With unemployment at an all-time high, people are searching for work in the most remote places. One them being, online. According to MSN Money, fake-check scams have become one of the number one fraud reported to the National Consumers League.
Because U.S. law requires the dispensation of funds from a check within five business days, banks are losing out on more and more money. Five days is usually not enough time to determine whether or not a check is fraudalent. However, the bank can not legally hold the funds until they determine the legality of the check. Rather, they must cash the check. Then, request compensation later. These scammers draw up real checks from actual accounts, but the printing is homemade. The scam artist then instructs their victim to go the bank and cash the check, keep a portion of the proceeds, then wire the remaining balance to a designated account.
This particular form of fraud strikes me as odd that some people could actually fall for this. First of all, why is someone sending you a check endorsed to someone else. Second, why would someone have you wire them a portion of the check when they could have cashed the check themselves and kept the entire amount. The reasons underlying this scam is because the scammers choose to keep their names away from government scrutiny. Because their victim actually cashed the check, even though they did wire a portion of the check to the scammer, they are the ones at fault.
My advice is never to cash a check that is not endorsed to you. Second, most get-rich schemes are what they are: schemes. So stay away. Third, have common sense.
http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/cash-a-check-maybe-go-to-jail.aspx
Monday, December 14, 2009
Debit Cards
I personally use my debit card much more than my credit card. I like the idea of spending my money, opposed to charging it and having to pay for it later. However, I never really realized the continuous risks involved with using them, opposed to credit cards.
Debit cards are usually linked to your checking account. Therefore, when purchases are made, the money comes directly from your that specific account, without dispute. It seems to replace the hassle of writing a check. Rather, you make the purchase, swipe, and the transaction is complete. Visa calls their debit card the "VISA Check Card" and Mastercard calls their's the "Mastermoney Card." Whoever the carrier, the debit cards function the same way.
Debit cards pose great risks, in terms of security. With checks, they require a photo ID, your license number, phone number, address, and signature. All you need to access the checking account associated with the debit card is their four-digit pin number. No questions are asked after that. And now, banks are coming out with a new debit card that does not even require a pin number! No signatures. No ID. Nothing. It seems that confidentiality for access to this account could be breached with four simple numbers, which would be entered electronically.
If I were an attacker, all I would have to do is stand behind someone close enough to see what numbers they select. If those four numbers hold the key to their checking accounts, obtaining those numbers would disclose all of their information on that account, not to mention all of the money in the account. Most receipts from debit card transactions contain the account numbers and sometimes the pin numbers. If I was an attacker, all I would have to do is watch out when people throw away receipts when leaving a store. I would then pretend I dropped something in the garbage, retrieve the receipt, go online and go shopping galore.
Clearly, the vulnerabilities of the card have been exhausted. It seems that newer technologies are making it easier and easier for black hat hackers. All they need is a receipt to drain your checking account?! That seems absurd. No photo ID. No signatures. Not even a pin number in some cases.
The value of a thin, plastic card carries the weight of an entire checking account. Because ID's and pin numbers can be stolen and altered, it seems like a difficult task to ensure the confidentiality of financial information. However, these threats will continue to exist as long as society uses cards to purchase goods, opposed to actual cash.
Because debit cards are this risky, I would definitely recommend using credit cards more often. If you lose your debit card or if someone hacks into your checking account, you lose your money and oftentimes have to go through extensive measures to retrieve that money from the bank. However, if you use your credit card, you are using the bank's money. That way, you can dispute the charges before you spend your own money. In the case that no wrongful charges have been charged, you could just pay the entire balance at the end of the month. Credit cards definitely seem like the better way to go.
http://www.pirg.org/consumer/banks/debit/fact.htm
Debit cards are usually linked to your checking account. Therefore, when purchases are made, the money comes directly from your that specific account, without dispute. It seems to replace the hassle of writing a check. Rather, you make the purchase, swipe, and the transaction is complete. Visa calls their debit card the "VISA Check Card" and Mastercard calls their's the "Mastermoney Card." Whoever the carrier, the debit cards function the same way.
Debit cards pose great risks, in terms of security. With checks, they require a photo ID, your license number, phone number, address, and signature. All you need to access the checking account associated with the debit card is their four-digit pin number. No questions are asked after that. And now, banks are coming out with a new debit card that does not even require a pin number! No signatures. No ID. Nothing. It seems that confidentiality for access to this account could be breached with four simple numbers, which would be entered electronically.
