Browsing Category: Social Engineering

The Berkeley breach: Is SaaS the answer?

By Don Leatham

One recent Friday afternoon I took time off to visit two new health providers:  a new dentist (nearer my home) and an orthopedic (to look at my lateral epicondylitis).  In both cases, as a new patient, I filled in page after page of medical history and personal information, including my Social Security Number.   I did pause, but I have to admit I wrote it down both times (I’ve grown weary of the discussions/arguments that ensue if I don’t – I’ve even been denied service from a healthcare provider who felt my SSN was their only tool, should I decide not to pay).

Read more...

Research: Password ‘secret question’ woefully insecure

Categories: Social Engineering

In research to be presented at the IEEE Symposium on Security and Privacy [virginia.edu] this week, researchers from Microsoft and Carnegie Mellon University plan to show that the secret questions used to secure the password-reset functions of a variety of websites are woefully insecure.
In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study’s participants could guess the correct answers to the participant’s secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question.  Read the full story [technologyreview.com]

Read more...

Study: Women more affected by ID fraud

Categories: Social Engineering

From CNet (Elinor Mills)

Women are more affected by identity fraud then men are, according to a new survey that also found that it takes women longer to restore their identities but they also tend to change their behavior afterward.
In a survey of 808 U.S. households, half of which reported fraud, 28 percent of women said they had been victims of identity fraud compared with 21 percent for men. Read the full story [cnet.com]

Read more...

Botnet hijack: Researchers dissect Torpig malware operation

Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a ten-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars.

Read more...

USPS probes possible mass security breach

Categories: Social Engineering

CBS News is reporting word about another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access.  Read the fully story [cbsnews.com]

Read more...

Businesses losing fight against employee apps

Categories: Social Engineering

From Techworld (Maxwell Cooter)

Enterprises are struggling to control the use of consumer applications within the workplace, despite the panoply of security tools being used within corporates.

According to new research [paloaltonetworks.com], nearly half of all bandwidth within corporate environments is being consumed by personal applications such as YouTube, peer-to-peer filesharing and various other consumer applications. Peer-to-peer is a particularly frequent problem, and according to the research, an average of six P2P  applications were found in 92 percent of the organisations surveyed. Read the full story [cio.com]

Read more...

Frontline in phishing and online fraud still expanding

By George V. Hulme
As some consumers play a growing role in the fight against online fraud and phishing, others need more education on the problem. That’s the bottom line from a panel discussion that included risk managers from Bank of America, JP Morgan Chase, and PayPal.

Read more...

Job hunters must guard against identity theft

Categories: Social Engineering

From Orlando Sentinel (Richard Burnett)
With unemployment soaring, identity thieves are increasingly preying on unsuspecting job seekers by stealing personal information and trying to cash in on it.

The scams run the gamut from fake help-wanted ads and job-search services to bogus resume-posting Web sites, part of a new arsenal of weapons targeting millions of recently unemployed people.  Read the full story [sunsentinel.com]

Read more...

Ori Eisen on Credit Card Fraud and the Need for a New Internet

Dennis Fisher talks with Ori Eisen, founder of 41st Parameter, about the roots of online fraud, how the credit card companies and banks could have done better and whether we need to start from scratch with a new Internet.

Read more...