The latest episode of PBS’s Exposé shows local new investigators uncovering three different chasms in airport security. At one airport, a graveyard shift security guard lets in employees and delivery guys without doing a security screening, how easy it is to walk up to a regional commercial jet, and a woman with a IED taped to her leg getting past the TSA. The full show is available for free online.
security
Security Firm Says Hackers Can Access Vonage Calls
By 10.26.07
It’s not a good week for Vonage. VoIP Security firm Sipera has announced that they’ve discovered a vulnerability in Vonage’s equipment that can allow hackers to take control of user accounts to intercept calls, make calls via the accounts, eavesdrop, or launch DoS attacks. Although most VoIP systems are about as secure as sending IM messages over a public wifi network (that is, not secure at all), Vonage has a couple of special problems with its Motorola adapters not authorizing requests, which leaves a special door open for bad people doing bad things. The problem also affects adapters from Grandstream and Globe7.
Spy On Your Kids With Hi-Tech Snoopware
By 10.24.07
They’re all less cost-effective than talking to your kids and listening to what’s going on, but we guess that’s too hard to package and sell that.
iPhone Security Is On Par With Windows 95
By 10.24.07
We owe Apple an apology, because it turns out they weren’t kidding when they said that opening the iPhone up to 3rd party software was just asking for trouble. That’s because the iPhone runs every single app as “root,” which is computerese for “more power than Steve Jobs.” It was this root access that made the Safari exploit possible back in July, and it can’t be fixed without a complete redesign of the firmware.
Tomato Juice Spill Causes Massive Delays At LaGuardia
By 10.22.07
Lines the length of city blocks filled New York’s LaGuardia airport Saturday morning after a careless worker spilled tomato juice onto one of the five x-ray machines in the American Airlines terminal. A TSA spokesman cast the tomato juice’s victory over the machines as a failure of science, saying: “That’s the risk you take when you deal with technology.” Passengers were understandably pissed.
When CBS 2 HD told one woman the reason for the delays, she asked if we were “kidding,” but it was no joke. The Transportation Safety Administration confirmed the spill knocked out one of the five units that screen thousands of passengers here each day.
TSA Fails To Find Bombs 60% Of The Time
By 10.19.07
According to a new report from the Transportation Security Administration, TSA agents failed to find fake bombs during security tests 60% of the time.
Senate On Verge Of Agreeing To Immunity For Wiretapping Phone Companies
By 10.18.07
Yesterday, the leaders of the Senate Intelligence Committee “reached a tentative agreement… with the Bush administration that would give telephone carriers legal immunity for any role they played in the National Security Agency’s domestic eavesdropping program.” The senators who have been reviewing classified documents related to the phone companies’ participation in the program are now saying that they believe the companies “acted in good faith” and “that they should not be punished through civil litigation for their roles.”
Bill Would Let Victims Of ID Theft Seek Restitution
By 10.17.07
Yesterday a bipartisan bill was introduced in the Senate that would “let victims of identity theft seek restitution for money and time they spent repairing their credit history,” as well as remove some existing barriers to prosecuting criminals.
Add Super-Protection To Your Logins With $5 Security Key
By 10.17.07
If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that’s tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn’t available anywhere online.
How To Spot Fake Craigslist And eBay Listings
By 10.12.07
Planning on doing some buying or selling online? Wired offers some tips on how to spot scammers when you’re on eBay or Craigslist.
6 Online Shopping Scams To Watch Out For
By 10.11.07
1. Missing Auction Goods – Auction fraud represents over a third of Internet scam complaints every year. Your safest bet is to pay with plastic so you gain the protections of the Fair Credit Billing Act. When plastic’s not an option, setting up an account through PayPal or BillPay that connects to your credit card is the next best bet.
eBay Hacked, User Accounts Disabled, No Personal Information Compromised
By 10.10.07
eBay has been hacked, says Ars Technica, and several members have had their accounts disabled. eBay’s Trust and Safety team issued a statement in which they said (adorably) that the hacker was “a known fraudster to us.”
Experian, Equifax, and TransUnion To Offer Credit Freezes
By 10.7.07
All three credit reporting agencies recently announced plans to let consumers freeze their credit files. Credit freezes provide security at the cost of convenience: access to credit reports and scores is prevented without the consumer’s express authorization, making it difficult to open new accounts or lines of credit. Freezes are considered one of the best, albeit drastic, ways to guard against identity theft.
GoDaddy Hushing Up Customer Credit Card Data Breach?
By 10.2.07
Did domain name registrar GoDaddy have a credit card security breach that they’re not telling anyone about? That’s what Reader Newcxns thinks. Two weeks ago, one of his Citi cards was replaced. One week later, another. The only thing Citi would tell him is that “a merchant” reported a possible data breach. No merchant has sent any data breach reports to Newcxns. In typical fashion, banks and vendors like to hide it when their security systems fail and compromise your account information.
Is Bank of America Lying About Website Security?
By 9.24.07
According to a demonstration by Chris Soghoian over at CNet, Bank of America’s “SiteKey” picture authentication feature can be spoofed by phishers and is, basically, worthless.
All Charges Dropped Against Circuit City Receipt Refuser
By 9.21.07
Legal charges have been dropped against Michael Righi (pictured), the guy arrested after refusing to show his receipt to Circuit City, and his driver’s license to a police officer, in exchange for Righi’s pledge to not sue the city. On his blog, Righi writes that he was willing to fight the city to the end without forfeiting any rights whatsoever, but he wanted to spare his family, who would have been principal witnesses, from a protracted legal battle.
By 9.20.07
../../../..//2007/09/20/on-monday-we-reported-that/
On Monday, we reported that TD Ameritrade knew since May 2007 about data breaches that resulted in thousands of its customers getting penny stock spam, but it turns out the breach could have happened as early as November 2005. [Network World]
