SECURITY: Why not require photo id?

Monday, May 11, 2015

http://www.unionleader.com/article/20150506/NEWS03/150509580&source=RSS

Woman advocates vigilance after thieves took wallet and spent $20,507 in 2 hours
By CASSIDY SWANSON
Union Leader Correspondent

*** begin quote ***

BEDFORD — After having her wallet stolen out of her shopping cart at the Bedford Mall and more than $20,000 charged to her credit cards, a Manchester woman is cautioning women and seniors to be more vigilant about their belongings while out shopping.

*** and ***

“Why isn’t it mandatory to ask for an ID? You know, we’re talking 15 seconds here,” she said.

*** and ***

Fellbaum said at Best Buy, the thieves tried to use Fellbaum’s Chase Visa card for the two transactions. It was declined, so the store allowed them to use her Bank of America card.

The thieves also paid in two transactions at the Apple Store.

The Bank of America card was denied at the Apple Store, and that store allowed the thieves to use Fellbaum’s Citizens Bank card. On the second transaction, the thieves used her Sam’s Club MasterCard.

At Finish Line, Fellbaum’s Bank of America card was declined, but the store allowed the thieves to use her Citizens MasterCard.

“Nobody asked for ID,” she said. Fellbaum also said she was told by a manager at Best Buy that credit card companies prohibit the store from asking customers for identification when paying with a card.

“I don’t believe that’s true,” she said.

*** end quote ***

It would seem that this type of crime would immediately be reduce by requiring photo id.

Need it to get on a plane.

So why not to vote or to charge?

And, I’m sorry, after a decline, why not take some extra precautions.

Multiple declines?

Argh!

“Photo id required” goes on all my cards!

# – # – # – # – # 

3 Comments | SECURITY | Tagged: , | Permalink
Posted by reinkefj

SECURITY: Unauthorized iPad and iPhone

Wednesday, March 18, 2015

http://www.judicialwatch.org/blog/2015/03/state-dept-source-hillary-likely-used-unauthorized-ipad-iphone-as-sec-of-state/

State Dept. Source: Hillary Likely Used Unauthorized iPad, iPhone as Sec. of State
MARCH 10, 2015

*** begin quote ***

Clinton’s persistent efforts to persuade the State Department’s technology security experts to approve the use of her favorite Apple devices led those in the division to conclude that she did in fact go through with it. “My guess is she did it and wanted approval after the fact,” JW’s source said. “But no waivers were ever issued.” JW reached out to the State Department for a comment on this latest potential scandal surrounding its former leader, but failed to get a response.

*** end quote ***

For the “little people”, you do this and you get fired.

For the “big people”, “what difference does it make?”

Argh!

# – # – # – # – # 

 

Lead Independent Director of Tiptree Financial 

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: Hillary violated the Records Act

Tuesday, March 3, 2015

http://www.washingtonpost.com/blogs/the-fix/wp/2015/03/02/hacked-emails-indicate-that-hillary-clinton-used-a-domain-registered-the-day-of-her-senate-hearings/

Hacked emails indicate that Hillary Clinton used a domain registered the day of her Senate hearings
By Philip Bump March 2 at 10:15 PM

*** begin quote ***

The New York Times reported Monday night that, during her tenure at the State Department, Hillary Clinton never used her official email account to conduct communications, relying instead on a private email account. As the Times notes, only official accounts are automatically retained under the Federal Records Act, meaning that none of Clinton’s email communication was preserved.

*** end quote ***

Who goes to jail?

# – # – # – # – #  2015-Mar-03 @ 09:50  

1 Comment | SECURITY | Permalink
Posted by reinkefj

SECURITY: A “stuck backspace key”? You’re joking!

