Google Trouble?

Why are you doing this? 

Google has repeatedly shown a “disappointing disregard” for safeguarding private information about its users

Company pays ‘lip service to privacy,’ Canada says

Privacy police take aim at social media giants


Open letter to Mr. Phisher

I received a very amusing e-mail today:

It is with profound sense of sadness i wrote this email to you. I don’t know how you will find this but you just have to forgive me for not telling you before leaving. I traveled down to United Kingdom Yesterday for a short vacation but unfortunately,i was mugged at a gun point on my way to the hotel i lodged all my money and all other vital documents including my credit card and my cell phone have been stolen by muggers.
I’ve been to the embassy and the Police here but they’re not helping issues at all,Things are difficult here and i don’t know what to do at the moment that why i email to ask if you can lend me £1,500.00 so i can settle the hotel bill and get a returning ticket back home. Please do me this great help and i promise to refund the money as soon as i get back home.
I look forward to your positive response.

This coming supposedly coming from the Gmail of a fellow engineer that happens to live in my town and is at 2 degrees of separation from me in the LinkedIn network.

Sorry, Mr. Phisher, I don’t know the guy enough to send the funds, my bad for not being more proactive in extending my network, he was just a step away! (if he really is the one who set the account with his name). It will help your cause if you read the newspapers, for the last few days there have been no flights to or from London, you know, the volcano thing.

I heard stories of people getting similar e-mails from people they know, some of the stories may be more verisimilar even. The would be phishers make good use of the information that can be gathered from social networks to craft these targeted e-mails.


Google problems may have bigger problems than people creating accounts to send phishing e-mails.


Your tax Pounds at work – UK government to make ID thieves lives easier

Having all your personal information in one ID is not a very good idea, even if protected by a good encryption scheme. Having all your information in a card protected with a bad encryption scheme is definitely a bad idea.

That seems to be the case with the ID cards issued by the Home Office to foreign nationals working in the UK. As described in a news article, it looks that a cell phone fitted with an RFID scanner and a laptop is all the hardware you need to clone one of these cards and even change the information on it.

Embedded inside the card for foreigners is a microchip with the details of its bearer held in electronic form: name, date of birth, physical characteristics, fingerprints and so on, together with other information such as immigration status and whether the holder is entitled to State benefits.

This chip is the vital security measure that, so the Government believes, will make identity cards ‘unforgeable’.

But as I watch, Laurie picks up a mobile phone and, using just the handset and a laptop computer, electronically copies the ID card microchip and all its information in a matter of minutes.

He then creates a cloned card, and with a little help from another technology expert, he changes all the information the card contains – the physical details of the bearer, name, fingerprints and so on. And he doesn’t stop there.

[Read the whole Mail-Online article]

These cards use the same technology as the ID card for British citizens unveiled last week by Alan Johnson, the Home Secretary. ID thieves must be anxiously waiting for the introduction of government ID cards, which will facilitate their daily jobs.  


Social Networks and Social Security Numbers

The latest edition of Ouch! Newsletter issued an article on the risks of trusting too much personal information to social networks.  The article include a list of tips to avoid getting in trouble, most of them an exercise in applying common sense.

ID theft is a constant threat as thing can get really serious out there. Alessandro Acquisti team of Carnegie-Mellon University conducted a study in which they were able to guess Social Security Numbers using information commonly available.

Acquisti and Ralph Gross report in Tuesday’s edition of Proceedings of the National Academy of Sciences that they were able to make the predictions using data available in public records as well as information such as birthdates cheerfully provided on social networks such as Facebook.

For people born after 1988 _ when the government began issuing numbers at birth _ the researchers were able to identify, in a single attempt, the first five Social Security digits for 44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer than 1,000 attempts

Social networking is here to stay and , if you do it, make sure to practice ‘safe networking’.



Social networks are exploding in popularity. Forty-three percent of the online community now uses social networking sites, including Facebook, MySpace and LinkedIn. This is up from 27 percent a year ago, reports The Conference Board and TNS.


