Dennis Fisher talks with Ori Eisen, founder of 41st Parameter, about the roots of online fraud, how the credit card companies and banks could have done better and whether we need to start from scratch with a new Internet.
Browsing Category: Social Engineering
From DarkReading (Kelly Jackson Higgins)
Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information [darkreading.com] based on relationships among Facebook “friends,” according to new research.
Researchers from the U.K.’s University of Cambridge recently published a paper [PDF frm cam.ac.uk] detailing a project in which they developed a software tool to correlate and map Facebook profiles they found via public search engines, such as Google, to build detailed maps of relationships among Facebook members. Read the full story [darkreading.com]
From The New York Times, by Saul Hansell
Microsoft is at work on a couple of new technologies that may finally help enterprises unravel the giant ball of yarn that is user identity management. The head of the company’s server and tools business, Bob Muglia, said Microsoft’s Azure technology, as well as a tool called Direct Access in Windows 7, will give enterprises the help they need to make sense of identity management.
By Carrie-Ann Skinner, PC Advisor
The credit card details of 19,000 Brits that shopped online were freely available on Google, it has been revealed. Anyone using the search engine could have easily accessed not only the name and addresses of thousands [infoworld.com] of Visa, Mastercard and American Express card holders, but also the full card details too.
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online. Google confirmed the information has since been removed.
VoIP phones have taken off in both the enterprise and the consumer markets, thanks to their ease of deployment and low operating costs. But, as this video from Enablesecurity shows, there are a number of security risks that have yet to be addressed.
By Andrew Storms
According to a this news article [computerworld.com] and a statement by Heartland [2008breach.com], competitors of the now PCI-delisted payment processor are using the breach as means to lure their customers. Competitors are apparently suggesting that doing business with Heartland will result in fines from Visa. That part is not true. Visa has publicly stated that no fines will be levied against Heartland’s customers.
However, would you continue to trust Heartland, its auditor and the PCI compliance standard to do their jobs in protecting your information?
By Bob McMillan, ComputerWorld
Diebold has released a security fix for its Opteva automated teller machines after cybercriminals apparently broke into the systems at one or more businesses in Russia and installed malicious software.
User names and passwords belonging to more than 8,000 Comcast Internet customers were left exposed on the Web for at least two months. A post by Brad Stone on the Bits blog [NYTimes.com] details the situation, which was exposed by a Comcast customer from Pennsylvania.
Sir Tim Berners-Lee, the creator of the worldwide web, has revealed how he fell victim to online fraudsters while trying to buy a gift over the internet.
Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player.
The company described the bug as a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.