Dr. Markus Jakobsson is Principal Scientist at Palo Alto Research Center. He is a founder of the security startup RavenWhite, which addresses security problems associated with authentication, malware and click-fraud. He is also one of the founders of SecurityCartoon, an educational approach targeting typical Internet users. He is a firm believer in technology to address security problems, but believes that a holistic view that includes the end user and his/her behavior is crucial. Unexpected user behavior can thwart the best security measures, and any security measure must be designed with social engineering and human failure in mind. Dr. Jakobsson's recent books Phishing and Countermeasures (Wiley, 2006) and Crimeware: Understanding New Attacks and Defenses (Symantec Press, 2008) chart new territory in online security. He received his PhD from University of California at San Diego in 1997.
Wednesday, it was reported that Sarah Palin's Yahoo account was hacked by a perpetrator wishing to find incriminating information in her emails. It was not done using some strange computer security vulnerability. It was not done by guessing her password. It was done just in the same way as Paris Hilton's T-Mobile account was hacked some time ago: by guessing the answers to security questions.
Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car!
Look at these three URLs: www.accountonline.com, www.democratic-party.us, www.wachovia.pin-update.com. Can you tell which (if any) correspond to legitimate service providers? Do you think the average Internet user can tell, too?
Federal prosecutors have charged 11 people with stealing 41 million credit cards, obtained by wardriving. The criminals drove around and scanned wireless networks for vulnerabilities, then installed sniffers that stole credit card information. Was this kind of attack inevitable? I believe it was. And we have more coming.
Once upon a time, malware authors wrote code to infect thousands of machines for entertainment and intellectual stimulation. Today, it's all about the money, and the greatest threat may lie in the silence, making a far more dangerous landscape.
Malware, like real-world epidemics, has the strange property that it does not only matter to your health how well protected you are, but also, how well average people "out there" are. The more machines that are infected, the higher is your risk of also becoming infected. But that is not all: You are at risk even if you are well protected!
Search engines and ISPs know who you are and where you've been. Phishers and advertisers do too. But can the average Joe learn this about you? Yes -- for good and bad.
In a recent post, I described the problems with password reset, and how current password reset questions can be attacked. Watch my recent Google Tech talk on this subject...
Where Google Chrome security fails: the password I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows Learn More
Brought to you by:
contests & free stuff
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases
built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC
technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability
and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
43I like it!
Sarah Palin goes the way of Paris Hilton
Wednesday, it was reported that Sarah Palin's Yahoo account was hacked by a perpetrator wishing to find incriminating information in her emails. It was not done using some strange computer security vulnerability. It was not done by guessing her password. It was done just in the same way as Paris Hilton's T-Mobile account was hacked some time ago: by guessing the answers to security questions.61I like it!
What is worse than reusing passwords?
Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car!