A Review of the Best News of the Week on Identity Management & Web Fraud

ID Systems Throughout the 50 States (Schneier on Security, Oct 31 2018)
Jim Harper at CATO has a good survey of state ID systems in the US….

How Do You Fight a $12B Fraud Problem? One Scammer at a Time (Krebs on Security, Oct 29 2018)
“The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.”

Passcodes are protected by Fifth Amendment, says court (Naked Security – Sophos, Nov 01 2018)
The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Apple CEO Advocates for Privacy, Industry Responds (Infosecurity Magazine, Oct 25 2018)
Pushing for GDPR-like regulations, Apple’s Tim Cook stands up for privacy while taking a subtle jab at other tech giants.

2FA: 76% of Sites Do Not Offer Users a Full Set of 2FA Options (Dashlane Blog, Nov 01 2018)
Among 34 top consumer websites in the United States, Dashlane researchers found that 76% of sites do not offer users a full set of 2FA options.

Google and Facebook accused of secretly tracking users’ locations (Naked Security – Sophos, Oct 25 2018)
Google and Facebook have been hit separately by class action lawsuits accusing them of secretly tracking user locations.

Fortnite’ Scams Are Even Worse Than You Thought (Wired, Oct 29 2018)
YouTube videos with millions of views. Nearly 5,000 bogus websites. V-Bucks scammers have gotten out of control.

Updates to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA): What It Is + What It Means for You (Okta, Oct 31 2018)
Starting on November 1, organizations subject to PIPEDA will need to comply with three new requirements.

Google Launches reCAPTCHA v3 (SecurityWeek, Oct 30 2018)
Google on Monday announced the launch of reCAPTCHA v3, which aims to improve user experience by removing the need for challenges.

FaceShield launches to protect your digital facial data and privacy online (Help Net Security, Oct 25 2018)
… applies a filter of your choice to break face detectors. When the photo is uploaded, FaceShield’s algorithm generates “noise” on the photo to jam facial detection technology.

Iran’s New Facebook Trolls Are Using Russia’s Playbook (Wired, Oct 26 2018)
Facebook took down another Iranian-based network of phony accounts Friday. This new campaign focused on American politics—and it was successful.

Signal’s “Sealed Sender” Is a Clever New Way to Shield Your Identity (Wired, Oct 29 2018)
“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Moxie Marlinspike, the creator of Signal, wrote on Monday. “It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the ‘from’ address used to be.”

NSF announces $78.2 million to support frontiers of cybersecurity, privacy research (National Science Foundation, Oct 30 2018)
$10 million, 5-year award for Frontier center headlines portfolio of 225 new projects focused on secure cyberspace research

Deceptioneering Part 2: Principles of Deception (Infosecurity Magazine, Oct 31 2018)
Once you have a foundational knowledge of Deceptioneering, it is important to look at some practical applications.

US Indicts Chinese Spies and Insiders for Aviation Theft (Infosecurity Magazine, Oct 31 2018)
Hackers were allegedly helped by IT security boss at French aerospace firm

Facebook is still approving fake political ads (Naked Security – Sophos, Nov 01 2018)
Just a couple of weeks before the US midterm elections, journalists have revealed that Facebook is continuing to approve fake advertisements from fake sources.

Google Boosts Account Security With New Tools, Protections (SecurityWeek, Nov 01 2018)
Google on Wednesday announced several new tools and protection mechanisms designed to help users secure their accounts and recover them in case they have been compromised.

The Privacy Battle to Save Google From Itself (Wired, Nov 01 2018)
Interviews with over a dozen current and former Google employees highlight a commitment to privacy—and the inherent tensions that creates.

Eurostar resets customers’ passwords after accounts breached (Graham Cluley, Nov 01 2018)
If you’re one of the millions of people who travels under the English Channel each year, then there’s a good chance you may have to change your password for the Eurostar website.

Liveness Detection: Fighting Fraud With Anti-Spoofing AI (Jumio, Oct 25 2018)
“We’ve recently integrated certified 3D liveness detection from FaceTec to thwart the many well-documented vulnerabilities in 2D liveness detection methods which render them susceptible to spoofing. Some common examples of liveness spoofs include…”