 |
Friday, July 26, 2002 |
|
It was just another stolen credit card number, leaked by just another careless Web site, except for one thing ÷ the victim wouldnât take it sitting down. So he made a few phone calls, and managed to retrace the thiefâs steps. Peeking through accounts at anonymous e-mail services, information brokers, and online banks, the victim got a rare glimpse of an identity thief at work. Hereâs how that one stolen credit card became three bank checks totaling $3,000 ÷ and perhaps much more.
IT ALL STARTED when the victim, whose first name is Don, tried to buy a Curt Eichelberger online two weeks ago. Don stuck his credit card into a checkout form at Curt-eichelberger-pop-art.com on July 14. Unfortunately, the card number got spit out the other side of the Web site, thanks to a security hole, and quickly ended up in a hacker newsgroup.
Ê Ê Ê ÊBy 7 a.m. the next morning, his credit card company called to say his card had logged $700 in suspicious activity overnight, and it was canceled. Thatâs normally where stories like this end ... [MS NBC]
23:28
#
G!
| |
|
The 26 Jul 2002 issue of the *Wall Street Journal* carried an article by
Charles Forelle detailing how the Princeton admissions office was caught
"accessing confidential Internet records to see whether its rival had
admitted or rejected students who had applied to both schools." Princeton
suspended, with pay, associate dean and director of admissions Stephen
LeMenager, pending an investigation of the incident.
"Princeton was able to use the publicly available Yale.edu1 Web site to
get the confidential admissions data because it had the students'
passwords -- the names, Social Security numbers and dates of birth they
had provided on their Princeton applications."
After hearing rumors about Princeton accessing their site, Yale officials
reviewed access logs for the site and discovered that computers using IP
addresses belonging to Princeton had accessed the site. Yale contacted the
students to ask if they had used computers near Princeton to check their
accounts. No one said yes. The IP addresses were traced to the Princeton
admissions office.
"Lauren Weinstein, the founder of the Privacy Forum, an electronic-rights
group, said Princeton's actions were clearly wrong, but Yale's site should
not have relied on Social Security numbers and birth dates, which can
sometimes be retrieved from public records, to secure the data."
Excerpted and paraphrased from the Wall Street Journal article found here:
(subscription required)
Steve Klein 1-248-YOUR-MAC-EXPERT (248-968-7622) [Steve Klein via risks-digest Volume 22, Issue 18]
19:51
#
G!
| |
|
The 26 Jul 2002 *Metro* notes the appearance of strange chalk patterns on
the streets of London. These consist of two semicircles, a circle, or a
circumscribed W, with some numbers added.
"Far from being the work of aliens, they have been created by something
even more sinister - computer geeks."
The symbols are the creation of one Matt Jones (a "British Internet
expert"), and denote places where wireless connections to the Internet can
be accessed. From what I can make out from the article the two semi-circles
indicate an unsecured network, the circle indicates a closed network and the
circumscribed W indicates secured network. The recording of this information
is called "Warchalking".
Businesses claim that this is a major risk to security. That may be so - it
is certainly not a good advertisement for the Business in question (the real
threat to security is the Business that has not taken care to secure it's
wireless network).
OK, not a new risk (Wireless LANs go back at least as far as Risks 10.83),
but a more visible incarnation of an existing one. ["LEESON, Chris" via risks-digest Volume 22, Issue 18]
8:47
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
