If you’re the type of person who already reflexively jiggles every card slot and looks for pinhole cameras whenever you go to swipe your card, despair. There is no 100% foolproof way to protect yourself, as proven by a pair of banditos who stole 3,600 card numbers after installing a credit card skimmer inside several gas pumps, reports the MountainView Voice. [More]
security
FTC Complaint: Dropbox Misinformed Users About Security
By 5.16.11
According to a Federal Trade Commission complaint lodged against online storage service Dropbox, users were told they had more security than they actually did. [More]
Sony Breach Could Flood Market With Millions Of Cheap Stolen Credit Cards
By 5.6.11
Some fun (no, not really) potential aftershocks of the Sony Playstation Network breach: The price of buying a stolen credit card number could drop from $5-$10 per to $1-$2 if the hackers flood the market with the 2.2 million credit cards they claim to have access to… [More]
Botnets Rebuild Forces After Rustock Raid
By 5.2.11
After the Feds and Microsoft in March chopped off the head of the hydra that was the 1-million strong “Rustock” botnet responsible for sending billions of spam, several heads have sprung in its place. PC World notes a Symantec report of a 24% jump in emails containing malicious links and attachments, possibly representing an attempt to regrow the forces of zombie controlled computers and fill the void left by Rustock. [More]
Why Are Financial Companies Forcing Us To Have Weak Passwords?
By 4.28.11
Your bank or credit card company is probably the last entity you would want forcing you to set an incredibly weak Web password. But it’s not just American Express that wants their customers to use really crappy, easily crackable passwords. Charlie recently discovered that Capital One and, to a lesser extent, Bank of America have limits on their customers’ passwords that force them to choose crappy ones. [More]
State Department Proposal Would Make It Tougher For Some To Get Passports
By 4.26.11
Quick — name off every address at which you’ve resided. Finished? Now let’s hear the addresses, phone numbers and names of supervisors at every job you’ve ever had. And when you’re finished with that, cough up your mom’s address at wherever she was living a year before you were born. [More]
Passwords: Why "This Is Fun" Is 10x Safer Than "J4fS!2"
By 4.21.11
We’re told that the strongest kinds of passwords are the ones like look like an alien tap-danced on your keyboard, but people have a hard time remembering them without writing them down (on a post-it sitting on the desk). But baekdal has written an intriguing post that shows how when defending against a cracker trying to break your password via brute force through a web form, not only is “this is fun” actually memorable and usable than “J4sF!2,” it’s 10 times harder to crack. [More]
White House Pushes Secure Online Identity System
By 4.18.11
In an effort to develop something of a uniform standard for identifying online users, the White House announced plans for the National Strategy for Trusted Identities in Cyberspace (NSTIC). Companies that opt in to guiding the program will aim to allow people to use a single secure verification mechanism to access a number of different services. For example, your ID could potentially allow you access to email, online shopping and social networking sites. [More]
Texas Data Breach Exposes 3.5 Million Addresses, SSNs
By 4.12.11
Everything’s bigger in Texas. Even data breaches. As many as 3.5 million residents of the state found their personal data has been set free in a gaffe by the state government. [More]
Cyber Criminals Rent Out Unsuspecting Owners' PCs
By 4.11.11
When nefarious types are in need of remote PCs to do their dirty work, they can turn to underground, invitation-only services that rent out computers owned by marks who aren’t aware their hardware is being prostituted. [More]
Federal Grand Jury Investigates App Makers Over Privacy Issues
By 4.5.11
Pandora and other app makers received subpoenas related to a criminal federal investigation in which prosecutors are looking into claims that smartphone apps violate users’ privacy by illegally collecting and transmitting info. [More]
Hackers Seize Control Of Xbox Cop's Site
By 4.4.11
Xbox Live rule enforcement comes with its risks. A Microsoft employee who serves as director of policy and enforcement for Xbox Live suffered an apparent attack from hackers who seized his personal site and Xbox Live account. [More]
Teen Arrested For Sending Out School Threat Via Xbox Live
By 2.11.11
Authorities arrested a Maryland teenager who is charged with making threats of a mass shooting at a high school. He’s accused of impersonating another student while sending a threatening message to more than 100 people via Xbox Live. [More]
Google Doubles Down On Gmail Security
By 2.11.11
Feeling a bit insecure, Google set up a moat, an attack dog and alarm system for Gmail. Well, sorta. It added an optional (for now) two-step verification process to sign in, decreasing the likelihood that a hacker will be able to take your account out on a joyride. [More]
Starbucks Recommends iPhone App Users Enable Password Lock
By 2.10.11
Reached for comment about concerns that people could steal your Starbucks Reward card by taking a screenshot of it as it appears on the iPhone app, a Starbucks spokesperson told Consumerist, “We definitely want our customers to have a good experience with mobile payment. We take security seriously.” They also recommended customers take additional safety measures and offered a solution for anyone who had their card stolen. [More]
Crooks Can Make You Pay For Their Starbucks With Simple Screengrab
By 2.10.11
Researchers have discovered a security flaw in the new Starbucks Rewards Card iPhone app that could let someone else rack up a bunch of free coffees on your dime. All someone has to do is take a picture of your barcode and then they can use it to buy all the delicious black swill they want, draining your account to the last drop. [More]
Change Your Old Amazon Password Now To Avoid This Cracking Risk
By 1.26.11
Some old Amazon account appear to have a flaw in their password protection scheme that makes them more vulnerable to a brute force cracking attempt. For affected accounts, if you haven’t changed your password in several years, and it’s over 8 characters long, it looks like all people have to do is enter the first 8 characters correctly and they’re in. Even if after the 8 characters they just type gobbledygook. [More]
All I Needed To Drain Her Checking Account Was Her Wallet — Good Thing I'm Her Husband
By 12.23.10
Marc has a problem with Bank of America’s security. He called the bank and, using alarmingly little information, was able to get access to his wife’s account. He’s worried a thief would have been able to do the same. [More]