Friday, January 30, 2015

http://www.washingtonpost.com/blogs/erik-wemple/wp/2015/01/29/justice-departments-ig-report-disputes-attkissons-computer-intrusion-allegations/

Justice Department’s IG report disputes Attkisson’s computer-intrusion allegations
By Erik Wemple January 29 at 2:30 PM

*** begin quote ***

Lastly, Attkisson reported to the OIG that a “suspicious” cable was attached to her Internet Service Provider’s connection box installed on her house. She opined to the OIG that perhaps this cable was being used to “tap” her house. Further investigation by the OIG revealed that the cable was a common cable used by the provider and could not be used to monitor or otherwise affect the phone or internet service at her residence.

And in response to Attkisson’s videotape of an alleged hacker deleting content from her computer screen, the report says that the activity was caused by “the back space key being stuck.”

*** end quote ***

Pardon my French, but are you <synonym for the act of procreation in real time> kidding me.

I bought and read her book.

How can they comment on the “suspicious cable” when it was removed by person or persons unknown?

Unless they have the cable.

Then the question is HOW did it come into their possession.

And, really, a “stuck backspace key”, seriously. That’s the story they are going with?

Argh!

Someone should be in jail. 

Correction, lots of someones!

Argh!

Maybe that’s what caused the Target breech, the SONY leak, and global cooling / warming?

Argh!

# – # – # – # – # 

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: Tricks for passwords

Wednesday, December 31, 2014

http://www.networkworld.com/article/2860418/security0/6-simple-tricks-for-protecting-your-passwords.html?nsdr=true

6 simple tricks for protecting your passwords
By Maria Korolov Follow
Network World | Dec 22, 2014 3:00 AM PT

*** begin quote ***

We all know that the current username-and-password system is broken. With Russian hackers reportedly sitting on over a billion passwords, and new breaches hitting the news on a regular basis, it’s fair to assume that if hackers don’t have your password already, they’re about to.

“Most websites and companies require passwords that are at least eight characters long, contain lower and upper case characters, a number, and one or more special characters,” says Vincent Berk, CEO of network security firm FlowTraq.

These kinds of password policies have actually reduced security overall, argues Jacob West, CTO at HP Enterprise Security Products. “We need to bring some sanity back to our password policies,” he says. “A human will never be able to meet these requirements.”

*** and ***

1. Letter substitution cipher: a=b

2. Letter substitution cipher: a=s

3. Never write down encrypted passwords; banana, not nsmsms

4. Use earworms to your advantage: Wheels on the bus go round and round

5. The mnemonic code: a=alpha

6. Add site name to end of password: banana-twitter

*** and ***

One popular alternative is to use a password management tool that keeps all your passwords in an encrypted file, usually in combination with apps on your desktop, laptop and mobile devices.

*** end quote ***

I have used all of these at one time or another.

I think LASTPASS with a complex master password written no where is “good enough” for my non-financial passwords. The few financial ones I have memorized.

AND … …

For those sites who use “security questions”, Users should treat those just like passwords. Do NOT use real answers.

Happy New Year!

# – # – # – # – #   

Leave a Comment » | SECURITY | Tagged: , | Permalink
Posted by reinkefj

SECURITY: Use unique passwords at every site

Thursday, December 18, 2014

http://arstechnica.com/staff/2014/12/ars-was-briefly-hacked-yesterday-heres-what-we-know/#p3

Ars was briefly hacked yesterday; here’s what we know
Readers, please change your passwords.

by Ars Staff – Dec 16 2014, 4:52pm EST

*** begin quote ***

Log files show the hacker’s movements through our servers and suggest that he or she had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses and passwords. Those passwords, however, are stored in hashed form (using 2,048 iterations of the MD5 algorithm and salted with a random series of characters).

Out of an excess of caution, we strongly encourage all Ars readers—especially any who have reused their Ars passwords on other, more sensitive sites—to change their passwords today.

We are continuing with a full autopsy of the hack and will provide updates if anything new comes to light.

Thanks to everyone who offered their support!

*** end quote ***

LASTPASS ensures a unique password every time.

