, during the hour-long roundtable hosted by Victoria’s Governor Alex Chernov at Government house, said India was open for business and was also keen to forge stronger business relations with Australia.

 Noting that the new government has identified several areas of cooperation, Modi said there was a huge potential for developing educational ties especially at school level.

“Victoria has taken a good initiative of tying up with India. We have Youth. I would like to focus on two main area – one is research and the other is education,” Modi said.

 As Victoria was leading in the field of research, a collaboration in that area could be looked at, he said.

 “We just launched our ‘Make in India’ initiative and this presents opportunities in our country,” he said, adding that issues of concerns for those keen to invest in India would be looked at in the next budget.

He invited Australian businessmen to collaborate with India in the field of green technology, LNG, gas and tourism sector.

 Modi said that the government was keen to build cruise tourism.

 “We discussed various issues, but the area which I would like to focus is tourism sector where I find several opportunities and possibilities,” Modi said adding Monday’s announcement about visa on arrival facility for Australian tourists would also benefit business community too.

“I extend an invitation to look at this sector too,” Modi said, noting that India’s long coastline provides huge opportunities for developing the cruise sector.

© Muscat Press and Publishing House SAOC 2014 Provided by SyndiGate Media Inc. (Syndigate.info).

How much is music worth? Radical.fm’s ‘pay-what-you-can’ ethos cuts to the heart of that question

How much is music worth? Radical.fm’s ‘pay-what-you-can’ ethos cuts to the heart of that question

This article originally appeared on The Next Web

IMG_20141117_101634

A lot has been said and written about Taylor Swift and her reasons for culling her music on Spotify. Ultimately, it’s all about the perceived value of her tunes – she doesn’t want people on a free, ad-supported service listening to her music on-demand.

Regardless of which side of the fence you sit on the debate, all this hullabaloo does raise an interesting question about the value of music today. With online piracy still rife, and pretty much every song ever recorded (give or take) available anyway on the likes of Vevo or YouTube, how much is a song or album actually worth these days?

The answer to that question may not make for pleasurable reading: however much someone is willing to pay.

While this hypothesis goes against the stance Taylor Swift and her record label are taking, it’s very much backed-up by countless examples strewn across the online music realm.

Just a few months back, Rdio encroached on Pandora’s territory with a new free ad-supported internet radio tier. This is why you’ll still find Taylor Swift on Pandora and Rdio, as the music isn’t made available on-demand for free.

Spotify’s free ad-supported incarnation, on the other hand, offers many, if not most, of the big-name artists on-demand. But Taylor Swift has now left that particular party.

Elsewhere, Spotify is looking to tempt more users on board by cutting prices and undercutting the competition. Less than a month after Spotify announced it was introducing family subscription plans, charging a few bucks less per-additional-person than Rdio, Rdio was forced to match Spotify dollar-for-dollar.

Race to the bottom?

There is so much competition now in the online music-streaming space, it sometimes feels like a race to the bottom, with companies chipping away at their already value-for-money services to tempt new users on board. People have grown to expect things for free, and that’s a difficult trend to fight when you’re chasing paying members.

The debate gets even more tenacious when you consider some big-name artists actively give away their music for free. U2 was the latest superstar upstarts to offer their new album to the world’s masses for free, albeit only to those using iTunes. Yes, they will have been paid a hefty sum by Apple, but the point is the music was free for the end-user.

Looking further back, Radiohead let fans decide how much to pay for its In Rainbows album back in 2007, which effectively meant you could elect to pay a grand total of zero if you so wished. But Thom Yorke only wants to give away music when it’s on his own terms. Nine Inch Nails too have previously given away their music.

There is an argument that if you let people decide themselves what they should pay for something, this makes them take a responsible approach to the matter. And it’s this approach that Radical.fm has been taking.

