Now Data Thieves Steal…Credit Reports? March 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, credit report, cybercrime, cybersecurity, identity theft, InfoSec, MSNBC, PCI DSS, privacy
2 comments
A great story on MSNBC outlines yet another method being used by data thieves to monetize private information. According to the story, data thieves are stealing credit reports and then reselling to identity thieves. The process works like this. A data thief steals credit reports from the credit reporting agencies. Depending upon the score (higher the better) the data thief then resells the report to an identity thief who uses the report to get credit in the user’s name. Because the credit report has so much information, it makes the process of assuming someone else identity very easy. Remember, full credit reports have social security number, banks, loans, mortgages and other information. Much of authentication being used today relies upon the additional personal questions such as: “which is a bank at which you have had an account?” Most of the sites hosting the stolen reports have an .su domain which was used for the Soviet Union. According to the report, the hackers brag about how easy it is to hack into certain sites such as: AnnualCreditReport.com or CreditReport.com. Depending upon the score on the report, each report can command as much as $80 (for higher scores) or have that amount for lower scores.
This adds yet another wrinkle for people to fear.
UPDATE “Just Say No!”- to Facebook Login Request for Employment March 23, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: cybersecurity, facebook, InfoSec & Privacy, mark consulting group, privacy, security
add a comment
UPDATE: Kudos to Facebook for weighing in on this subject. Facebook says that not only is the practice wrong, but it is a violation of Facebook’s terms of service. Echoing what I (and others) have said, logging into someone’s FB page could expose the employer to a lawsuit. “(W)e don’t think it’s right the thing to do,” she said. “But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.”
I find myself posting on this subject occasionally because a neighbor, friend or other person will inform me that during an interview or application they were asked to provide their Facebook or other ‘social media’ login. This topic seems to arise again, and again and was again highlighted on msnbc.com. So, for those who are asking or saying: “Chris, if you have nothing to worry about, then why do you care?” Valid question. Let me answer. First, if you are looking for a job, as a responsible professional person you should take care to not post inflammatory, racist, hateful or other items on your social media. If you are a proud member of a hate group, you may want to keep that info private. Pictures of you doing drugs, or being arrested in New Orleans is also probably a bad idea. (more…)
France’s PATROIT Act? – “Visit Website; Go to Jail” March 23, 2012
Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.Tags: al qeada, Chris Mark, france murders, mark consulting group, PATRIOT, privacy, Red Scare, security, terrorism
add a comment
In the aftermath of the murder of 7 people in France by a self-proclaimed Al Qaeda militant, France’s president Nicolas Sarkozy has proposed a sweeping law that would jail those who visit extremist websites. “Anyone who regularly consults Internet sites which promote terror or hatred or violence will be sentenced to prison,” he told a campaign rally in Strasbourg, in eastern France. “What is possible for pedophiles should be possible for trainee terrorists and their supporters, too”
The murders of 7 people in Toulouse were horrific. Among those killed were a Rabbi and several children at a Jewish school. The murderer, 23 year old Mohamad Merah, was killed by French police after a standoff. (more…)
“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, DARPA, InfoSec & Privacy, mark consulting group, privacy, security, the right to privacy, typing authentication, warren and brandeis
add a comment
Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence. It is not simply speed but includes cadence, time between particular keystrokes and other aspects. This week DARPA announced that they are working to make the solution a reality. Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person. I mark this up as “good in theory and terrifying in practice”. In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.” This is precisely where the issue comes to life. (more…)
“Goodnight Sweetheart, Its Time To Go…” Away from Gmail…over Privacy March 1, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, gmail, google, mark consulting group, privacy, security
add a comment
Starting today, Google will consolidate over 60 (that’s right…60) privacy policies into one, big, fluffy, wonderful new privacy policy. Unfortunately, some of the changes are less than appealing and are simply too much for me to live with. You can read more about the changes on CNN.com. According to Google: “We just want to use the information you already trust us with to make your experience better. “If you don’t think information sharing will improve your experience, you don’t need to sign in to use services like Search, Maps and YouTube. “If you are signed in, you can use our many privacy tools to do things like edit or turn off your search history, control the way Google tailors ads to your interests and browse the Web ‘incognito’ using Chrome.” My beef comes from the fact that they will be compiling a personal ‘dossier’ on every user. They crawl through Gmail to look for advertising opportunities etc. After watching J Edgar on Vudu a few days ago, I don’t want to end up with a personal file. (that was a joke by the way) In the event you decide to stay with Google, here is a guide published by the Electronic Frontier Foundation (EFF) that explains how to use the services while protecting your privacy to some degree. Form more privacy related information, please visit: www.DrHeatherMark.com.
Global Security, Privacy, & Risk Management 