by Markus Jakobsson
RSS

Recent blog posts

Sarah Palin goes the way of Paris Hilton

Wednesday, it was reported that Sarah Palin's Yahoo account was hacked by a perpetrator wishing to find incriminating information in her …

45 comments
What you always wanted to know about malware (but were afraid to ask)

Malware, like real-world epidemics, has the strange property that it does not only matter to your health how well protected you are, but …

1 comment
Why no news is bad news -- at least when it comes to malware

Once upon a time, malware authors wrote code to infect thousands of machines for entertainment and intellectual stimulation. Today, it's …

1 comment
Google Tech talk on Password Reset

In a recent post, I described the problems with password reset, and how current password reset questions can be attacked. Watch my recent …
What is worse than reusing passwords?

Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public …

16 comments
Forty-one million stolen credit cards is just the beginning

Federal prosecutors have charged 11 people with stealing 41 million credit cards, obtained by wardriving. The criminals drove around and …

3 comments
Google knows who you are

Search engines and ISPs know who you are and where you've been. Phishers and advertisers do too. But can the average Joe learn this about …
Can you tell a good URL from a bad one?

Look at these three URLs: www.accountonline.com, www.democratic-party.us, www.wachovia.pin-update.com. Can you tell which (if any) …

8 comments
Better law enforcement -- always good for us?

If law enforcement improves, we will all be safer. Right? Well actually, maybe not.

2 comments
Free iPhones -- then what?

Is free a good thing? Maybe not. Let's consider the impact on Internet security of heavily discounted smartphones. It could be quite a …

3 comments

How Herbert Thompson stole his friend's identity

By Markus Jakobsson Add a new comment

August 22, 2008, 1:27 PM — A recent Scientific American article describes how easy it is to steal somebody's identity. It uses blog entries, password reset mechanisms, and simple detective work. Make no mistake. You are not secure if you are not a blogger -- this is simply an account of what could be done.

Dr. Markus Jakobsson is Principal Scientist at Palo Alto Research Center. He is a founder of the security startup RavenWhite, which addresses security problems associated with authentication, malware and click-fraud. He is also one of the founders of SecurityCartoon, an educational approach targeting typical Internet users. He is a firm believer in technology to address security problems, but believes that a holistic view that includes the end user and his/her behavior is crucial. Unexpected user behavior can thwart the best security measures, and any security measure must be designed with social engineering and human failure in mind. Dr. Jakobsson's recent books Phishing and Countermeasures (Wiley, 2006) and Crimeware: Understanding New Attacks and Defenses (Symantec Press, 2008) chart new territory in online security. He received his PhD from University of California at San Diego in 1997.

Add a comment

Will Do Not Track kill the 'free' Internet?

11 comments
How to avoid being tagged as a terrorist: Don't pay cash for coffee

6 comments
How to kill Web trackers dead

3 comments
Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

3 comments
The iPad 3 and its little brother, the iPad 8"

2 comments

Older
|
Newer

ITworld LIVE

Jeffmac has just joined ITworld
HeatherWay_LinkedKPDWCK commented on Will Do Not Track kill the 'free' Internet?
HeatherWay_LinkedKPDWCK has just joined ITworld
jimlynch answers What can be done to control noise levels in data centers?
jimlynch answers How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
jimlynch answers What type of enterprise user is going to use Ubuntu Business Desktop Remix?
jimlynch answers How well does facial recognition work for device security?
nbetolli asks What are the best tools for speeding up a website?
Arturoas_tw36118372 has just joined ITworld
whcordis shared The iPad 3 and its little brother, the iPad 8" on Twitter
christnertech answers How well does facial recognition work for device security?
christnertech answers How well does facial recognition work for device security?
SmithJames_Yah7ULATY commented on Robot hockey player: it shoots, it scores!
dlantowski has just joined ITworld
Mb_YahOBL4BN commented on The iPad 3 and its little brother, the iPad 8"
theresatruong_tw33236253 has just joined ITworld
adjones has just joined ITworld
alangrus commented on Five good reasons to download LibreOffice 3.5
StillADotcommer asks How well does facial recognition work for device security?
whcordis has just joined ITworld
dblacharski answers What type of enterprise user is going to use Ubuntu Business Desktop Remix?
Neelima Yadav has just joined ITworld
docesaM has just joined ITworld
rommelbhargava_tw57409583 commented on Eight features Windows 8 borrowed from Linux
riffin answers How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
dblacharski answers What can be done to control noise levels in data centers?
fola has just joined ITworld

SecurityWhite Papers & Webcasts

White Paper

Overcome Top 7 Admin Challenges of Active Directory

As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

White Paper

Insiders Can Ruin Your Company. Take Action.

Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

White Paper

Streamline Compliance and Increase ROI

Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

White Paper

X-Ray of the PCI Process-4 Proactive Steps

This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

See more White Papers | Webcasts