Radical approach: Pay what you can

Radical.fm is a Pandora-style internet radio service that adopts a radical approach to the music monetizing conundrum – it asks you to pay what you think it’s worth, either as a one-time payment or a regular monthly fee. It’s sound (pun intended) on many levels – if you don’t listen to a lot of music in a given month, just don’t pay. If you host a myriad of house parties and used Radical.fm day-and-night, you could elect to pay $100. You could equally pay $1.76, $14.21, or nothing at all.

We first covered Radical.fm way back in 2012 when it was available on the Web – albeit with a limited arsenal of tunes outside of Sweden. It has shifted focus since then to mobile, launching as a US-only service last year for iPhone users. It finally arrived on Android a few months ago.

Today, Radical.fm has finally shaken off its mobile shackles and arrives on the Web, representing a milestone moment for what is a fairly unique platform in this space.

Radical.fm is hand-curated by humans, with “orders to build the best sounding genres regardless of economic forces,” the company proudly proclaims. And you’ll also be pleased to know that it’s staying true to its word of not funding this through advertising – which puts even more pressure on listeners to dig just a little bit deeper and cough up at least something.

At the heart of Radical.fm is My Stations, an interface that lets users mix any number of curated genres, giving each one a value relative to the others. This brings fairly granular controls to your internet radio stations, even if you can’t influence the exact song choices in there.


Radical.FM station genre mixer How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question

As with other similar services, you can choose to ‘Block’ or ‘Like’ tracks, as well as skip songs. But then there is My Lists, which lets you search from 30 million-plus tracks to build your own custom genres around. While this isn’t on-demand as you’d expect from Spotify, it’s reasonably tailored.

For example, while you can’t listen to full songs through manual search, you can listen to 30 second snippets which helps you identify a song before adding it to one of your lists. These lists can then be allocated a genre and associated to an existing station, which increases the chances of your songs being played.


Radical.FM Song List added to a station 730x428 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question

All the big-name artists are on Radical.fm too, including the Beatles, Rolling Stones… and Taylor Swift.


Radical Desktop 31 520x233 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question


Radical Desktop 21 520x274 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question


Radical.FM main interface 520x284 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question


Radical.FM controls for each song and artist 520x353 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question


Radical Desktop 11 520x233 How much is music worth? Radical.fms pay what you can ethos cuts to the heart of that question

A handful of new features have been introduced to the new browser-based incarnation too. For example, you can now scroll back 100 tracks in your personal song history, and choose to ‘Like’ or ‘Block’ specific tracks retrospectively.

There may well be ‘better’ music-streaming services out there, but that’s a debate for another day. The timing of Radical.fm’s latest launch is probably little more than coincidence, but it is still notable given the very recent public debate that’s grinding through the digital music sphere.

What’s music worth?

Long before this recent debacle kicked off, Taylor Swift made her feelings known on streaming platforms, writing in the WSJ:

“It’s my opinion that music should not be free, and my prediction is that individual artists and their labels will someday decide what an album’s price point is. I hope they don’t underestimate themselves or undervalue their art.”

Despite Swift’s assertions, we aren’t really seeing a huge exodus from Spotify and other similar platforms, and I’m not entirely convinced we’ll see that day Swift envisages. Few could reasonably argue that music itself should be free, but the big question is how is it paid, who pays it, and how much do they pay?

As with any commodity in life, something is only worth what someone is willing to pay for it. It’s a cliche, but it’s true.

While you might be happy to pay $20,000 for a diamond, I see no inherent value in what is basically a shiny piece of rock. To me it’s worth zero. Somone might be happy to pay $50,000 for a new Ford Mustang, but I’d pay little more than $10,000 for a (reasonably new) second-hand VW Golf.

Tidal launched its music-streaming service a few weeks back – it’s similar to Spotify, except it costs double the amount of money each month. Why? Well, it uses ALAC and FLAC lossless formats at 1,411 kbps – or roughly 4 times the bit-rate of the best quality you’d find on Spotify. I’m no audiophile, so I’ll stick to my 320Kbps Spotify for now, which only costs $9.99 per month.

Again: Something is only worth what someone is willing to pay for it.

