From Computerworld (Jaikumar Vijayan)
In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.
Starting Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor. Read the full story [Computerworld].
Browsing Category: Social Engineering
From Computerworld (Jaikumar Vijayan)
Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.
T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.
From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises. Read the full story [reuters.com]
From SC Magazine (Chuck Miller)
Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week. Read the full story [scmagazine.com]
By Don Leatham
One recent Friday afternoon I took time off to visit two new health providers: a new dentist (nearer my home) and an orthopedic (to look at my lateral epicondylitis). In both cases, as a new patient, I filled in page after page of medical history and personal information, including my Social Security Number. I did pause, but I have to admit I wrote it down both times (I’ve grown weary of the discussions/arguments that ensue if I don’t – I’ve even been denied service from a healthcare provider who felt my SSN was their only tool, should I decide not to pay).
In research to be presented at the IEEE Symposium on Security and Privacy [virginia.edu] this week, researchers from Microsoft and Carnegie Mellon University plan to show that the secret questions used to secure the password-reset functions of a variety of websites are woefully insecure.
In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study’s participants could guess the correct answers to the participant’s secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question. Read the full story [technologyreview.com]
From CNet (Elinor Mills)
Women are more affected by identity fraud then men are, according to a new survey that also found that it takes women longer to restore their identities but they also tend to change their behavior afterward.
In a survey of 808 U.S. households, half of which reported fraud, 28 percent of women said they had been victims of identity fraud compared with 21 percent for men. Read the full story [cnet.com]
Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a ten-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars.
CBS News is reporting word about another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access. Read the fully story [cbsnews.com]