The Security Pub

Random Thoughts About Security

Category Archives: Privacy Laws

Sony Admits PlayStation Network Compromised

 

 

Sony has confirmed that a data breach was the cause for the PSN outage. In a vague letter to customers, the gaming giant warned that 70 million users’ personal information was compromised. In addition, it fears credit card details were also included in the loss.

On April 17, an unknown number of PSN and Qriocity accounts were compromised. As a result, Sony shut things down in an attempt to mitigate the situation, allowing it time to correct underlying issues and launch a full investigation. Initially, the service outage was blamed on Anonymous, considering the group’s past actions against the Japanese electronics giant.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained,” Sony’s letter explained [click here for the full letter].


 

 

Form Based Phishing Attacks are on the RISE

As always, spammers are keeping abreast with the important events of the season’s, and know that January is when the public usually submits tax returns and starts getting refunds. Websense is reporting that the form-based approach is being used more frequently than the usual direct links to phishing sites.

What are form-based email attacks?

Form-based attacks is just another type of phishing attack.  Instead of using a link to take the user to a phishing site, the hacker includes a form that the user is asked to complete. When the user completes the form and submits it, the details are then sent to the attacker. Here is a short video that shows an example.

What to do if your Facebook profile has been hacked

imagesWith its millions of users, the world’s most popular social network has become a perfect target for attackers exploiting such a dense concentration of potential victims. There are numerous reports from users whose Facebook profile has been hacked and whose identity has therefore been placed at risk.  If your Facebook profile is hacked below are some steps to follow to help limit the ongoing effects.

[box type="info"]Step 1: Firstly, remove all permissions that have been given to the malicious application. This is a simple process: from Account > Application settings in the top-right corner of your Facebook profile. This ensures that the application will not continue to have access to your profile once the password is changed.

Step 2: Change the login password! To keep your identity safe, it is advisable to change your password and the user name (it’s a good idea to do this from time to time anyway). This is also easy: Go to Account > and Account Settings in the menu in the top left corner of your Facebook profile. It is also advisable to use strong passwords that cannot easily be guessed. [/box]

Are You Disclosing Personal Information on Social Network Sites?

socialnetworksites Social networking users should be careful when accepting friend requests and to be conscious of the data they share. According to a new study by BitDefender, social network users do not appear to be preoccupied with the real identity of the people they meet online or about the details they disclose while chatting with total strangers.

The study revealed that 94 percent of those asked to “friend” the test profile, an unknown, attractive young woman, accepted the request without knowing who the requester really was. The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.

In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

The study showed:

  • More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security
  • The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent)
  • After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc – information usually requested as answers to password recovery questions
  • Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.

Identity Theft and What to Know

Identity Theft, What is it?

comic id theft Identity theft is a crime in which personal information such as a name, social security number, date of birth, and address is stolen and may be used by someone to assume someone’s identity, often for the purpose of financial gain. It is also referred to as “identity fraud” when the stolen identity is used to impersonate the victim. Here are some methods a criminal may use to steal your data over the Internet.

  • hacking
  • spam
  • phishing
  • social media sites (facebook, twitter, etc)
  • file sharing

All these and many more can be targets for identity thieves, since users often make the assumption that these places on the internet are trusted environments. They will begin sharing personal information without understanding the consequences. But know, Identity theft is not just a risk for those of us who use the Internet. Criminals can obtain information by sorting through garbage, eavesdropping, stealing wallets, picking up receipts at restaurants, and other means.

Once enough information has been gathered, criminals may open new credit card accounts, apply for loans, empty your bank accounts, make charges on your credit card, or develop fake forms of identification. Another thing to know is identity thieves will not always use the information themselves. They may sell it to underground markets for financial gain.

What can you do to protect your identity?

  • Ensure that any computer used to connect to the Internet has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.
  • Do not follow links provided by unknown or un-trusted sources.
  • Do not open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Be careful what personal information you distribute, particularly on social networking sites (Facebook, Twitter), and continuously check to see what information others may be posting about you. Also verify your privacy settings to ensure you are not inadvertently sharing your personal information. Check out these two pages for more information to protect yourself on Facebook.  Page 1 | Page 2
  • Check your credit reports from all three major credit bureaus (Equifax, Experian, and TransUnion) at least once a year. You are entitled to one free credit report from each bureau every year. You may wish to stagger your requests to check a different credit bureau every four months.
  • Guard your personal information, including your social security number. Don’t carry your social security card with you, and don’t provide your social security number to anyone unless they have a legitimate need for it.
  • Don’t put your social security number or driver’s license number on your checks.
  • Be aware of your surroundings when providing personal information orally. Watch for eavesdroppers.
  • Properly discard hard copy documents containing personal information. A crosscut paper shredder works best.

What should you do if your identity has been stolen?

The first step is to notify your bank, and any other entities with which you have accounts, to inform them that someone may be using your account fraudulently. File a report with your local police and report the event to the Federal Trade Commission. It is helpful to have your financial statements available to better explain your situation.

Contact all three major credit bureaus to request a credit report, and have a fraud alert or a credit freeze placed on your credit reports to prevent accounts from being opened without your permission.

Continue to monitor all of your accounts for any suspicious activity.

Why Privacy Concerns are Ruining Facebook

Facebook was built as a powerful social connector, allowing users to befriend others with similar interests, locations, schools, and more. But as privacy concerns mount and users demand more protection, the social networking site’s philosophy has started to go down the toilet. Now that Facebook is eliminating regional networks — or groupings of people based on where they live — it’s becoming apparent that proclivities lean towards building fences rather than crossing them.

Check out the article