Topic: Identity Protection

In Speaking of Security's newest video podcast we talk to Joram Borenstein, Senior Product Manager, about the latest strategies of online fraudsters.

The U.S. Passport card or PASS (People Access Security Service) card, a new travel document, is slated for issue by the federal government in the spring of this year. A poor cousin to the standard passport, it's more compact and less expensive, but valid only at land and sea points of border entry into the United States, not for air travel. The PASS card emerged as part of the Western Hemisphere Travel Initiative (WHTI), which phases out drivers' licenses as border-crossing documents for the U.S.

I've heard two starkly contrasting opinions on the security of the PASS card...

I was sitting with my friend R. in a bar. My friend was completely ignoring me (a rather stimulating treatise on how my failure with women is caused by millions of years of human evolution. I've entitled this thesis "Nature or nurture, culture or genes: Pick any one -- or all of the above"), and was focusing on a girl on the other side of the bar.

"She could be your daughter," I told R. He continued ignoring me, and said, "She could totally be mine..."

"Perhaps, but she won't," I said. "You're 38, you have a girlfriend and you were telling me the other day you were thinking of proposing to her."...

Not since the infamous U.S. Veterans Administration breach, when a laptop containing information on 26.5 million veterans was stolen in 2006, have we seen a breach of sensitive data like the one that occurred in the United Kingdom last week. According to news reports, two disks containing the records of 7.25 million families and around 25 million people were lost by Her Majesty's Revenue and Customs agency as they were being transferred to the UK's National Audit Office.

My friends have gotten tired of hearing me talk about how dreadful it is to be single. One of my friends S. (who has four children and a mortgage) suggested that I take over looking after his kids while *he* wakes up with a hangover next to a half-empty bottle of Jack Daniels and photos of a wild party and the younger sister of one of my work colleagues (Hi M!). Another friend, R, asked me why I don't frequent the singles bar scene. I replied that I'm looking for a sun-drenched wind-swept Ingrid Bergman kiss, a heart touching romance and a soul companion -- not some sordid meaningless fling. He sagely nodded his head and voiced his hopes that I enjoy the rest of my long life looking forward to dying alone...

This month, I'll be posting blogs several times a week given that this is National Cyber Security Awareness Month. To kick off this year's campaign, the 2007 National Cyber Security Awareness Summit was held at the National Press Club in Washington, D.C. on October 1st.

Below, you will find a post from the Summit:

I was encouraged by the strong turnout at the inaugural National Cyber Security Awareness Summit, the 4th time that October has been recognized officially as National Cyber Security Awareness Month. You know that you are going to have good event when the room is half full 30 minutes before start time.

I thought that Assistant Secretary Greg Garcia captured the heightened interest in the topic...

Over the past year we have witnessed a significant increase in the number of data breach incidents due to mistakes by internal employees at many respected companies. These incidents run the gamut from missing or stolen laptops, vanishing BlackBerry's and disappearing USB drives. The typical response from companies that have suffered these sorts of breaches is: "Our policy prohibits employees from putting unencrypted sensitive company information on laptops, PDAs, and other devices." While you will get no argument from me that this is a good policy, how much of the responsibility for ensuring this policy is followed as intended should really fall on the employee's shoulders? Is it really possible to expect employees to be educated enough about such policies to always do the right thing?...

"Phishing," as you probably know, is a form of online con game. Users are lured by e-mail messages to legitimate-seeming but criminal sites--typically falsified versions of their real banking sites--and encouraged to enter password information. Having harvested this information, the operators of the criminal sites use it to break into victims' accounts. (As the term suggests, most "phishing" e-mail goes wide of the mark, arriving as spam unconnected with the recipient's bank. A phishing expedition, though, can be profitable with only a few successes.) The remedies offered by the security community are numerous. Most prevalent are various types of red flags...