The top concerns of social networking members — expressed by about 50 percent — are viruses/malware, exposure of information to strangers and lack of privacy. Women tend to be moderately more concerned than men. Only 14 percent claim they have no concerns, compared to 22 percent of men.

From a recent Conference Board Report.

Medical Identity Theft

If you are already scared of ID thieves getting your financial information,  prepare to panic about this:

Medical identity theft is a growing issue in North America and growing even larger in a recession where pinching pennies can mean pinching someone else’s identity to get access to health care services, prescription drugs, elective surgery and dental care.

“Stolen patient identities not only create a financial problem for the victim; the corruption of the individual’s medical history could prove lethal in a medical emergency,” says Darin Johnson, vice-president of marketing for HealthCare Insight, based in South Jordan, Utah.

Read the whole article here.

Also: A crime that does pay, Better safeguards in the cards Tags: ,,


Identity theft report 2008

Highlights from reports on identity theft from the ITRC Breaches 2008 Summary 

Reports of data breaches increased dramatically in 2008. The Identity Theft Resource Center’s 2008 breach report reached 656 reported breaches at the end of 2008, reflecting an increase of 47% over last year’s total of 446.


According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords.

Interesting… Tags: ,,

Un-Happy Friday the 13th.

Fittingly, the newspaper carry this two items for Friday 13th:

let’s call them Something you should know and something they have.

They are not exactly news for most people with a functional understanding of how the Internet and Governments work. However, it is always good to remind people that, unless you use an anonymity service, your ISP knows “what you did last summer” and that you can trust governments to be sloppy with information that the “the body snatchers” will find useful. Tags: ,,,

The attack of the peripherals

The USB ports can become a way into your computer for some hackers eager to steal your ID.

h/t Paul.

Vodpod videos no longer available.

more about "The attack of the peripherals", posted with vodpod Tags: ,,

The Dark Face of Facebook

The popularity of networking sites such as facebook (and others of the same kind) is certainly a magnet for people with not-so-kind intentions. For starters, the place can be considered as a gold mine of personal information and ID thieves would love to work overtime to put their stakes on the ground, like in any good old day’s gold-rush.
I do not necessarily oppose the idea of networking sites, moreover I think they can provide a lot of value for most users. However I was intrigued by a comment my wife made about being able to look at pictures of somebody that is not in her list of friends. It looks like the security settings used by most people will allow a friend of a friend to look at your pictures or profile by just sharing a collection of pictures.
I setup my own account to see first hand how it works. I went through the security setups and found the BIG problem with the security in facebook. That is, by default, facebook leaves everything open, you are supposed to go and explicitly forbade the system to share information about you with third parties. This goes against the common-sense approach in security, that is, forbade sharing by default and let the user explicitly share (in an item by item fashion). Although this approach has the disadvantage of being annoying to most people, there is the only way to make sure you don’t end up sharing your dearest secrets with a stranger or maybe even an enemy.
A little bit of Googling around turn out a lot of references of bad thing that can happen: for example, many applications ask you permission to override certain security settings and it looks like the system allow third party companies to write applications. I do not know the process that facebook uses to vet these applications. I will not comment on that.
Below, a scary short video form the BBC, facebook’s answer to it and a bunch of links to keep you aware of the issues.

Here is the answer form facebook

Related and highly recommended
Safety Tips
The danger of facebook identity theft
facebook ignores huge security hole for four months
3 ways to protect yourself from social networking malware
For a Change Spammers get Whacked
The perils of sharing

Are you Afraid of ID Theft?

At the end of 2006 the Ponemon Institute, reporting on public perception on the risk of becoming a victim of ID theft, published the following chart:

Click for full image

Click for full image

There is obviously a lot of public awareness of the problem an it has been steadily gowing over time.

The governments of Canada and the US setup resource on the internet to help their citizens to become victims and to help victims to recover control over ID.

There are private companies that offer insurance against ID theft and help in the recovery effort but some have expressed its doubts about the whole idea.