While plenty of people are still willing to dig deep and pay to access music online, plenty of people aren’t. Spotify claims more than 40 million active users, but only 25 percent of them are actual paying subscribers. This tells a story, and things could go a number of ways moving forward.

Either Spotify ditches its free, ad-supported on-demand version, or Swift and other defectors simply accept that this is now the way of the world and make all their tunes available to everyone on every music-streaming service around. Or, we could see a permanent stand-off between some artists and some music platforms.

However, with so much competition now, and with many of the hitherto USPs vanishing due to convergence, as we saw with Spotify launching family plans, this so-called ‘race to the bottom’ may lead to many such services crashing and burning.

Radical.fm’s arrival on the scene is symptomatic of this struggle we’re seeing in the music industry. It’s a collective desire to put the boot into piracy, while simultaneously opening up access to nearly every song imaginable, at a price people are willing to pay.

Radical.fm

Home Depot Beats Earnings Expectations

Home Depot Beats Earnings Expectations

home depot1

Home Depot, the world’s largest home improvement store chain, reported better-than-expected earnings Tuesday as improving job and housing markets entice more Americans to spend on remodeling. The company kept its 2014 sales growth forecast of 4.8 percent, which would lift the retail industry’s overall sales.

Despite a massive cyber security breach between April and September that cost the company $34 million, Home Depot’s net income rose 12.3 percent to $1.54 billion or $1.54 a share in the third quarter ended Nov. 2 from the year-earlier period. Sales increased 5.4 percent to $20.52 billion.

“During the quarter we saw strong performance across all geographies led by growth in transactions and continued strength in the core of the store,” said Craig Menear, CEO and president, in a statement.

Analysts polled by Thomson Reuters had expected earnings of $20.47 bilion or $1.13 a share. The retail sector overall, excluding cars, reported 3.7 percent sales growth in October, with many like department stores struggling to maintain store traffic. Building material sales grew 5.1 percent over the same time period. Employment gains over the period fueled pent-up demand for home repairs and upgrades.

Although its full-year guidance remains unchanged, Home Depot warned that the cyber attack’s costs are not final. The company faces at least 44 civil lawsuits related to the breach, in which hackers stole details of about 56 million credit and debit cards and 53 million email addresses.

Storm clouds approach the US Capitol dome in Washington

U.S. House, Senate Democrats seek details from financial firms on data breaches

WASHINGTON (Reuters) – Leading Democrats in both houses of Congress sent letters on Tuesday to 16 major banks and other financial firms requesting detailed information about recent data breaches and briefings from corporate data security officials.

Among the companies targeted in letters sent by Senator Elizabeth Warren, a member of the Senate Banking Committee, and Representative Elijah Cummings, the top Democrat on the House Oversight and Government Reform Committee, were banks, investment firms and other financial service providers.

“The increasing number of cyber attacks and data breaches is unprecedented and poses a clear and present danger to our nation’s economic security,” Cummings and Warren wrote.

“Each successive cyber attack and data breach not only results in hefty costs and liabilities for businesses, but exposes consumers to identity theft and other fraud, as well as a host of other cyber crimes,” they added.

The lawmakers requested details of all data breaches experienced over the past year, the number of customers affected, any findings by forensic investigators, information about who is suspected to have carried out the attacks, and descriptions of new cyber-security measures the companies instituted after discovering data breaches.

In letters to two of the 16 companies, Citigroup and U.S. Bank, Cummings and Warren also requested information about how possible data breaches might have affected their handling of government purchase and charge cards under contracts with the General Services Administration, the government’s housekeeping agency.

Other institutions to whom the Democratic legislators are sending letters include ADP, Bank of America, Bank of NY Mellon, Bank of the West, Deutsche Bank, E-Trade, Fidelity, GE, Goldman Sachs, HSBC, Morgan Stanley, PNC, Regions and Wells Fargo.

(Reporting by Mark Hosenball; Editing by Peter Cooney)