A Review of the Best News of the Week on Identity Management & Web Fraud
Wi-Fi Hotspot Tracking – Schneier on Security (Schneier on Security, Oct 15 2019)
Free Wi-Fi hotspots can track your location, even if you don’t connect to them. This is because your phone or computer broadcasts a unique MAC address.
Student tracking, secret scores: How college admissions offices rank prospects before they apply (Washington Post, Oct 15 2019)
Before many schools even look at an application, they comb through prospective students’ personal data, such as web-browsing habits and financial history
Best practices for password management, 2019 edition (Google Cloud Blog, Oct 10 2019)
Two new whitepapers to help you navigate password security:
– Modern password security for users provides pragmatic and human-centric advice for end users to help improve your authentication security habits.
– Modern password security for system designers is the first paper’s technical counterpart, outlining the latest advice on password interfaces and data handling.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Amazon Calls for Government Regulation of Facial Recognition Tech (SecurityWeek, Oct 13 2019)
Amazon is endorsing the idea of government regulation of facial recognition technology, as part of a wide-ranging statement of its principles on a range of social and political issues.
Why You Don’t Need to Change Passwords So Often (eWEEK, Oct 15 2019)
New research reveals that mandatory periodic password changes will make your enterprise less secure than simply leaving them alone.
350+ hackers hunt down missing people in first such hackathon (Naked Security – Sophos, Oct 15 2019)
Organizers said 100 leads were generated every 10 minutes by contestants using OSINT – open-source intelligence such as online searches.
Google’s USB-C Titan Security Key Arrives in the U.S. (SecurityWeek, Oct 15 2019)
Starting October 15, users in the United States have a new two-factor authentication (2FA) method at their disposal in the form of Google’s USB-C Titan Security Key. Manufactured in partnership with Yubico, the USB-C Titan Security Key is compatible with Android, Chrome OS, macOS, and Windows devices.
Stalker found pop star by searching eyes’ reflections on Google Maps (Naked Security – Sophos, Oct 14 2019)
A man confessed to stalking and attacking a young pop star by zooming in on the reflections in her eyes from selfies.
Most Americans Are Clueless About Private Browsing (Infosecurity Magazine, Oct 11 2019)
New research reveals a dearth of digital knowledge among American adults
Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges (SecurityWeek, Oct 14 2019)
A Michigan man appeared in federal court on Friday on charges related to his involvement in a scheme aimed at defrauding victims of at least $1.4 million in cryptocurrency.
California Attorney General Outlines How State Will Enforce Upcoming Privacy Law (SecurityWeek, Oct 14 2019)
The California Attorney General Xavier Becerra has released the draft proposed regulations on how the state will enforce the California Consumer Protection Act (CCPA) that comes into force on January 1, 2020.
“BriansClub” Hack Rescues 26M Stolen Cards (Krebs on Security, Oct 15 2019)
“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
Florida Women’s Clinic Warns 520,000 Patients of Data Breach (Infosecurity Magazine, Oct 15 2019)
Hackers may have accessed medical records of North Florida OB-GYN patients
Food writer Jack Monroe loses at least £5,000 in SIM-swap fraud (Naked Security – Sophos, Oct 16 2019)
Her accounts were drained in spite of using 2FA, showing that SIM swaps can still circumvent what’s a good security tool.