New frauds, new terms

As new frauds are emerging, phishing's new siblings - Vishing (voice phishing) and Smishing (SMS phishing) are taking birth. Though, Vishing sounds like twin sister of "Social Engineering".

Phishing scams, where criminals attempt to elicit payments or personal details by e-mail, are now well known, so practitioners are turning to telephone-based variants. The principal method is “vishing” (voice phishing), where the perpetrators call victims posing as their bank and ask them to verify their identities by divulging personal details, often using an automated system. In the most convincing version, the target is not asked for details on the spot, but told to call the bank’s “fraud department” on a specified security number. “Smishing” (SMS phishing) is the latest adaptatation, where initial contact is made by text message.

The times article also discusses other emerging frauds and how people fall victim of them.

Predicting individual SSNs simply from publicly available data

CMU researchers published another paper on predicting individual SSNs simply from publicly available data.

Since SSNs are predictable from public data, identity theft could occur even without events such as data breaches. Some of the implications are that 1) the SSA should randomize the entire SSN assignment process; 2) current policy initiatives in the area of SSN and identity theft should be reconsidered: most policy-making currently focuses on removing SSNs from databases or redacting their digits, so that they can still be used as "confidential information" - however, since SSNs are predictable from otherwise publicly available data, SSNs cannot be kept confidential even if they are removed from databases, and therefore those initiatives may be ineffective; 3) since SSNs can be predicted and are therefore, in a sense, semi-public information, consumers should not be required by private sector entities to use SSNs as passwords or for authentication.

Police to use Wardriving

This is the first time wardirving (process of searching for open wireless networks using a laptop or handheld in a moving vehicle) technique is used by Police to warn users.

Many home networks can be accessed by anyone within range because strong security settings are often not enabled and passwords are rarely changed from the default setting.

----

Detective Superintendent Hay said it was important for police to get "ahead of the game" as crooks were now sharing information on satellite maps showing vulnerable areas with large numbers of unsecured networks.

Data Privacy

Should the user data associated with any service available online be subjected to the jurisdiction of all countries?

In March of this year, a Belgian court entered judgment in a criminal case against Yahoo! and fined the company for refusing to hand over user data to Belgian law enforcement authorities under Belgian law.

The catch? Yahoo! has no subsidiary, employees or localized website in Belgium. The request — sent via email by a Belgian prosecutor to Yahoo!’s U.S. offices — was for user data held in the U.S. and associated with Yahoo! Mail accounts.

Will Google's Chrome be most secure OS ever?

I dont know "most" but it'll certainly be more secure. Per Google, its redesigning the underlying security architecture of OS so users don't have to deal with viruses, malware, security updates.

But there's another side to this story. The Chrome OS will be far more Web-centric than Windows, which means that many--if not most--of its applications will be running over the Internet. What's more, people's data will be stored "in the cloud," much of it on servers run by Google. So while Google may help reduce Microsoft's potential as a single point of failure, it increases its own. If hackers were successful in launching an attack on Google, that would affect not only people's ability to use Google apps, but the integrity of their data.

New way to communicate privately over Internet

How to communicate privately over Internet? Use Darknet! No, its not a shady net. The term was first invented by DARPA and been long used by the agency. HP is just making it easy to use and bringing it to you and me.

HP won't give the specifics of its implementation, but here's how the idea works: Someone navigates to a Web site that serves up some JavaScript code that runs in the user's browser. That code uses the local storage capacity built into the latest version of browsers like Google Chrome and Internet Explorer. As a result, each user gives up some local storage that holds redundant, encrypted slices of data that together are coordinated and shared by the darknet. As a whole, the information exists so long as the darknet exists.

Cracking SSNs

Using statistical patterns, CMU Researchers predicted the first five digits of a Social Security number 44% of the time.

Researchers leveraged publicly available info for first 5 digits (this information is available at SSN's official website). How hard is it to Social Engineer the last 4 digits?