|Compliance and Privacy News|
How often do you enter your personal details into a website? Once a day? Once a week? Well Mike Davies of Verisign has just registered on ten. He recounts his tale below and it makes very sobering reading!
This week there are two webcasts you may want to take a closer look at - one on money mules, phishing and cyber-laundering; the other the security issues raised by the Google Desktop toolbar.
Finally we report on how the entire software industry is now working together to make the web safer for consumers and e-tailers alike. Exciting times lie ahead - read on and enjoy!
As always, we really welcome your comments and thoughts. Drop us a line, or visit the compliance and privacy site and register your thoughts.
Mike Davies, of our sponsor, VeriSign, says: What a wonderful place the internet is, only today I registered for free at 10 online sites.
I now have a new email address, will be alerted about the latest holidays, electrical goods or jobs that interest me, am a registered user at a major political party's website, have a brochure from a healthcare provider being posted to me, gained access to a computing magazine's website as well as a national newspaper, and will be attending a talk on aromatherapy.
The information I provided to register varied by site but included name, email and physical address, mothers maiden name, salary, political persuasion, preferred holiday dates (when my house will be empty), gender, date of birth, employer's name, mobile telephone number and job title.
At no point during any of the registrations was the personal data I entered secured. This worries me and it should worry you too.
Criminals are stealing thousands of credit cards and banking account credentials daily through phishing attacks, Trojan horse attacks and other attack vectors. Thousands of dollars daily are then laundered to offshore banking accounts through dozens of countries by "money mules," or phishing money launderers. Cyber-fronts are created to solicit, hire and exploit these money mules within multiple countries, and they can make as much as $10,000 or more in a month for part time work. This report will take a look inside the world of money mule operations and provide several examples of business fronts and job offers.
The replay is now available and lasts 28 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones).
By installing and using the Google Desktop Toolbar, a user can search the files stored on his local computer and the Internet simultaneously. Using advanced features of this product, it is even possible to search other computers that run the Google Desktop software. It is this feature that has cause much concern among security researchers. This presentation will examine the installation and operation of Google Desktop Search in order to determine the efficacy of this product. It will examine the security weaknesses and vulnerabilities that exist in the latest version of Google Desktop Search and how these issues can be somewhat mitigated using reasonable security policies.
This is an interactive webcast, and it will be held in two sessions, one in the US and Pacific time zones at 2pm EDT on 12th April and the other in European time at 3pm BST on 18th April. It requires an audio equipped computer. You are more than welcome to register for both sessions
As usual we expect to mount the replay on Compliance And Privacy very soon after the webcast
When the first cars were produced it is a pretty safe bet that they weren't fitted with an alarm, immobiliser or tracking device. Such advances in car security were introduced in response to escalating car crime and now car crime is at an all-time low. Today it seems that online security threats emerge almost daily, threats that are eroding fragile consumer confidence. Without consumer confidence the cost-effective and efficient online business model could well become marginalized, while the growing fraud losses that online service providers from banks to e-tailers are suffering are pushing up costs.
The combination of lower trust and higher costs could render the on-line business model ineffective for many. SSL certificates have certainly helped - but it is increasingly clear that most consumers either don't understand them or don't know how to validate them. Something simplere and MUCH more obvious is needed for the consumer. Fortunately, the industry is responding with two exciting new developments..
Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.