By Dmitry Bestuzhev
The credit crunch means we’re all increasingly aware of bank charges, interest rates, and how we can save a few extra pennies. Financial advisors have written pages on how transferring an existing credit card balance to another card issuer could save you money, and most people are shopping around for the best offers.
Of course, the APR and other rates don’t worry cybercriminals. All they want to do is get their hands on credit card numbers and then use them or sell them on. Who cares if the card owner gets stung with additional charges? Read the full story [Viruslist].
Browsing Category: Social Engineering
By Dmitry Bestuzhev
A huge number of Web sites are employing a little-known tracking mechanism to gather information on visitors and are failing to disclose the practice in their privacy policies, according to a new paper from a group of university researchers. The technique employs cookies generated by the Adobe Flash software and the cookies often have the same value as HTTP cookies, the researchers report.
Dennis Fisher talks with Microsoft’s Adam Shostack about the Privacy Enhancing Technologies Symposium, the definition of privacy in today’s world and the role of technology in helping to enhance and protect that privacy.
From IDG News Service (Juan Carlos Perez)
Members of the eBay Developers Program must change their account passwords because the e-commerce company recently discovered a way in which account information could be accessed by malicious hackers.
This requirement comes “out of an abundance of caution” on the part of eBay, which hasn’t detected any suspicious activity in developer accounts, the company said Monday evening. Read the full story [cio.com] See the eBay warning [ebay.com]
Two of the largest U.S. banks — Bank of America and Citigroup — have issued new credit and debit cards to Massachusetts customers after running into data-safety concerns.
Bank of America and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account numbers may have been compromised. Read the full story [bizjournals.com]
[img_assist|nid=8327|title=|desc=|link=none|align=right|width=100|height=100]Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip.
The cryptographic underpinnings of the Internet are beginning to show some serious wear, and the outlook for better days ahead is not particularly rosy. In just the last week there has been news of major new attacks on perhaps the two most widely used encryption technologies: SSL and AES. We’ve heard talk of cracks in both protocols before, but this time, even the most conservative observers are worried.
By Andrew Storms
Two years ago I took some hard hits from my peers for calling the iPhone “a security nightmare.” Two years later, I can’t find a single person who doesn’t agree that the iPhone is the number one mobile target of security researchers.Fast forward to today: Is the iPhone still a security nightmare or have those problems been relegated to annoyance status?
From TidBITS (Rich Mogull)
The original iPhone was widely criticized by security professionals for lacking essential security features for the enterprise, the large corporate networks that have special needs because of huge numbers of users and the massive back-end operations to support those users.
The original iPhone was hard to lock down, had only limited secure connectivity options, and lacked both data protection and some way to destroy data remotely if you lost the phone. Those capabilities have continued to improve with every iPhone software release and, combined with the hardware improvements in the iPhone 3GS, even regular users can now enjoy security equivalent to that provided by most corporate environments. Read the full story [tidbits.com]
Kun Liu from IBM Research discusses the potential for developing privacy-aware social networking applications through the measurement and monitoring of privacy risks.