What good would RFID passports be anyway if they don't work on security of issuance first? This article says that a suspected 10,000 passports were issued based on fake applications. That means that they have fully functional, non-cloned, non-hacked passports.
Tags: Passport
Though this is the first I've heard of it, a simple hack for any Windows machine since 2000 is to replace the executable file that run when you hit Shift 5 times (called sticky-keys). Since this can be run from the logon screen, as long as a hacker can gain root access to a machine once (say they're a legit user on a multi-user machine), they can use this to bypass logon.
Tags: Microsoft, Windows Vista
This is very interesting. Apparently it gets hundreds of miles per tank and runs on air. Because it doesn't use combustion, the oil needs only be replaced once every 15,000 miles and the exhaust can be used for air conditioning. Most importantly,
Microcontrollers are used in every device in the car, so one tiny radio transmitter sends instructions to the lights, indicators etc
There are no keys – just an access card which can be read by the car from your pocket.Why would they ruin a revolutionary car like this with such a stupid use of wireless devices? How will they keep them from getting stolen? How will they keep people from sending them rogue signals that mess up their operation?
Tags: Auto Tech, Pollution, RFID
Using some simple deduction, a security consultant discovered how to clone a passport as it's being mailed to its recipient, without ever opening the package.
Tags: Passports, RFID, Security Theater
Schneier writes about a recent attack against home routers that takes advantage of the fact that most people never change the default passwords on their equipment.
One of his commenters said it best:
It has long been standard security practice that when logging in to a new system with a default password, the first required step is to have the user create a new password. If routers did this and refused to function until a customized password was set, none of these problems would occur.
Or more simply put, it's a problem that would never exist and would disappear tomorrow if router manufacturers would bother to make a simple and practically free programming change before shipping them out.
Tags: Bad Design, NegligenceCome home to a robbed house, but they didn't break in? Your insurance company may give you grief if you don't know about this trick for opening any door with no traces.
Here's a video that explains how to "bump" locks, or to make a simple modification to your front door key to open any lock by that manufacturer. This would be classified as "What the hell?" as in, the manufacturers know about this problem, but aren't doing anything about it. Thankfully, videos like this may force them to make some quick changes as criminals learn this ridiculously easy technique and use it.
Tags: Bump Keys, Locks
So today my wife received a letter from our bank saying that her card was included in the data breach. They were very pleasant and helpful (as credit unions tend to be), but one thing caught my attention:
If at any time you suspect you may be a victim of fraud or identity theft, you may place a fraud alert on your credit file with one of the three major credit-reporting [companies]. A fraud alert will require any company or creditor to contact you to authorize any new accounts or loans.For the record, fraud alerts are required, but can be ignored. The problem is that it's the issuing company's responsibility to check for the fraud alert and act accordingly. Since it hurts their business to do so, it's far more likely that they will "miss" the flag (especially when they're on commission). That means that it may help and it may not.
Tags: Data Breaches, Fraud Alerts, ID Theft, Security Theater, TJ Maxx
According to the Washington Post, IE was unsafe for more days out of the year than not in 2006.
For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.Well dang. It's no wonder every computer expert I know says to use Mozilla or any non-IE browser.
Tags: Internet Explorer, Microsoft
In a not so surprising story, some large chain stores have been hacked and had their databases of customer information stolen creating a risk for their customers.
The end result is that consumers are often left completely in the dark when data breaches occur, wondering if they dodged a bullet, or if the inconvenience and frustration of fraud is simply waiting to hit them at a later date.I hate these stories. If they didn't store so much data in the first place, this wouldn't even be a problem.
Tags: Data Breaches, Marshalls, TJ Maxx, TJX
From the FTC website:
Notice for public comment: The Federal Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by Federal Trade Commission Chairman Deborah Platt Majoras, is seeking public comment on ways to improve the effectiveness and efficiency of federal government efforts to reduce identity theft.What could I tell them about? Hmm… Let's see… Oh! How about how easy it would be to reduce ID Theft with a good Credit Security Freeze law? How about how we desperately need strong, swift protection against data mining and sharing companies?
It's fairly simple really. First we need better control of our data and second, we need to limit what can be done with the data once it's been breached.
The e-mail address to write to is hidden in a document, so here it is "Taskforcecomments AT idtheft.gov" (@ replaced to prevent bot Spam). Be sure the subject is "Identity Theft Task Force" and that you include contact information. They prefer that the substance of your comments be in WordPerfect, MS Word or PDF format as an attachment.
Tags: FTC, FTC Task Force, Identity TheftIf you want to learn more about my professional background, click here to learn more.
Check out one of my guides/tutorials:
| If you like to keep your money and safe yourself the trouble and hassle of getting nailed by a bad or fraudulent retailer online, you need to learn to identify them before it's too late. |
| Before you buy anything, utilize the vast power of the Internet to research products and pick the best one possible. |
| You're about to pay for something, but what's the safest way to do it? |
| Once you've gone through the trouble to make an online account with a company, make sure you protect your passwords properly |
... or check out any of my other guides and tutorials by clicking here!
| Copyright © by Jeremy Duffy All rights reserved. | About Me and This Site | Blog | Contact | Policies | My LinkedIn | My Youtube Channel |
It can be hard to know who to trust and who to not trust online, but there are things you can do to verify who the good guys and bad guys are before it's too late.
[Click for full description]One of the best things about shopping online is the ability to research information online.
[Click for full description]Ever been nervous about paying online for something. Just take a second to learn about the various options and put your mind at ease.
[Click for full description]
