A Review of the Best News of the Week on Identity Management & Web Fraud

Chip Cards Fail to Reduce Credit Card Fraud in the US (Schneier on Security, Nov 15 2018)
A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals.

A new Venezuelan ID, created with China’s ZTE, tracks citizen behavior (Reuters, Nov 14 2018)
Chinese telecoms giant ZTE is helping Venezuela build a system that monitors citizen behavior through a new identification card. The “fatherland card,” already used by the government to track voting, worries many in Venezuela and beyond.

Mozilla’s ‘Privacy Not Included’ Gift Report Highlights Security Concerns (Wired, Nov 14 2018)
In its second annual “Privacy Not Included” guide, the nonprofit highlights internet-connected items that value your privacy—and the ones that may not.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Privacy and Security of Data at Universities (Schneier on Security, Nov 09 2018)
Two parallel developments in academic data collection are converging: (1) open access requirements, whereby researchers must provide access to their data as a condition of obtaining grant funding or publishing results in journals; and (2) the vast accumulation of “grey data” about individuals in their daily activities of research, teaching, learning, services, and administration. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection.

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame (Troy Hunt, Nov 08 2018)
Let’s stopped saying “hacked” in the news headlines and start saying “used a shit password” instead!

Beyond Passwords: 2FA, U2F and Google Advanced Protection (Troy Hunt, Nov 15 2018)
“I wanted to focus on going beyond passwords and talk about 2FA. Per the title, not just any old 2FA but U2F and in particular, Google’s Advanced Protection Program.”

IBM Launches Pinpoint Verify to Improve Digital Identity Trust (eWEEK, Nov 09 2018)
IBM is bringing identity and access management technology into its Pinpoint Suite to help prevent online fraud.

Entrust Datacard Acquires Spanish Firm Safelayer (SecurityWeek, Nov 09 2018)
Minneapolis-based identity firm Entrust Datacard has acquired Barcelona, Spain firm Safelayer Secure Communications. Financial details have not been disclosed.

Guilty Plea Made in Massive International Cell Phone Fraud Case (Dark Reading, Nov 09 2018)
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.

Unable to remember his password, man sent letter bomb to Bitcoin exchange (Graham Cluley, Nov 12 2018)
A Swedish man has been jailed for six and a half years after sending a letter bomb to Bitcoin exchange Cryptopay. Why would anyone do such a horrendous thing? Police believe it was because he couldn’t remember his password.

Hiding Secret Messages in Fingerprints (Schneier on Security, Nov 12 2018)
This is a fun steganographic application: hiding a message in a fingerprint image. Can’t see any real use for it, but that’s okay.

Experts Slam Employee Microchip Plans (Infosecurity Magazine, Nov 13 2018)
It’s claimed chips could improve security by restricting physical access

DEA and ICE hiding cameras in streetlights and traffic barrels (Naked Security – Sophos, Nov 13 2018)
Drug and immigration cops in the US are buying surveillance cameras to hide in streetlights and traffic barrels.

Intel Asks for Comments on Draft Federal Privacy Law (SecurityWeek, Nov 12 2018)
Intel Proposes “Innovative and Ethical Data Use Act of 2018” to Improve Protection of Personal Privacy Through Nationwide Standards

Target and other high profile Twitter accounts exploited for cryptocurrency scams (Graham Cluley, Nov 13 2018)
Twitter accounts owned by IT consultancy Capgemini, the Consulate General of India in Germany, California state senator Ben Allen, and Israeli politician Rachel Azaria, were exploited by scammers who used them to promote bogus cryptocurrency giveaways.

Dutch Film Boss Sacked After €19m BEC Loss (Infosecurity Magazine, Nov 14 2018)
Finance director also fired after failing to spot major scam

State vs. Federal Privacy Laws: The Battle for Consumer Data Protection (SecurityWeek, Nov 13 2018)
he result is that while the EU has one basic law covering data protection, privacy controls and breach notification (GDPR), the U.S. has a patchwork of state and federal laws, common law and public and private enforcement that has evolved over the last 100 years and more.

Shady Data Brokers Are Selling Online Dating Profiles by the Millions (Motherboard, Nov 12 2018)
Tactical Tech and artist Joana Moll bought one million dating profiles for $153.

Airlines Have a Big Problem with Bad Bots (Dark Reading, Nov 14 2018)
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.

Skimmed BA and Newegg Customer Card Details Up for Sale (Infosecurity Magazine, Nov 15 2018)
Dark web trawl reveals Magecart criminals are monetizing stolen data