Browsing Category: Social Engineering

Public search engines mine private Facebook details

From DarkReading (Kelly Jackson Higgins)
Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information [darkreading.com] based on relationships among Facebook “friends,” according to new research.

Researchers from the U.K.’s University of Cambridge recently published a paper [PDF frm cam.ac.uk] detailing a project in which they developed a software tool to correlate and map Facebook profiles they found via public search engines, such as Google, to build detailed maps of relationships among Facebook members.  Read the full story [darkreading.com]

Read more...

Will Azure and Windows 7 solve the identity management mess?

From The New York Times, by Saul Hansell
Microsoft is at work on a couple of new technologies that may finally help enterprises unravel the giant ball of yarn that is user identity management. The head of the company’s server and tools business, Bob Muglia, said Microsoft’s Azure technology, as well as a tool called Direct Access in Windows 7, will give enterprises the help they need to make sense of identity management.

Read more...

Google search reveals 19,000 credit card details

Categories: Social Engineering

By Carrie-Ann Skinner, PC Advisor
 
The credit card details of 19,000 Brits that shopped online were freely available on Google, it has been revealed. Anyone using the search engine could have easily accessed not only the name and addresses of thousands [infoworld.com] of Visa, Mastercard and American Express card holders, but also the full card details too.
 
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.  Google confirmed the information has since been removed.

Read more...

Doing business with Heartland; Regaining the trust

By Andrew Storms
According to a this news article [computerworld.com] and a statement by Heartland [2008breach.com], competitors of the now PCI-delisted payment processor are using the breach as means to lure their customers.  Competitors are apparently suggesting that doing business with Heartland will result in fines from Visa.  That part is not true.  Visa has publicly stated that no fines will be levied against Heartland’s customers.   
However, would you continue to trust Heartland, its auditor and the PCI compliance standard to do their jobs in protecting your information?

Read more...

Apple patches iTunes password-stealing hole

Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player.
The company described the bug as a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user.  From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.

Read more...