A Review of the Best News of the Week on Identity Management & Web Fraud

Americans Spent $1.4B on Credit Freezes after Equifax (Krebs on Security, Mar 23 2018)
Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion,

Firefox users can now ‘isolate their Facebook identity’ from the rest of the web (Graham Cluley, Mar 28 2018)
Firefox’s Facebook Container add-on makes it harder for Facebook to track your web activity via third-party cookies.

The Digital Identity ecosystem is evolving and operators cannot afford to miss out (Gemalto blog, Mar 28 2018)
It shouldn’t come as a surprise to hear me say that telecoms operators play a fundamental role in all of this. They have decades of experience in connecting people and have built up a huge wealth of consumer trust when it comes to securely managing digital identities.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Google Changes Web Ad Policies to Comply With EU’s GDPR (eWEEK, Mar 24 2018)
Publishers and advertising partners will need to obtain informed consent from users in the European Union before they can share any data for ad targeting.

Facebook scraped call, text message data for years from Android phones (Ars Technica, Mar 25 2018)
Maybe check your data archive to see if Facebook’s algorithms know who you called.

Facebook Adds Machine Learning to Fraud Fight (Dark Reading, Mar 26 2018)
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day,

Facebook Announces New Steps to Protect Users’ Privacy (SecurityWeek, Mar 28 2018)
Facebook on Wednesday unveiled new privacy settings aiming to give its users more control over how their data is shared, following an outcry over hijacking of personal information at the giant social network.

Tracing Stolen Bitcoin (Schneier on Security, Mar 28 2018)
Ilia Shumailov has written software that applies FIFO tainting to the blockchain and the results are impressive, with a massive improvement in precision. What’s more, FIFO taint tracking is lossless, unlike haircut; so in addition to tracking a stolen coin forward to find where it’s gone, you can start with any UTXO and trace it backwards to see its entire ancestry. It’s not just good law; it’s good computer science too.

Thousands of servers found leaking 750MB worth of passwords and keys (Ars Technica, Mar 29 2018)
Leaky etcd servers could be a boon to data thieves and ransomware scammers.

Laundering Via In-Game Currency and Goods is on the Rise | Part 2 (Bromium, Mar 20 2018)
In-game purchases and currencies are spurring a rise in gaming-related laundering Minecraft, FIFA, World of Warcraft and more are used for laundering China and South Korea become hotspots for gaming-currency laundering In April of 2017, we started an independent, academic study into the macro economics of cybercrime and how cybercriminals launder and ‘cash out’…

Cybercriminals Use Bitcoin as One Method of Laundering Money | Part 1 (Bromium, Mar 19 2018)
We are following the money to see what happens to the proceeds from cybercrime. This research shows cybercriminals are money laundering through both familiar and unfamiliar channels.

How Digital Payment Systems Like PayPal Are Used for Money Laundering | Part 3 (Bromium, Mar 22 2018)
Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so laundering limits aren’t triggered

Trustico Boss Claims ‘Significant Suffering’ After Certificates Revoked (Infosecurity Magazine, Mar 26 2018)
Trustico claims it is suffering after 23,000 certificates were revoked, and that it never deliberately exposed private keys

Privacy: Do We Need a National Data Breach Disclosure Law? (Dark Reading, Mar 27 2018)
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.

Fooling Face Recognition with Infrared Light (Schneier on Security, Mar 27 2018)
Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers.

New Forrester Report: Plugging the Gap Left by SSO (LastPass Blog, Mar 28 2018)
The report, titled “Best Practices: Selecting, Deploying, And Managing Enterprise Password Managers,” recognizes the ‘password chaos’ that exists and the reasons for it. The report notes the high volume of accounts that employees need to manage, plus the reality that SSO and IDaaS solutions simply do not cover all passwords required in an employee’s workday.  

Tax scams target businesses, too: attacks just the tip of the phishing spear (CSO Online, Mar 28 2018)
There are too many people unaware of the issue and too many organizations that believe they are immune or that your business won’t be a target.

Breach Reports Roll in Following New Australian Data Protection Regulations (Gemalto blog, Mar 23 2018)
On 22 February 2018, the Privacy Amendment (Notifiable Data Breaches) Act of 2017 took full effect in Australia. The legislation requires organizations responsible for protecting citizens’ data in Australia to report a security breach to the Office of the Australian Information Commissioner (OAIC) if the incident involves unauthorized access to/loss of personal information or “is likely to result in serious harm to any of the individuals to whom the information relates.”

Securing the Future of Mobile Banking (ThreatMetrix, Mar 22 2018)
Mobile has become the leading way for financial institutions of all shapes and sizes to acquire new customers, with more than 57 percent of new customer accounts coming from this channel.

Unmasking Monero: stripping the currency’s privacy protection (Naked Security – Sophos, Mar 28 2018)
The features that make blockchains trustworthy may leave them vulnerable to retrospective action.