A Review of the Best News of the Week on Identity Management & Web Fraud

Is this the simple solution to password re-use? (Naked Security – Sophos, Oct 17 2018)
…answer that’s been hiding in plain sight for years – set policies that mandate longer and more complicated passwords.

How DNA Databases Violate Everyone’s Privacy (Schneier on Security, Oct 15 2018)
If you’re an American of European descent, there’s a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.

Millions of Voter Records Found for Sale on the Dark Web (Dark Reading, Oct 15 2018)
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

One-Third of US Adults Hit with Identity Theft (Dark Reading, Oct 11 2018)
That’s double the global average and more than three times the rate of French and German adults.

What Kanye West can teach us about passcodes (Naked Security – Sophos, Oct 12 2018)
Pulling out an iPhone XS to show the assembled throng a picture of the hydrogen-powered aircraft that “our president should be flying in,” West casually unlocked it using the passcode ‘000000’.

35 state attorney generals tell FCC to pull the plug on robocalls (Naked Security – Sophos, Oct 12 2018)
The AGs want the FCC to adopt SHAKEN and STIR.

Facebook Purges 251 Accounts to Thwart Deception (SecurityWeek, Oct 11 2018)
Facebook on Thursday said it shut down 251 accounts for breaking rules against spam and coordinated deceit, some of it by ad farms pretending to be forums for political debate.

Could 2019 be the End of Cookie Consent Forms? (Infosecurity Magazine, Oct 12 2018)
How the upcoming ePrivacy Regulation will change the current Cookie law.

Twitter Posts Millions of Tweets Linked to Russia, Iran Meddling (IT Pro, Oct 17 2018)
The social media company has previously disclosed the activities, going back to 2016, but said in a blog post Wednesday that it was opening up the data to the public to encourage independent analysis by researchers, academics and journalists.

Apple’s Revamped Privacy Website Offers Users Access to Their Data (SecurityWeek, Oct 18 2018)
Apple users can now get a copy of the data the tech giant has on them, directly from a refreshed and expanded privacy website rolled out this week.

Hackers steal Pentagon personnel’s PI and credit card data (Help Net Security, Oct 15 2018)
The U.S. Department of Defense confirmed on Friday that personal information and credit card data of some 30,000 U.S. military and civilian personnel has been compromised in a breach affecting a DoD’s third party contractor. Apparently, no classified information was accessed by the attackers.

Hackers Win Big by Gambling on Identity Spoofing (Infosecurity Magazine, Oct 12 2018)
Q2 2018 saw 1.6m attacks on gaming and gambling sector, according to the ThreatMetrix cybercrime report.

Beware sextortionists spoofing your own email address (Naked Security – Sophos, Oct 15 2018)
Good news: thankfully, it’s not true. The sextorting phisher has not, in fact, demonstrated that he’s hacked your email. All he’s done is demonstrate that anyone can send an email claiming to be from anyone else.

Tech Support Scams Decline as Consumers Get Savvy (Infosecurity Magazine, Oct 16 2018)
Microsoft stats also reveal drop in number losing money

User and Entity Behavior Analytics vs. Behavioral Biometrics: Comparing Two Security Solutions (Biocatch, Oct 17 2018)
Monitoring user behavior is one of the best ways to detect cyber attacks and fraud in real time. In recent years, user and entity behavior analytics (UEBA) and behavioral biometrics have emerged as two promising fields in the world of cybersecurity. Though both focus on detecting anomalous user behavior, there are critical differences between the two.

Helm Wants You to Control Your Own Data Again (Wired, Oct 17 2018)
Helm has begun accepting orders for simple devices that you can use to store things like photos and videos, and to host your own email, contacts list, and calendar. You set up a Helm server in your house, office, or wherever with a mobile app, and can then access your own personal email server and cloud from all your devices anywhere. And the data on the device can’t be copied or accessed without a physical security token for multi-factor authentication.

Using Federated Identities with AWS CodeCommit (AWS DevOps Blog, Oct 05 2018)
Thanks to Raja Mani, AWS Solutions Architect, for this great blog that describes how federated users can access AWS CodeCommit.

Get more control over your Compute Engine resources with new Cloud IAM features (Google, Oct 15 2018)
At Google Cloud Next 2018, they introduced Compute Engine resource-level IAM, which allows you to apply IAM policies on VMs, disks, images, and other Compute Engine resources, and provides you with flexibility and fine-grained control of your environment.

How banks can bring PIN codes into the 21st century (Gemalto, Oct 18 2018)
A good customer experience can be make or break in the banking sector. Innovation in PIN delivery is one area that’s ripe for improvement.

Inside the Dark Web’s ‘Help Wanted’ Ads (Dark Reading, Oct 18 2018)
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.