Browsing Category: Social Engineering

Apple Needs to Get Serious About iPhone Security

By Andrew Storms
Two years ago I took some hard hits from my peers for calling the iPhone “a security nightmare.” Two years later, I can’t find a single person who doesn’t agree that the iPhone is the number one mobile target of security researchers.Fast forward to today: Is the iPhone still a security nightmare or have those problems been relegated to annoyance status?

Read more...

iPhone 3GS Offers Enterprise-Class Security for Everyone

Categories: Social Engineering

From TidBITS (Rich Mogull)

The original iPhone was widely criticized by security professionals for lacking essential security features for the enterprise, the large corporate networks that have special needs because of huge numbers of users and the massive back-end operations to support those users.
The original iPhone was hard to lock down, had only limited secure connectivity options, and lacked both data protection and some way to destroy data remotely if you lost the phone. Those capabilities have continued to improve with every iPhone software release and, combined with the hardware improvements in the iPhone 3GS, even regular users can now enjoy security equivalent to that provided by most corporate environments. Read the full story [tidbits.com]

Read more...

Password Strength and Keeping Online Accounts Safe

From Google Online Security Blog (Macduff Hughes)
There’s been some discussion today about the security of online accounts, so we wanted to share our perspective. These are topics that we take very seriously because we know how important they are to our users. We run our own business on Google Apps, and we’re highly invested in providing a high level of security in our products. While we can’t discuss individual user or customer cases, we thought we’d try to clear up any confusion by taking some time to explain how account recovery works with various types of Google accounts and by revisiting some tips on how users can help keep their account data secure. Read the full story [Google Online Security Blog].

Read more...

IBM Shows Off Way to Hide Confidential Data Online

From Network World (Michael Cooney)
Researchers at IBM have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.
According to IBM the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data. Read the full story [Network World].

Read more...

MasterCard to Require On-Site Audits for Small Shops

Categories: Social Engineering

From Computerworld (Jaikumar Vijayan)
In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.
Starting Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor. Read the full story [Computerworld].

Read more...

Cormac Herley on the Underground Economy, IRC Economics and the Externalities of Cybercrime

Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.

Read more...

T-Mobile data on Full Disclosure is real

T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.

Read more...

Experts warn mobile phones face hacking threat

From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises.  Read the full story [reuters.com]

Read more...

Identity theft ring busted in New York

Categories: Social Engineering

From SC Magazine (Chuck Miller)
Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week. Read the full story [scmagazine.com]

Read more...