Updated: 24.11.2002; 12:34:00 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Monday, July 23, 2001

S-not-SL (Re: SSL, RISKS-21.53,54)

I have found the following analogy useful, explaining to laypersons the "Security policy" most common on the Web:

"Imagine a restaurant that assigns armed guards to escort your credit-card to the cash-register and back, then tacks all the carbons to the employee-bulletin-board, right inside an un-locked back door"

Most of them get it immediately. [Mike Albaugh via risks-digest Volume 21, Issue 56]
0:00 # G!

Concerns for identity theft are often unheeded

Major financial institutions routinely give out confidential customer account information to callers, using security procedures that authorities say are vulnerable to abuse by fraud artists. Regulators and law enforcement officials warned three years ago that identity thieves and information brokers were tricking clerks into giving them access to individuals' financial information. [Source: Robert O'Harrow Jr., Washington Post Staff Writer, 23 Jul 2001; Page A01, http://www.washingtonpost.com/wp-dyn/articles/A27475-2001Jul20.html] [Monty Solomon via risks-digest Volume 21, Issue 54]
0:00 # G!

The risks of moving and identity theft

In January 2001, I moved to the UK to take up a position as a Senior Lecturer of Computing at the University of Sunderland in the UK. Today, I got the first bill for a credit card taken out fraudulently in my name back in the US. I was fairly careful about these things -- I suspect this is the tip of the iceberg.

The first step, of course, was to file fraud alerts with the three major credit bureaus. Trans Union was very helpful, and even indicated that the incident I already knew about was the only one on my recent record. Experian was not as helpful -- I had to provide an obsolete ZIP code to reach the point of actually filing the data they needed, but then they recorded my voice as I provided the rest. Equifax was hopeless. They couldn't handle (UK) rotary phones, and they required a US phone number for contact purposes. They also had problems reading my SSN, and they finally ejected me from the system, requesting a letter with about five pages of miscellaneous details, some of which (a pay stub with my SSN) are simply not available in the UK. I filed a complaint on that with the FTC. Next step is a letter to the credit-card issuer to follow up on my voice report. I suspect my notary will be busy.

Harry Erwin, University of Sunderland. Computational neuroscientist modeling bat bioacoustics and behavior. [Harry Erwin via risks-digest Volume 21, Issue 54]
0:00 # G!

"This e-mail doesn't contain any viruses"

I recently received e-mail from a stranger with the following note at the end:

> This message has been scanned for viruses with F-Secure Anti-Virus for > Microsoft Exchange and it has been found clean.

RISKS: Someone could actually take such a note for real and blindly trust it! There is no way to tell whether any scanning has been actually done. I might as well add a similar note to my .signature! Secondly, who would trust virus scanning done by the *sender* anyway?

Aaro Koskinen, aaro@iki.fi, http://www.iki.fi/aaro [Aaro J Koskinen via risks-digest Volume 21, Issue 54]
0:00 # G!


Maximillian Dornseif, 2002.
 
July 2001
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Jun   Aug
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.