http://www.dslreports.com/forum/r15208127 en Fri, 27 Nov 2009 23:29:57 EDT Fri, 27 Nov 2009 23:29:57 EDT http://www.dslreports.com/forum/remark,15213464 Red Dragon : The vast majority of people do not have a clue about computer security yet alone can not tell an email from ebay.com from haxzor@ebay.com. Gone phishing ill be back when I catch something big.
--
That light that you see at the end of the tunnel. You know that reealy bright one; well its not salvation. Its the 6 o'clock freight train]]> http://www.dslreports.com/forum/remark,15213464 Tue, 10 Jan 2006 13:00:41 EDT http://www.dslreports.com/forum/remark,15212994 garys_2k : Many of the ID thefts are facilitated by poor, no -- absolutely nonexistent, plain vanilla security. My mortgage company "lost" a tape of account holder information (later found in the back of the shipper's truck) that was sent with NO encryption. Laptops (and desktop) machines with personal data are compromised or physically stolen and there is no encryption protecting the valuable data.

We have the tools we need to protect this information and the know-how to use them. I honestly think that businesses will have to be forced, via a Sarbanes-Oxley type of law, to implement these measures before they're widely used. As a libertarian-minded guy I so wish that wasn't so, but I know about corporate inertia and what it takes to overcome it.]]> http://www.dslreports.com/forum/remark,15212994 Tue, 10 Jan 2006 11:52:28 EDT http://www.dslreports.com/forum/remark,15208127 Blackbird : There once was an era when most point-of-sales transactions were concluded using "bearer" assets - currency, coins, bearer-notes, etc. The only "security" issue was establishing whether the payment offered was legitimate (not counterfeit) and trustworthy. Bearer identity never entered into securing the transaction. Personal identity did bear at the limited numbers of sites where accumulated assets were kept in 3rd-party storage, when the owner wished to withdraw them for use. Originally, asset withdrawal required personal recognition of the withdrawing person by a clerk, presentation of proper physical certification (passbook or certificate), signature, and perhaps fingerprint. Multi-day withdrawal delays were used at times when needed to allow further verification of withdrawer identity. Later, especially in large cities, forms of "official" and independent ID came to replace personal recognition.

When point-of-sales transactions came to be dominated by a promise to instantly assign assets (or credit rights) held in a buyer's account over to the seller, personal identity and credit-worthiness entered the point-of-sale transaction picture and replaced asset trustworthiness as the main "security" concern of the day. This moved the personal ID problem from the limited number of asset-holding sites and multiplied it to a limitless number of point-of-sale sites. Later, everything went "online" and an already very difficult security situation got seriously more complex.

Identification is merely authentication. In olden days, a seller could bite the edge of a proffered coin, weigh it, inspect it, etc. in an attempt to establish its authenticity... but he cared little about who the point-of-sale buyer might be. Today, the seller cares little about the form of the proffered payment (as long as it's "name-brand"-linked)... but he cares immensely about who the buyer actually is, since that's the only thing ultimately securing the payment proffered. So the point-of-sale transaction dilemma became: how do you safely authenticate a particular human being? With the advent of online transactions, the even greater dilemma has become: how do you safely authenticate a numerical/password representation of a particular human? And that question is now posed equally for point-of-sale and asset-holding sites alike. Added to all of this is the security dilemma all this poses for the targets of all this identification data... you and I.

How well does all this people-authentication currently work? Not all that well, if crime statistics are to be believed. Access numbers are lost, stolen or hijacked. Faked numbers are proffered at points-of-sale and access-holding organizations, and accounts are raided. Whole personal identities are hijacked and misused. An entire sub-culture blackmarket in stolen access-data exists. Perhaps the only reason this has not all exploded into public consciousness as the #1 crisis of our day is that most of the fraud costs are buried. Companies "write them off" (read: pass them on to all customers via higher fees/rates), because they see little alternative. But such costs now are themselves exploding. Bottom line: the system is in seriously deep do-do, and rapidly sinking further!

The bedrock questions are whether there are any air-tight secure ways to remotely authenticate a person, and whether there are any air-tight secure ways to preserve such identity-proving data during its usage, transmission, and storage (including long-term)? Then a further basic question arises: how would such ways be emplaced as 'standards' and compliance meaningfully enforced? All without violating personal privacy and while avoiding a Constitutionally-questionable 'national identity card'. Ultimately, all touted ID methodology boils down to inherent accuracy and, more importantly, to the security of the entire data-transmission/usage/storage chain. That chain, regardless of particular methodology, involves lots of machinery, software programs, backups, and most risky of all - people.

