NEWS
Images are a mnemonic tool
Source: xkcd.com
Military Dating Loses Its Steam
The "inactive" hacker group LulzSec has apparently returned in what some are calling an effort to restore confidence in the group after its leader, Sabu, helped the FBI identify and arrest former teammates. A military dating website was recently hacked by LulzSec...
If your password is mentioned here, change it!
Huffington Post brings us a video that comes as no surprise. The most used password is PASSWORD1, followed by Welcome. That's right, folks. If you only try those 2 passwords you'll be able to hack into 6% of user accounts out there - and that includes consumer and...
Zappos insight, direct from Twitter
Scanning Twitter for responses to the Zappos breach, we have a few favourites that are awfully telling: From @jjmartucci: I bet 99% of the stolen Zappos passwords were "shoes". // Fact: most passwords are frighteningly easy to guess. We bet that those passwords aren't...
Zappos breach: What not to do
Zappos has remained tight-lipped about the nature of their data breach this week. As many as 24 million consumer accounts may have been accessed through an attack on their server in Kentucky. That is as detailed as they're willing to go. Full credit card numbers were...
Windows’ Touch Screen Image Authentication
As mobile devices flood the market and consumers increase their browsing time on small screens with smaller keyboards, the alphanumeric password is seeming less and less user friendly. Windows, trying to appeal to the mobile savvy user, is initiating an authentication...
Safeguarding, as attacks evolve
These days it seems that while hackers evolve with trends in technology, the general computer user is no more identity savvy than he was before Facebook made identities a virtual open book. Data breaches, hacks, and attempted hacks are in the news regularly, and yet...
At $560M, losses from online crime nearly doubled in 2009
The Internet Crime Complaint Center (IC3) recently released their report on 2009 Internet crime statistics. As you can probably guess, there were more complaints, more losses, higher average loss per incident. IC3 is a federally funded non-profit, a joint operation...
1024-bit RSA encryption cracked by carefully starving CPU of electricity
Several researchers the University of Michigan have succeeded in cracking the RSA security technology which protects all ecommerce and online banking transactions. The university scientists found that they could deduce tiny pieces of a private key by injecting slight...
9 ways to make your enterprise secure
Small business or large, studies show that all companies are at risk of attack by hackers. Government agencies including the FBI have suggested using a separate computer for all transactions involving money or sensitive information, but from a business view, that...
First Direct serves up more than just no-fee banking
First Direct bank in the UK has been the first British bank to embrace Twitter. Does that really surprise anyone? As a 100% online bank, they've maintained a business pace a few clicks ahead of competitors in online services. But last weekend their clients and...
New attack reveals user identities
Browsing on the web just became a little more scary. A group of researchers found a way to deploy an attack that can “de-anonymize” the users behind the browser (research paper available in PDF format). Focusing on the users of social networking sites...
Phishing is Phutile!
I was in a conversation this week with someone else in the online security space and I happened to mention that I think Tricerion's Safe Login is pretty darn sweet. He was a proponent of a keyfob token that additionally used a USB chord and a card too. Yikes. That's...
Turning Green into Cash – Phishing for Carbon Emissions Permits
A world wide phishing attack on carbon emissions trading registries forced registries in nine countries to shut down, while in other countries trading was temporarily suspended. Fake registries (phishing sites) were set up by a group of criminals who then sent out...
Need a job? Cyberthieves are hiring!
Well, it might not be the best career move and it probably won't help you pad your resume, but hey - income is income, right? According to Reuters cyberthieves are hiring, and they're placing ads online. One site, for example, pays $180 (£112) for each 1,000 times...
Twitter’s been phished!
2 of my 3 Twitter accounts asked me to reset my password this morning when I signed in. It seems that a third party application may have compromised accounts, but stories abound about what really happened. What I can tell you is that I know enough about where to share...
Security, Perceived Security, and Economics
The good folks over at Credit Card Processing Gist posted an article yesterday naming the flaws of Verififed By Visa and MasterCard's Secure Code. Flawed technology and poor design meet good economics - telling us that price is the trump card when it comes to online...
3 reasons online banking is safer than paper
We read stories about phishing and data breaches and we get worried. Some of us start thinking that maybe we're better off (security-wise) with paper-based banking. Sending checks, receiving statements in the mail, paying bills the old fashioned way - manually with a...
More online users know about phishing, while number of victims is up by 600%
Two studies show that young people are more likely to be victims of online fraud. You’d think that since most of them have not experienced a world without Internet and email, they’d be more knowledgeable about phishing and other schemes. But the insurance group CPP...
Squeezing some browser sense from the Google-China phishing incident
A few days ago Google decided to shut down its operations in China after a spear phishing attack directed towards Chinese human rights activists, as well as attempts to steal some of Google’s intellectual property. It is presumed that the attackers sent...
CES 2010 – blending of technology and content
This year’s Consumer Electronics Show brought us some interesting trends and ideas. In his review of the show, Lance Ulanoff lists 9 things he’s learned there. In the last point in that post, he makes the observation that “the marriage of technology and content...