# – # – # – # – #   

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: Government-grade malware is a problem for all

Monday, December 15, 2014

https://www.schneier.com/blog/archives/2014/12/corporate_abuse.html

Corporate Abuse of Our Data
Bruce Schneier

*** begin quote ***

That is not a good enough excuse, though. As nation-state malware becomes more common, we will often lack the whole story. And as long as countries are battling it out in cyberspace, some of us will be targets and the rest of us might be unlucky enough to be sitting in the blast radius. Military-grade malware will continue to be elusive.

Right now, antivirus companies are probably sitting on incomplete stories about a dozen more varieties of government-grade malware. But they shouldn’t. We want, and need, our antivirus companies to tell us everything they can about these threats as soon as they know them, and not wait until the release of a political story makes it impossible for them to remain silent.

*** end quote ***

Can’t do anything about it!

Don’t worry about it!

Argh!

# – # – # – # – #   

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: WSJ reports Cellphones not secure

Saturday, November 15, 2014

THE WALL STREET JOURNAL News Alert
Americans’ Cellphones Targeted in Secret U.S. Spy Program

The Justice Department is scooping up data from thousands of cellphones through fake communications towers deployed on airplanes, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

# – # – #  

Think this will wake up “We, The Sheeple”?

Think again!

Argh!

# – # – # – # – #   

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: STUPID secondary identification

Friday, November 7, 2014

http://gizmodo.com/how-hackers-reportedly-side-stepped-gmails-two-factor-a-1653631338

How Hackers Reportedly Side-Stepped Google’s Two-Factor Authentication
Kelsey Campbell-Dollaghan

*** begin quote ***

Writing on Ello, Blakeman describes how hackers gained access to his Instagram account through his Gmail. Even though he had two-factor turned on, the hackers were able to reset his Instagram password through Gmail and take control of his account (which has since been restored). So how did they do it? Blakeman says that Wired’s Mat Honan, himself a veteran of an epic hack, helped him by suggesting he check with his cellphone provider.

It turns out his number had been forwarded to a different number—which is how the hackers gained access:

“The attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.”

*** end quote ***

I suspect it’s those STUPID secondary identification authenticators!

Once again, if your mother’s maiden name isn’t “R2D2GMAIL” at Google and “R2D2AMAZON” at Amazon, then you are asking to be hacked.

Sorry, but, I use LASTPASS and just keep the secondaries in the notes. 

AND, I never reuse a password anywhere!

YMMV.

# – # – # – # – #   

Leave a Comment » | SECURITY | Tagged: , , , , | Permalink
Posted by reinkefj

SECURITY: Hackers impersonating E-ZPass

Monday, July 28, 2014

Cyber Security Alert: Potential Phishing Attack
Hackers impersonating “E-ZPass Service Center Personnel” are trying to steal customer information by sending an email that contains a malicious link. Attacks have been targeted at personal email addresses stating that they have an overdue toll debt.

The attack tries to trick the user into clicking on a link to view an account invoice. The URL linked in the email directs the target to a malicious website that compromises the user’s personal account information. E-ZPass has identified the following subject lines in connection with the attack emails [PDF]: “in arrears for driving on toll road”, “Payment for driving on toll road”, “indebtedness for driving on toll road”, and “Pay for driving on toll road”.

If you receive such email in your personal mailbox, do not click on the attachment or forward it to anyone. If you have clicked on a link via your personal email account, we recommend that you change the password for any information that you entered into the malicious site.

# – # – # – # – #  2014-Jul-28 @ 11:05  

Leave a Comment » | SECURITY | Tagged: , , | Permalink
Posted by reinkefj

SECURITY: New Malware Alert

Monday, July 7, 2014

2014-Jul-07

ATTENTION, AMAZON Users

Today, I received a very official looking email from AMAZON email address.

It had an Amazon Dot Com link that “went to my account”. I check what was behind the text. Because the junk after Amazon Dot Com was garbage, it resolved to the front page and the cookie signed me in.

I almost fell for it EXCEPT:

  • Why would Amazon attach a zip file to an order confirmation?
  • IT came in from “delivers@amazon.com” which it not my address for amazon.
  • I didn’t order anything that I was still waiting for.