If I were an attacker, all I would have to do is stand behind someone close enough to see what numbers they select. If those four numbers hold the key to their checking accounts, obtaining those numbers would disclose all of their information on that account, not to mention all of the money in the account. Most receipts from debit card transactions contain the account numbers and sometimes the pin numbers. If I was an attacker, all I would have to do is watch out when people throw away receipts when leaving a store. I would then pretend I dropped something in the garbage, retrieve the receipt, go online and go shopping galore.
Clearly, the vulnerabilities of the card have been exhausted. It seems that newer technologies are making it easier and easier for black hat hackers. All they need is a receipt to drain your checking account?! That seems absurd. No photo ID. No signatures. Not even a pin number in some cases.
The value of a thin, plastic card carries the weight of an entire checking account. Because ID's and pin numbers can be stolen and altered, it seems like a difficult task to ensure the confidentiality of financial information. However, these threats will continue to exist as long as society uses cards to purchase goods, opposed to actual cash.
Because debit cards are this risky, I would definitely recommend using credit cards more often. If you lose your debit card or if someone hacks into your checking account, you lose your money and oftentimes have to go through extensive measures to retrieve that money from the bank. However, if you use your credit card, you are using the bank's money. That way, you can dispute the charges before you spend your own money. In the case that no wrongful charges have been charged, you could just pay the entire balance at the end of the month. Credit cards definitely seem like the better way to go.
http://www.pirg.org/consumer/banks/debit/fact.htm
The Hidden Cost of Identity Theft
A couple, Debra and Robert Guenterberg, experienced one of the worst types of financial disasters: identity theft. This couple alludes their experiences to those of a horror film, something that continously comes back to haunt them, day after day after day.
They first noticed that something was wrong when the couple tried to purchase a Ford truck, only to be rejected on the grounds of poor credit. The couple knew they had good credit in the past and pondered on this new phase of rejection. Soon after that incident, they applied for a home loan and a credit card, only to be rejected again. Collection agencies began calling their house, asking for money. Tha's when they realized that two men had stolen their social security numbers and had been making purchases under their identity. Now, when they go in to open checking accounts or make large purchases on credit, they are declined.
The sad thing about this situation is that it could potentially happen to anyone. Because many business transactions are conducted on the internet, it makes it hard to ward off criminals and keep personal information safe in cyberspace. That's why antivirus software is extremely important. Also, you should not release your social security number to anyone unless you absolutely have to. Also, you could purchase the identity theft programs through several credit check bureaus to get regular updates on purchases and accounts opened under your name.
http://www.cnn.com/2009/TECH/12/07/identity.theft.costs/index.html?iref=allsearch
They first noticed that something was wrong when the couple tried to purchase a Ford truck, only to be rejected on the grounds of poor credit. The couple knew they had good credit in the past and pondered on this new phase of rejection. Soon after that incident, they applied for a home loan and a credit card, only to be rejected again. Collection agencies began calling their house, asking for money. Tha's when they realized that two men had stolen their social security numbers and had been making purchases under their identity. Now, when they go in to open checking accounts or make large purchases on credit, they are declined.
The sad thing about this situation is that it could potentially happen to anyone. Because many business transactions are conducted on the internet, it makes it hard to ward off criminals and keep personal information safe in cyberspace. That's why antivirus software is extremely important. Also, you should not release your social security number to anyone unless you absolutely have to. Also, you could purchase the identity theft programs through several credit check bureaus to get regular updates on purchases and accounts opened under your name.
http://www.cnn.com/2009/TECH/12/07/identity.theft.costs/index.html?iref=allsearch
Cyber Crimes Poses Threat to E-Commerce
Technology critics have evaluated this past year, in relationship to internet trafficking. These critics assert that this year posed a major threat to the future of e-commerce, based on their findings of the detrimental effects cyber crime has committed against our economy. Statistics place spam mail at all-time high of 87% of email traffic. This ultimately means that almost 9 out of every 10 emails that you receive will be spam mail. This poses a threat because more people are choosing antivirus software to ward off the viruses from their computers. However, malicious software, like malware and scareware, are harboring these viruses and waiting for the right time to attack these computer systems. Critics fear that people will ultimately lose faith in their computers, which poses an ever larger danger, since a large portion of business transactions are conducted over the internet.
