by Constantine von Hoffman

Mannequins Keep an Eye on Shoppers Using Facial-Recognition Tech

Nov 30, 20124 mins

This week's IT security roundup has stories on a new type of mannequin that uses facial-recognition software to give retailers insight into customer behavior; a breach at Nationwide Insurance that exposed personal information on one million people; a police seizure of 132 Internet domains used to sell counterfeit goods; and more.

The walls may or may not have ears, but now some mannequins have eyes, and they’re spying on shoppers in stores.

Italian-company Almax SpA is selling the EyeSee, a mannequin equipped with facial-recognition technology, to help retailers determine what shoppers like and dislike in stores. A camera in one of the mannequin’s eyes sends data to facial-recognition software, which records the estimated age, gender and race of people in stores.

Five retailers, including Benneton, have used information from the $5,072 devices to adjust window displays, store layouts and promotions to maximize consumer interest. As Bloomberg reports, “a clothier introduced a children’s line after the dummy showed that kids made up more than half its mid-afternoon traffic, the company says. Another store found that a third of visitors using one of its doors after 4 p.m. were Asian, prompting it to place Chinese-speaking staff by that entrance.”

If these things can do all that, maybe “dummy” isn’t the best name for them?

Also in the news this week:

Online Service Offers Bank Robbers for Hire

(KrebsOnSecurity) — An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.

IAEA Server Breached, Scientists’ Email Addresses Spilled

(ThreatPost) — The International Atomic Energy Agency has confirmed to Reuters that one of its decommissioned servers had been accessed and had data stolen from it. The admission from the United Nations’ nuclear regulatory arm came in response to the publication of some 170 email addresses, apparently belonging to the same number of scientists, showed up in identical entries on Cryptome and the text sharing site Pastebin. The list of email addresses comes alongside a veiled threat to release more information from the compromised server if the IAEA doesn’t investigate nuclear weapons and other activities in Israel.

Personal Info of 1M Compromised in Nationwide Breach

(SCMagazine) — The FBI is investigating a breach at Nationwide Insurance, where hackers recently accessed the sensitive information of about one million people, including policy and non-policy holders.

Hardcoded Password Enables Remote Attacks on Samsung Printers

(ThreatPost) — Password woes apparently aren’t limited to endpoints. US-CERT issued an advisory Tuesday warning users of Samsung printers, including some Dell printers manufactured by Samsung, that a hardcoded password could enable remote code execution. “Samsung printers contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility,” the CERT advisory said.

US, European Agencies Seize 132 Domain Names for Selling Counterfeit Merchandise

(IDG News Service) —  U.S. and European agencies have seized 132 domain names that were allegedly used to sell counterfeit merchandise online. The operation on Monday was a joint effort by the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations, law enforcement agencies from Belgium, Denmark, France, Romania and the U.K., and the European Police Office.

LulzSec Hacker Faces 30 Years to Life

(CSO) — Jeremy Hammond is in really big trouble. Or, perhaps, the government is just trying to “scare the (expletive) out of him,” in the words of Kevin Mitnick, formerly known as the world’s “most-wanted hacker” and now a security consultant. Either way, a potential sentence of 30 years to life for alleged hacking crimes is probably enough to get the attention of most 27-year-olds. And that is what U.S. District Judge Loretta Preska told Hammond last week that he could face if he is convicted on all counts.

Romanian Hackers Busted with 500K Aussie Credit Cards

(NakedSecurity) — Approximately 200 Romanian cops raided 36 locations this week in an attempt to crack down on a criminal ring which  had allegedly made off with half a million Aussie credit card numbers, racking up charges averaging more than $1000 each on 30,000 of them. The police detained 16 people and ultimately arrested seven of them.