Even after that analysis, when it came it I almost screwed up.

Take care.

Of course, I reported it to: stop-spoofing@amazon.com

# – # – # – # – #  2014-Jul-07 @ 23:49  

NOTE: GMAIL didn’t like it either.

The message “Order Details” from Amazon.com (delivers@amazon.com) contained a virus or a suspicious attachment. It was therefore not fetched from your account fjohn@reinke.cc and has been left on the server.

Message-ID: <0MfXLH-1XEgyE1rtz-00P1O6@mx.perfora.net>

If you wish to write to Amazon.com, just hit reply and send Amazon.com a message.

Thanks,

The Gmail Team

# – # – # – # – #  2014-Jul-08 @ 13:06  

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: Fig leaf by Verizon

Wednesday, January 15, 2014

 

 
Verizon Wireless  
IMPORTANT ACCOUNT INFORMATION FROM VERIZON WIRELESS.
Your Verizon Wireless online account – Account Number ending with 1361-00001

This email is to confirm that you have been de-enrolled from My Account. If you would like online access to your Verizon Wireless account in the future, please visit www.verizonwireless.com and re-register at My Account.

Verizon Wireless
My Verizon is also available 24/7 to assist you with:
  • Viewing your usage
  • Updating your plan
  • Adding Account Members
  • Paying your bill
  • Finding accessories for your devices
  • And much, much more…
RULE THE AIR
© 2011 Verizon Wireless
Verizon Wireless | One Verizon Way | Mail Code: 180WVB | Basking Ridge, NJ 07920
We respect your privacy. Please review our privacy policy for more information

If you are not the intended recipient and feel you have received this email in error; or if you
would like to update your customer notification preferences, please click here.
 
 
  

# – # – # – # – #   
 
This is all about what? Not security for sure. 
 
It’s about preparing to decent liability claims.
 
imho
 
# – # – # – # – #   
 
  

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

SECURITY: Target is a joke; it’s the card companies

Tuesday, December 31, 2013

http://www.dailymail.co.uk/news/article-2529035/Target-warns-customers-aware-phishing-scams-hackers-steal-details-45-million-credit-cards.html

Target denies PIN data was compromised after insider claims encrypted personal info was stolen along with 40 million credit and debit card numbers
Target hackers allegedly stole encrypted PINS in ‘sophisticated’ operation
The retailer says it has learned of some scam emails related to breach but doesn’t have specific information as to how it happened
Details of 40 million credit and debit card accounts stolen between November 27 and December 15
Target claimed Wednesday that encrypted personal ID numbers were not accessed by hackers
Target faces at least 15 lawsuits seeking class action status
By DAILY MAIL REPORTER
PUBLISHED: 15:56 EST, 24 December 2013 | UPDATED: 15:29 EST, 25 December 2013

*** begin quote ***

Target Corp is crying foul on insiders who recently told the media that encrypted PINs were stolen along with more than 40 million credit and debit card numbers in the retail behemoth’s catastrophic data breach.

The hackers who attacked Target Corp and compromised more than 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers, according to a senior payments executive familiar with the situation told Reuters.

*** end quote ***

The “card” companies are too cheap to put in a better level of security on the cards.

They could “chip” them or at least put photos on them.

The industry has many ways to tighten up the controls, but that translates into money.

As long as fraud stays low, they are happy to eat it.

Unless the cost equation changes, not much will happen.

You have to laff at the politicians and bureaucrats who are on TV pontificating. 

They are the ones who created this mess. 

Without Social Security Number, no of this nonsense would be possible.

So like Harry Browne said: “Government is good at one thing: It knows how to break your legs, hand you a crutch, and say, ‘See, if it weren’t for the government, you wouldn’t be able to walk.'”

Argh!

# – # – # – # – #   

Leave a Comment » | SECURITY | Permalink
Posted by reinkefj

Next Entries »