Methinks something of a pervasive monster has been created... I'm less than confident that further technological tweaking of the monster will provide the desired outcome. :huh:
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,15208127 Mon, 09 Jan 2006 18:53:28 EDT http://www.dslreports.com/forum/remark,15204104 Mele20 : User ID by Jenefer Shute, Houghton Mifflin Boston:2005 is a novel about computers and identity theft. I haven't finished it yet. It's riveting and causes one to ask many questions about who we are/what we are/where the machines enter/we leave/don't leave/what is reality now/etc?
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"]]> http://www.dslreports.com/forum/remark,15204104 Mon, 09 Jan 2006 08:49:48 EDT http://www.dslreports.com/forum/remark,15203688 pandora : This will continue until biometrics is accepted, widely used as in for instance requiring new accounts or account change requests to be done only at FDIC banks after multiple biometrics are verified, including video of the transaction request. Every C-SPAN investigation of this problem indicates biometrics is part but not all of the solution. However no elected official is even willing to consider even that.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use."]]> http://www.dslreports.com/forum/remark,15203688 Mon, 09 Jan 2006 06:34:06 EDT http://www.dslreports.com/forum/remark,15202168 Link Logger : Given that this problem has grown by at least an order of magnitude, it will be interesting to see if anything changes in terms of prevention or reduction. In some cases I don't think anything is going to change as this isn't 'corporate' money (ie it doesn't affect profits), but instead these losses are passed back to the consumer (cost of doing business sort of thing). The thing is there are a lot of consumers and the impact of this is hidden. So is anything go to happen from the corporate/consumer side, I don't think so. As a government knowing there are very well funded 'bad guys' out there, thats a huge problem and we have lots of examples of it in the past (drug cartels buying governments and hence countries to safely operate from etc). Anytime an organization is this well funded its going to be an ugly drawn out afair to get rid them and I don't think we are to that point yet that we are going to confront this issue as I don't think we have the stomach for it yet. So my prediction for 2007 will be another large increase in the cost of identity theft.

There are two key points which everyone should be aware, first even if your not a direct victim of identity theft, you will be paying to cover the consequences never the less. Second, these guys are incredibly funded (I had a rather interesting 'job offer' a couple of years ago which I turned down so I could stay a poor white hat) so attacks are only going to get better in the future.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/remark,15202168 Sun, 08 Jan 2006 22:24:13 EDT http://www.dslreports.com/forum/remark,15198726 Just Bob : We, the internet community, are at war and the vast majority of internet users are unaware and/or complacent. Microsoft's recent proactive approach is very good, but I suspect we may soon see an end to the content neutral nature of the internet. While this kind of censorship is worrisome and undoubtedly would be misused by governments of all ilks, I see few other solutions.

I would be very interested in hearing the thoughts of the knowledgeable members here on alternative technological remedies.]]> http://www.dslreports.com/forum/remark,15198726 Sun, 08 Jan 2006 13:20:58 EDT http://www.dslreports.com/forum/remark,15196511 ZOverLord : And...having access to data like this sure makes it easier for the SLIME to focus on ones interest to get better chances of succeeding in their QUEST:

»www.applefritter.com/bannedbooks
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com]]> http://www.dslreports.com/forum/remark,15196511 Sun, 08 Jan 2006 01:00:38 EDT http://www.dslreports.com/forum/remark,15196432 EGeezer : Good find! For consideration;

With a trillion dollar worldwide revenue potential, the cost and effort justification for developing high quality complex exploits is now reality. What remains to be seen is the response from the IT community, product vendors and internet architects. We can be sure that the malware and implementations will be much higher quality as profit potential increases.
--
In Memoriam - NRK 1 FEB 1918 - 6 NOV 2005 B-17 pilot - 50 missions over Europe and North Africa - 347th Squadron, 99th Bomb Group - Husband, Father, Grandfather, Great Grandfather, friend --- A knight and gentleman gone to peace ]]> http://www.dslreports.com/forum/remark,15196432 Sun, 08 Jan 2006 00:44:42 EDT http://www.dslreports.com/forum/remark,15194810 Link Logger : This year promises to be the worst yet. Identity thieves are expected to steal more than $1 trillion. Cybercriminals are making so much money—more than the illegal drug trade last year, according to the U.S. Treasury—that they've been doing their own R&D.

»www.msnbc.msn.com/id/10682795/site/newsweek/

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/remark,15194810 Sat, 07 Jan 2006 20:00:10 EDT