Thursday, March 18, 2004

Private Information Stolen from Providence, Utah, Office Computers Here is an interesting incident. Hard drives and processors taken out of a set of computers at a tax accountant's office. They lost information on 2,000 personal clients. 11:43:17 PM    comment [] Credit agency reports security breach More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency. Some choice quotes: "According to reports, access was gained to the personal, detailed credit files of more than 1,400 people. The files contained social insurance numbers, bank account numbers, credit histories, home addresses and job descriptions." Ouch. This is serious identity fraud, not the old 'you stole my credit card' no liability problem that typically comes up. "The company has activated alert messages reading "lost or stolen identification" on the credit file of each affected consumer, which Equifax said would "prompt potential creditors to carefully confirm the consumer's identity and will help protect the consumer from potential identity theft." They seem to have forgotten the part about "refusing to accept credit." I am not certain, but I thought this type of watch has a seven-year lifetime. Some other assertions in this article that don't necessarily add up. 11:25:54 PM    comment [] If a tree falls in the woods If you get compromised and never notice any impact, did you get compromised? 11:20:01 PM    comment [] Matchstick Men The opening scene to Matchstick Men (Nicolas Cage, Sam Rockwell so far) goes through an elaborate con where they sell a $49.95 retail water filtration system for $395 to a woman with the promise of winning a trip to Paris... then the con men get in the car and go visit another woman who they had presumably conned previously and pose as FBI agents. In order to "trace the money" they claim, the duped couple need them to sign a form for the bank and provide their account number. In this scene, the husband plays a key role since he has the opportunity to demonstrate to his wife how dumb she was (know any husbands like that? I do). The double-dupe. Anyway, this is a "second order" con and this same technique is becoming common in computers. It is extremely powerful and security professionals should take notice - IT departments, customer service departments, and others should evaluate their own procedures to determine how easily they could be spoofed and used for malicious purposes. Oh, and it's a good movie, too. 11:16:03 PM    comment []

© Copyright 2004 Pete Lindstrom. Last update: 5/28/2004; 4:59:30 PM. This theme is based on the SoundWaves (blue) Manila theme.

Start-up takes a crack at blocking hackers

Securing XML

Security tool more harmful than helpful?

Firms Dig for Rivals' Software Flaws

Security product flaws attract attackers

T-Mobile Woes

Security Appliance Form Factors

Howard Stern's Website

Private Information Stolen from Providence, Utah, Office Computers

Credit agency reports security breach

If a tree falls in the woods

Matchstick Men

A Method for Protecting against E-voting Fraud

Guess What I am not Buying?

Thanks for Ruining my Sunday

Don't Rain on my Parade

Urban Legends in Security: Vulnerability to Exploit Period

Surviving the Insider Threat

Slammed by the Wall Street Journal

Email Notice: Politeness Earns Points

Plaxo, Orkut, LinkedIn and Email Invitations in General

Anti Anti-Spam: Email Backlash

False Positives: No Mistake

Ignorance vs. Negligence

A Patch in Time

The Cost of Prevention

A Bit of Pandering?

Spire Security MadLib