by Markus Jakobsson
RSS

Recent blog posts

Sarah Palin goes the way of Paris Hilton

Wednesday, it was reported that Sarah Palin's Yahoo account was hacked by a perpetrator wishing to find incriminating information in her …
What you always wanted to know about malware (but were afraid to ask)

Malware, like real-world epidemics, has the strange property that it does not only matter to your health how well protected you are, but …
Why no news is bad news -- at least when it comes to malware

Once upon a time, malware authors wrote code to infect thousands of machines for entertainment and intellectual stimulation. Today, it's …
Google Tech talk on Password Reset

In a recent post, I described the problems with password reset, and how current password reset questions can be attacked. Watch my recent …
What is worse than reusing passwords?

Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public …
Forty-one million stolen credit cards is just the beginning

Federal prosecutors have charged 11 people with stealing 41 million credit cards, obtained by wardriving. The criminals drove around and …
Google knows who you are

Search engines and ISPs know who you are and where you've been. Phishers and advertisers do too. But can the average Joe learn this about …
Can you tell a good URL from a bad one?

Look at these three URLs: www.accountonline.com, www.democratic-party.us, www.wachovia.pin-update.com. Can you tell which (if any) …
Better law enforcement -- always good for us?

If law enforcement improves, we will all be safer. Right? Well actually, maybe not.
Free iPhones -- then what?

Is free a good thing? Maybe not. Let's consider the impact on Internet security of heavily discounted smartphones. It could be quite a …

How Herbert Thompson stole his friend's identity

By Markus Jakobsson

August 22, 2008, 1:27 PM — A recent Scientific American article describes how easy it is to steal somebody's identity. It uses blog entries, password reset mechanisms, and simple detective work. Make no mistake. You are not secure if you are not a blogger -- this is simply an account of what could be done.

Dr. Markus Jakobsson is Principal Scientist at Palo Alto Research Center. He is a founder of the security startup RavenWhite, which addresses security problems associated with authentication, malware and click-fraud. He is also one of the founders of SecurityCartoon, an educational approach targeting typical Internet users. He is a firm believer in technology to address security problems, but believes that a holistic view that includes the end user and his/her behavior is crucial. Unexpected user behavior can thwart the best security measures, and any security measure must be designed with social engineering and human failure in mind. Dr. Jakobsson's recent books Phishing and Countermeasures (Wiley, 2006) and Crimeware: Understanding New Attacks and Defenses (Symantec Press, 2008) chart new territory in online security. He received his PhD from University of California at San Diego in 1997.