November 16, 2009 • 12:49 am 0
An “Authentication Gap” was discovered in the latest version of SSL/TLS protocol.This could potentially be a huge problem. The gap is not due to some erroneous implementation, it is a property of the protocol.
Here is a list of links to websites where the issue is being followed:
Filed under: Authentication, Encryption, Hacking, InSecurity, SSL, Security, Technology, e-commerce, networks , Authentication, e-commerce, Encryption, Hacking, InSecurity, networks, Security, SSL
August 18, 2009 • 9:06 pm 0
It looks like Canadian laws are finally forcing Facebook to play nice with their users’ personal information.
read the whole article http://www.financialpost.com/news-sectors/technology/story.html?id=1902992
Filed under: InSecurity, Technology, in the News
August 7, 2009 • 3:36 am 1
Having all your personal information in one ID is not a very good idea, even if protected by a good encryption scheme. Having all your information in a card protected with a bad encryption scheme is definitely a bad idea.
That seems to be the case with the ID cards issued by the Home Office to foreign nationals working in the UK. As described in a news article, it looks that a cell phone fitted with an RFID scanner and a laptop is all the hardware you need to clone one of these cards and even change the information on it.
Embedded inside the card for foreigners is a microchip with the details of its bearer held in electronic form: name, date of birth, physical characteristics, fingerprints and so on, together with other information such as immigration status and whether the holder is entitled to State benefits.
This chip is the vital security measure that, so the Government believes, will make identity cards ‘unforgeable’.
But as I watch, Laurie picks up a mobile phone and, using just the handset and a laptop computer, electronically copies the ID card microchip and all its information in a matter of minutes.
He then creates a cloned card, and with a little help from another technology expert, he changes all the information the card contains – the physical details of the bearer, name, fingerprints and so on. And he doesn’t stop there.
These cards use the same technology as the ID card for British citizens unveiled last week by Alan Johnson, the Home Secretary. ID thieves must be anxiously waiting for the introduction of government ID cards, which will facilitate their daily jobs.
Filed under: Hacking, ID Theft, InSecurity, RFID, biometrics, in the News , ID Theft, in the News, InSecurity, RFID, Technology
July 8, 2009 • 4:29 am 0
The latest edition of Ouch! Newsletter issued an article on the risks of trusting too much personal information to social networks. The article include a list of tips to avoid getting in trouble, most of them an exercise in applying common sense.
ID theft is a constant threat as thing can get really serious out there. Alessandro Acquisti team of Carnegie-Mellon University conducted a study in which they were able to guess Social Security Numbers using information commonly available.
Acquisti and Ralph Gross report in Tuesday’s edition of Proceedings of the National Academy of Sciences that they were able to make the predictions using data available in public records as well as information such as birthdates cheerfully provided on social networks such as Facebook.
For people born after 1988 _ when the government began issuing numbers at birth _ the researchers were able to identify, in a single attempt, the first five Social Security digits for 44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer than 1,000 attempts
Social networking is here to stay and , if you do it, make sure to practice ‘safe networking’.
Update
Ditto:
…..
Social networks are exploding in popularity. Forty-three percent of the online community now uses social networking sites, including Facebook, MySpace and LinkedIn. This is up from 27 percent a year ago, reports The Conference Board and TNS.
…..
The top concerns of social networking members — expressed by about 50 percent — are viruses/malware, exposure of information to strangers and lack of privacy. Women tend to be moderately more concerned than men. Only 14 percent claim they have no concerns, compared to 22 percent of men.
From a recent Conference Board Report.
Filed under: ID Theft, InSecurity, in the News , ID Theft, in the News, InSecurity
April 10, 2009 • 3:22 am 1
After the Conficker April fool’s day scare fizzled, they try to scare us saying that utilities can be hacked through the internet …
Wait!, they already were hacked !
Filed under: InSecurity, Misc., in the News
March 12, 2009 • 5:31 pm 0
If you are already scared of ID thieves getting your financial information, prepare to panic about this:
Medical identity theft is a growing issue in North America and growing even larger in a recession where pinching pennies can mean pinching someone else’s identity to get access to health care services, prescription drugs, elective surgery and dental care.
“Stolen patient identities not only create a financial problem for the victim; the corruption of the individual’s medical history could prove lethal in a medical emergency,” says Darin Johnson, vice-president of marketing for HealthCare Insight, based in South Jordan, Utah.
Read the whole article here.
Also: A crime that does pay, Better safeguards in the cards
.
Filed under: ID Theft, InSecurity, biometrics, in the News , biometrics, ID Theft, in the News, InSecurity
March 11, 2009 • 4:46 pm 2
Highlights from reports on identity theft from the ITRC Breaches 2008 Summary
Reports of data breaches increased dramatically in 2008. The Identity Theft Resource Center’s 2008 breach report reached 656 reported breaches at the end of 2008, reflecting an increase of 47% over last year’s total of 446.
and
According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords.
Interesting…
Filed under: ID Theft, InSecurity , ID Theft, InSecurity
February 13, 2009 • 5:49 pm 0
Fittingly, the newspaper carry this two items for Friday 13th:
let’s call them Something you should know and something they have.
They are not exactly news for most people with a functional understanding of how the Internet and Governments work. However, it is always good to remind people that, unless you use an anonymity service, your ISP knows “what you did last summer” and that you can trust governments to be sloppy with information that the “the body snatchers” will find useful.
Filed under: ID Theft, InSecurity, in the News , ID Theft, in the News, InSecurity
January 3, 2009 • 6:08 pm 0
The USB ports can become a way into your computer for some hackers eager to steal your ID.
h/t Paul.
more about "The attack of the peripherals", posted with vodpod
Filed under: ID Theft, InSecurity, Technology, in the News , ID Theft, in the News, InSecurity
• 2:33 am 0
X.509 certificates signed by Certificate Authorities that use MD5 function are certainly going to disappear form the Internet as flaws on the MD5 were successfully exploited to generate a rogue certificate that would be considered as valid by all browsers.
The proof of concept was recently published by A. Sotirov et al. , although the basis for the hack has been know for a few years know. The researchers exploited collisions (two different strings that hash to the same value) in the MD5 and the fact that CAs use a sequential numbering of certificates upon issuance.
News that SSL is broken are exaggerated as many CA are already using SHA-1 (a stronger hash function) and the ones that were using MD5 are switching quickly after publication of the flaw.
See also:
Filed under: Authentication, Hash Functions, InSecurity, SSL, e-commerce , Authentication, Cryptography, e-commerce, InSecurity, SSL
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
ScienceDaily: Computer Security News Wired: Commentary
