A Review of the Best News of the Week on Identity Management & Web Fraud

Top 100 Identity Influencers 2018 (One World Identity, Feb 14 2018)
Here are OWI’s top 100 people to know in 2018: pioneers who are leading the charge to improve identity. The list ranges from individual entrepreneurs to members of large organizations, and covers both public sector and non-profit advocates.

Chinese police get facial recognition glasses (Naked Security – Sophos, Feb 09 2018)
The eyeglass-mounted camera is equipped with facial-recognition technology capable of “highly effective screening” of crowds

Can Consumers’ Online Data Be Protected? (Schneier on Security, Feb 14 2018)
Government policy is the missing ingredient. We need standards and a method for enforcement. We need liabilities and the ability to sue companies that poorly secure our data. The biggest reason companies don’t protect our data online is that it’s cheaper not to. Government policy is how we change that.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Facebook’s privacy settings are illegal, says court (Naked Security – Sophos, Feb 13 2018)
Forcing real name use is illegal, as are default settings such as making profiles available to search engines so anybody can bump into them.

Practical Advice on Integrating GDPR Compliance into the Customer Experience (Gigya, Feb 13 2018)
No one likes spam. No one likes to be tracked across the internet by irrelevant ads…A main goal of the GDPR is to answer these consumer demands…

Four Lessons from the Half-Billion Infraud Take Down (iovation, Feb 09 2018)
Earlier this week, the Department of Justice unsealed indictments against no fewer than 36 individuals alleged to have been involved with the Infraud Organisation cybercrime forum, which netted an estimated $530 million in stolen profits from financial institutions, consumers, and other victims worldwide.

Amino Apps Makes the Case for Anonymity Online (Wired, Feb 13 2018)
It’s not hard to understand why platforms might want users to go by the names they use in real life. It’s easier to sell advertisements if you can tell companies what kinds of people will see them, and there’s a hope that people using their real identities will act more civil online. But a relatively new, smaller social network called Amino Apps isn’t buying it.

Fired System Admin Sabotages Railway Network (PCMag, Feb 14 2018)
Logging into the system using his still-active credentials, Grupe removed admin-level access from other accounts, deleted important files from the network, and changed passwords so other employees could no longer gain access. He also deleted any logs showing what he had done.

Robot’s revenge – the CAPTCHA that stops humans (Naked Security – Sophos, Feb 09 2018)
But the images in the Humans Not Invited test aren’t made for human eyes. Rather, they’re full of images that are blurred beyond recognition. At least, they’re blurred beyond most human recognition: some Reddit users said they guessed correctly, though nobody at Motherboard did.

Email Fraud Attacks Continue to Grow, Proofpoint Reports (eWEEK, Feb 14 2018)
According to security firm Proofpoint, email fraud attacks in the fourth quarter of 2017 were pervasive, with 88.8 percent of organizations targeted by at least one attack.

Identity’s Third Wave – Security (Identropy, Feb 10 2018)
Identity becoming a “Cyber” or “InfoSec” solution is the new wave that is going to drive our solutions into a broader market, but are we going to once again enter the dreaded “Trough of Disillusionment”?

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies (Graham Cluley, Feb 13 2018)
If you don’t want to disable your ad blocker, maybe you’ll feel comfortable letting Salon.com run code from Coinhive which will gobble up your computer’s resources to mine some Monero cryptocurrency.

RSA Security: Consumers Falsify Data to Safeguard PII (Infosecurity Magazine, Feb 09 2018)
41% of consumers are actively submitting erroneous personal data with companies when signing up for products and services because they have little faith in that information being kept safe or not being used for intrusive marketing.

Google-Nest merger reawakens privacy worries (Naked Security – Sophos, Feb 12 2018)
Nest users’ data will continue to be used for the limited purposes described in our privacy statement like providing, developing, and improving Nest services and products. As we develop future plans and future product integrations, we will be transparent with users about the benefits of those integrations, any changes to the handling of data, and the choices available to consumers in connection with those changes.

Establishing Trust With Identity Governance Intelligence (IBM Security Intelligence, Feb 13 2018)
Does your organization know exactly who its users are, what they’re entitled to access and where the information they’re accessing is stored? Perhaps more importantly, do you trust the people who are providing access permissions?

Five Best Practices for Zero Trust Security (Centrify, Feb 14 2018)
Only after identity is authenticated and the integrity of the device is proven can access to resources be granted–but even then with just enough privilege to perform the task at hand.

Preventing ID fraud through automated customer enrolment (Gemalto, Feb 12 2018)
According to CFCA’s Global Fraud Loss Survey 2017, the cost of telecom fraud decreased more than 20% in 2017 compared to 2015, representing 1.2% of last year’s telecom revenues.