Posts Tagged 'identity'

Keeping a tab on your tabs

Are you a multitasking short attention spanned surfer like me? Or perhaps like the masses of web surfers it might be a good idea to un-check that java script option in your browser. A new phishing tactic is relying on your absent mindedness to gain access to your precious accounts. The phishing site appears to be harmless until it attempts to run a time delayed java script. The script alters the appearance of one of your tabbed browser screens (ie. from your gmail account login page to a fake gmail login page). Thus when you return to that tab you wrongly assume it is safe to enter in your account information.

Crafty indeed. I hardly check URLs in tabbed screens when I return to them but I certainly will from now on. This attack can be used on any website you visit so be sure to keep tabs on your tabs.

Bill aims to cut down the spam

Perhaps some relief is in sight for your email inbox. Canadian Industry Minister Tony Clement has proposed two bills aimed at protecting web surfers from identity theft and spam. Unfortunately spam has just become a part of everyday life and for the most part attempts to reduce or eliminate it have been futile. It’s estimated that spam costs Canadians over $3 billion in network security and lost productivity costs. It’s certainly a step in the right direction. Now if we could only get other countries on board we could free up some bandwidth and make the Internet fast again.

Destroying data by destroying old hard drives

When I read this article I asked myself, “Is it worth it? Am I really willing to go to this length to destroy my old hard drives?” Of course not. Don’t get me wrong, identity theft is always in the back of my mind. I shred old credit card bills and any junk mail with my name and address on it, but when it comes to hard drives, I don’t think I’m willing to take a hammer to it. It got me thinking of ways to render a drive useless without going to that length. Here are a few ideas I came up with.

Drop the drive while it’s powered on. Do this a few times and it should do the trick. Do the physical damage without the trouble of a hammer or drill.

Remove the PCB. Now a trained data recovery engineer could still recover data, assuming the drive is an older model. With the proper equipment and know how you could reprogram the firmware on a matching pcb, configure it to work with your drive, and use some software to extract the data. However I’m guessing that most run-of-the-mill thieves are this technically capable. Most modern drives come programmed from the factory to work uniquely with each batch of hard drives. In order to do a straight swap and get it working the thief would have to have a hard drive from the same batch, same model, and of course the knowledge.

Format it … and do other stuff. A quick format, chkdsk, defrag might do the trick. As well a low level format or even software that zeroes out the data. Depending on the size of the drive it might take a while. Delete the partition, create a new partition with a different size, copy junk data to the drive, format it again. This just complicates a software recovery and even corrupts some of the data by overwriting portions of old data.

Do a system restore. This is just another way to over write data. You can play around with installing other operating systems as well. Linux, Ubuntu, OSX, Windows 98, go nuts.

Open the drive and scratch up the platters. Most modern drives will require a special torx (or star) tool to remove the screws. Essentially you can do the same by physically dropping the drive while it’s power on. The heads will come in contact with the platters while spinning at 5400 rpm (or 7200).

Is your laptop taking pics of you?

Being able to secretly watch women in various states of undress was the fantasy of many Porky’s fans (hell, it probably still is). But when it comes to doing so with modern technology instead of excitedly peering through a hole in the wall of the women’s shower, the stakes are higher as concerns about privacy and identity theft become more common. One such Peeping Tom learned that the hard way recently, after installing software on a woman’s computer that allowed him to use the camera on her machine to secretly take some 20,000 photos of her and her friends.

It all started when Marisel Garcia started having laptop problems while visiting friends in Gainesville, Florida, last month. Her friends recommended going to a student at the University of Florida who was known for his computer-fixing skills, 23-year-old Craig Matthew Feigin. She left the machine with him overnight and went on her way—until she noticed her computer having new issues several weeks later. In addition to reduced battery life, Garcia told the Gainesville Sun that her laptop’s light turned on every time she got near it—a light that many of us know signals that the built-in camera is in use. (link)

Identity theft still on the rise despite more awareness

Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC).

“There doesn’t seem to be any evidence that the laws actually reduce identity theft,” said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper’s authors.

Romanosky’s team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California’s SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month.

Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends. A lot of people complain, but it represents only a subsection of all identity theft cases. In 2006, for example, the FTC logged 246,035 identity theft complaints, while a Javelin Strategy survey estimated that there were 8.9 million ID theft victims that year. (link)

Woman uses RootsWeb to steal identities … of dead people

Authorities have unearthed a California woman’s plot to steal the identity of the recently deceased. She executed her alleged criminal undertaking by first employing Internet genealogy software to reap the Social Security numbers of dead individuals, and then using the numbers and other information collected on the Internet to convince credit card companies to change the mailing addresses associated with the accounts to the addresses of her rented mailboxes.

Tracy Kirkland and her cadre of fictitious aliases stand accused of mail fraud, fraudulent use of unauthorized access devices, aggravated identity theft, unauthorized possession of access devices, misuse of social security numbers, and exceeding authorized access to a protected computer to further a fraud. According to the indictment filing, the scheme began in 2005 and has since allowed Kirkland to accumulate over 100 accounts. (link)

Women more likely to give out personal info

According to Infosecurity Europe, 10% of men — but 45% of women — were willing to give personally identifiable information to a complete stranger when approached outside Liverpool Street Station in London.

But, wait, it gets worse: The fake researchers asking for the information were offering chocolate bars as an incentive to participate.

‘This year’s survey results were significantly better than previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar, this year it had dropped to just 21% so at last the message is getting through to be more infosecurity savvy. The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey; here the workers were very naïve with 61% revealing their date of birth.’ (link)

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express