Although confidentiality seems merely impossible on the internet, there are ways to ward off viruses. For example, although you cannot stop spam mail from being sent to your email account, you do not have to open the mail. As annoying as it may be, simply deleting the mail, rather than opening it and following links, would ward off a lot more viruses. Another tactic would be through purchasing antivirus software. Most laptops or computer systems run around several hundreds of dollars. As with any valuable asset, you would like insurance to keep viruses away and your product safe from danger.
However, as with any attacker, they learn how to get around the loopholes and get into your devices anyway. These critics fear hackers invading business transactions and finding out financial information and sensitive data. All they would have to do is get you to open the spammed email and click on a link. This would offer them disclosure of personal information, which would ultimately alter the integrity of bank statements, financial information, and other personal data.
One of the most striking concepts of the internet is that you are facing a computer screen. No one can see you and identify your actual identity. As long as you possess the correct information to forge the data and receive other information, then no questions will be asked. This poses a large threat to the future of e-commerce because no matter how much you restrict data and pose walls, some black hat hacker will come in and easily walk through them.
The only recommendation that I could make would be to keep people abreast of the newest advancements of security and ways in which they can protect themselves and their devices.
http://www.cnn.com/2009/TECH/12/13/cybercrime.2009.review/index.html
Although confidentiality seems merely impossible on the internet, there are ways to ward off viruses. For example, although you cannot stop spam mail from being sent to your email account, you do not have to open the mail. As annoying as it may be, simply deleting the mail, rather than opening it and following links, would ward off a lot more viruses. Another tactic would be through purchasing antivirus software. Most laptops or computer systems run around several hundreds of dollars. As with any valuable asset, you would like insurance to keep viruses away and your product safe from danger.
However, as with any attacker, they learn how to get around the loopholes and get into your devices anyway. These critics fear hackers invading business transactions and finding out financial information and sensitive data. All they would have to do is get you to open the spammed email and click on a link. This would offer them disclosure of personal information, which would ultimately alter the integrity of bank statements, financial information, and other personal data.
One of the most striking concepts of the internet is that you are facing a computer screen. No one can see you and identify your actual identity. As long as you possess the correct information to forge the data and receive other information, then no questions will be asked. This poses a large threat to the future of e-commerce because no matter how much you restrict data and pose walls, some black hat hacker will come in and easily walk through them.
The only recommendation that I could make would be to keep people abreast of the newest advancements of security and ways in which they can protect themselves and their devices.
http://www.cnn.com/2009/TECH/12/13/cybercrime.2009.review/index.html
Sunday, December 13, 2009
Current event: TSA document exposed
Recently, a document of the Transportation Security Administration was inadvertently exposed through a private contractor of the cabinet department while consolidating. The process of redaction, when an organization consolidates literature into a more concise overview, can pose a security threat when this information is published. The final overview also needs to be more heavily guarded, because it contains more information in one location.
The scenario unfolded like this: An employee of contracted company was going through the Transportation Security literature, which directed TSA employees on the proper procedure for screening protocols used at more than 450 U.S airports, was posted on the Federal Businesses Opportunity website. It was posted in part of a TSA contract solicitation bid. A blogger discovered the document and passed it on to website administrators of anti-secrecy site Cryptome.org. They publicized the document and the confidential information began to spread across the web.
The problem in this case was a simple human error; the employee posted information that should have been kept confidential. The publishing of redacted information, however, goes much further than human errors however. The overarching issue causing this problems with redacted information is that organizations do not have a good understanding of the difference between redacted information in print, documents that are physically sent through the organization, and digital reacted information, sent or published electronically. In one case involving the department of defense, a document was published with the name of a Special Forces soldier that had been killed in Iraq that had been blacked out. The name was simply copy and pasted, and then the font was change. In the past, a marker could do a lot to redact a document. Today, however, technology has made it much easier to discover the information that has been disguised. Another common problem is that information that has been deleted or made indiscernible is the information has been already been recorded in the metadata of the file. In a case involving pharmaceutical giant Merck, information that had been simply deleted from a word document was later recovered through the metadata of the file.
