Tuesday, February 27, 2007

Stop & Shop Skimmers Stopped

According to the Associated Press today, "four California men were arrested in what police said was a scheme to switch checkout-lane credit card readers at Stop & Shop supermarkets as a way to steal customers' numbers and passwords." The men, whose ages ranged frm 20 to 28, reportedly were arrested last night while attempting to switch keypads at a store in Coventry, Rhode Island. They are charged with conspiracy, computer theft and fraud. They were scheduled to be arraigned this afternoon in Kent County District Court in Rhode Island.

Thursday, February 08, 2007

Clueless and Defenseless?

Eurogamer just reported that a man in New Zealand has been arrested and charged with stealing an Xbox 360 during a burglary, after he called Microsoft "to register the machine and ask for a power cord to replace the one he forgot to steal."

Clueless or Defenseless?

In the wake of initial media coverage about this week's attacks on DNS root servers, a Sophos press release quoted Graham Cluley, senior technology consultant at Sophos, as commending "the resilience of the root servers" but pointing to "the lax attitude of some users towards IT security" as "the root of the problem." Cluley reportedly found it "ironic that the people who depend on the web may have been the ones whose computers were secretly trying to bring it down."
Cluley's comments, unfortunately, both understate and misstate the problem. If Vint Cerf's recent estimate -- that as many as 150 million of the 600 million computers on the Internet may be infected and pressed into service in botnets -- is correct, the problem is not "some users," but vast numbers of individual and corporate users. At the same time, it is important to keep in mind that "those who depend on the web" also depend on those who provide critical security software and services.
This week, Trend Micro issued an advisory about a serious security flaw in its antivirus scan engine that could be used to trigger a buffer overflow and allow an attacker to take control of the system. One could say it's ironic that a leading security vendor provided security-minded users with products that contained their own signficant vulnerability.
Certainly, the sort of vulnerability that Trend Micro announced is far from unique -- and that's precisely the point. End-users, from naive newbies to sophisticated programmers, should bear only a portion of the total responsibility for improving IT security worldwide. While we move, haltingly, toward a better allocation of responsibility among all participants in the online world (including infrastructure and content providers and IT security vendors) for maintaining IT security, placing the blame on just "some users" simply misdirects the discussion into unproductive debate.

Monday, February 05, 2007

Email Order Bride (and Groom)

BBC News recently published an intriguing article about the ways in which the Internet is helping the current generation of young Indian professionals to mediate between the deeply rooted tradition of arranged marriage and the modern desire for greater involvement in selecting one's own prospective mate. Young people can use a variety of Indian matrimonial sites to look for prospective mates from their communities, email each other to communicate more freely than in traditional face-to-face meetings that their parents arranged, and present parents with a selection whom they can still meet and approve.