Companies and government organizations (especially those subjected to the freedom of information act) are in a constant struggle between publishing information to the public and retaining information deemed private to the organization. The process of redaction in the new virtual world has made the struggle that much harder. Today, companies such as Redact-IT are selling software to remove confidential information from company documents. Even with these tools, redaction will continue to pose a threat to company struggling to be both private and public.
http://www.computerworld.com/s/article/9142141/Analysis_TSA_document_release_show_pitfalls_of_electronic_redaction?taxonomyId=17&pageNumber=2
The scenario unfolded like this: An employee of contracted company was going through the Transportation Security literature, which directed TSA employees on the proper procedure for screening protocols used at more than 450 U.S airports, was posted on the Federal Businesses Opportunity website. It was posted in part of a TSA contract solicitation bid. A blogger discovered the document and passed it on to website administrators of anti-secrecy site Cryptome.org. They publicized the document and the confidential information began to spread across the web.
The problem in this case was a simple human error; the employee posted information that should have been kept confidential. The publishing of redacted information, however, goes much further than human errors however. The overarching issue causing this problems with redacted information is that organizations do not have a good understanding of the difference between redacted information in print, documents that are physically sent through the organization, and digital reacted information, sent or published electronically. In one case involving the department of defense, a document was published with the name of a Special Forces soldier that had been killed in Iraq that had been blacked out. The name was simply copy and pasted, and then the font was change. In the past, a marker could do a lot to redact a document. Today, however, technology has made it much easier to discover the information that has been disguised. Another common problem is that information that has been deleted or made indiscernible is the information has been already been recorded in the metadata of the file. In a case involving pharmaceutical giant Merck, information that had been simply deleted from a word document was later recovered through the metadata of the file.
Companies and government organizations (especially those subjected to the freedom of information act) are in a constant struggle between publishing information to the public and retaining information deemed private to the organization. The process of redaction in the new virtual world has made the struggle that much harder. Today, companies such as Redact-IT are selling software to remove confidential information from company documents. Even with these tools, redaction will continue to pose a threat to company struggling to be both private and public.
http://www.computerworld.com/s/article/9142141/Analysis_TSA_document_release_show_pitfalls_of_electronic_redaction?taxonomyId=17&pageNumber=2
Friday, December 11, 2009
Cloud Computing
In general, cloud computing customers do not own the physical infrastructure, instead avoiding capital expenditure by renting usage from a third-party provider. They consume resources as a service and pay only for resources that they use. Many cloud-computing offerings employ the utility computing model, which is analogous to how traditional utility services (such as electricity) are consumed, whereas others bill on a subscription basis. Sharing "perishable and intangible" computing power among multiple tenants can improve utilization rates, as servers are not unnecessarily left idle (which can reduce costs significantly while increasing the speed of application development). A side-effect of this approach is that overall computer usage rises dramatically, as customers do not have to engineer for peak load limits. In addition, "increased high-speed bandwidth" makes it possible to receive the same response times from centralized infrastructure at other sites.
The majority of cloud computing infrastructure, as of 2009, consists of reliable services delivered through data centers and built on servers with different levels ofvirtualization technologies. The services are accessible anywhere that provides access to networking infrastructure. Clouds often appear as single points of access for all consumers' computing needs. Commercial offerings are generally expected to meet quality of service (QoS) requirements of customers and typically offer SLAs. Open standards are critical to the growth of cloud computing, and open source software has provided the foundation for many cloud computing implementations.
What happens when the cloud gets hacked? Google claims that could computing is the next "big thing" that they will attempt to use to drive their stock price up. On paper the concept seems simple and efficient but I just hope that security is the main priority. If a hacker gets access to the cloud they have free reign to anything and everything that is stored in the cloud. There is a lot a stake and like I said earlier I hope that the proper measures are taken to ensure that the integrity of its users information.
-source http://en.wikipedia.org/wiki/Cloud_computing
Senate Committee Passes Data Breach Laws
The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5.
The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bills are now headed to the full Senate for its stamp of approval.
The Personal Data Privacy and Security Act of 2009 establishes guidelines for performing risk assessments and vulnerability testing and controlling and logging access to sensitive information. There are also provisions tied to protecting data in transit and at rest, and a set of rules for notifying law enforcement, credit reporting agencies and individuals affected by a breach.
In addition, the bill creates the Office of Federal Identity Protection inside the Federal Trade Commission.
The committee also gave the thumbs up to the Data Breach Notification Act, which requires U.S. agencies and corporations involved in interstate commerce to notify anyone whose personal information either was or may have been accessed or acquired in a breach.
Agree?
source-http://www.eweek.com/c/a/Security/Senate-Committee-Passes-Data-Breach-Laws-590570/
Subscribe to:
Posts (Atom)
Posts
