Latest News

From FraudWiki

Jump to: navigation, search

The following articles have been selected from a variety of RSS feeds and is updated once a day. If you would like to suggest an RSS feed to be included here please let us know.

Recent Posts

(updated Thu Aug 28 15:00:03 BST 2008 )


The Register : Wed, 27 Aug 2008
Election watchdog makes ID card U-turn
Unnecessary for fraud clampdown UK election scrutineers are pushing for polling stations to require tougher proof of identity to reduce the risk of ballot-rigging, but do not want voters to be forced to bring photo ID.…

The Register : Wed, 27 Aug 2008
US data breaches booming in '08
Have you seen my identity? The number of personal information leaks reported in the US this year have already exceeded the total amount in all of 2007, San Diego-based Identity Theft Resource Center said today.…

guardian.co.uk Technology : Wed, 27 Aug 2008
Letters and blogs: August 28
Robot wars The problem with our type of cleverness is, of course, that it so often translates into ever more ingenious ways of killing other humans (Swarms of robots join the army, August 21). As it stands, we can only hope that when our robots truly become intelligent, they will not also inherit our innate and very human viciousness. gal.darkervision.com "In just over five years, the swarms of robots in the British armed forces will outnumber the soldiers." Oh great... ruleset.org The MoD must be very, very pleased. Its Grand Challenge, which I've blogged about previously, has won tremendous coverage (robots, urban warfare, Salisbury Plain - you remember). This piece in today's Technology section of the Guardian is very good. Not least because it doesn't go for the obvious let's-talk-to-the-winners angle. takingoutthetrash.typepad.co.uk These military advances are increasingly necessary because Western audiences cannot stomach human losses in war anymore. But more importantly, miniscule, expendable insect-like robots can track down terrorists in urban settings without putting soldiers in harm's way and reducing collateral damage to civilians. The fear becomes whether an enemy can infiltrate your control system or if the robots become so autonomous that they are out of your control. In 10-20 years, military forces will be completely transformed. This is just the beginning. gottliebreport.blogspot.com In defence of OS We are more than happy that the Guardian has shown this interest in the way that Ordnance Survey communicates about the important work that we do (Ordnance Survey hires PR company to lobby politicians, August 21). It is because Ordnance Survey data is so vital that parliamentarians and other important stakeholders expect us to communicate with them about our work. That is why we engage with politicians from all parties who care about the services that we provide. We have a duty to inform them on our role collecting the data needed to map every feature on the landscape, and how we intend to maintain the quality of this sophisticated data going forward. We're committed to the best possible communications with all our stakeholders, now and in the future. Nicole Perry, head of public affairs, Ordnance Survey I'm not at all surprised to learn that OS is paying political lobbyists, but it does feel completely underhand. These people are supposed to be professional civil servants, for Christ's sake. They're supposed to be impartial; their input into government is supposed to go through the proper chain, through their department and their minister. Their input into the political process should not go through a bunch of hack lobbyists, paid for out of the public purse, simply because the management of OS are not up to the job of making a decent case with their minister. It's unconscionable. I've long referred to the trading fund model as nothing more than legalised money laundering, and this does little to make me change my mind. sawyl.livejournal.com Date your podcasts Please could you include the date at the start of each [Tech Weekly] podcast? Sometimes I have several backed up on my MP3 and knowing their sequence would be very helpful [when I cannot get to read a display, eg when driving]. Enjoy the programme, keep up the good work, and thanks to all the team. Peter Williams, by email Red face of 'oops' Sorry for the pedantry, but the dreaded "red ring of death" [on the Xbox 360] only has 3 of the sectors lit. [Last time you wrote about it] you showed the "red ring of we didn't plug in an AV cable". Steve Cartwright, London · Write to: Letters, TechnologyGuardian, 119 Farringdon Road, London, EC1R 3ER. Telephone: 020 7239 9925. Fax: 020 7239 9933. Email: tech@guardian.co.uk Related Stories Technophile: Sansa MP3 Michael Cross, Free our data: Ordnance Survey defends its use of lobbying company Captcha is broken - now what? Game review: Mercenaries 2: World in Flames Hacker Gary McKinnon loses appeal against extradition to US

guardian.co.uk Technology : Wed, 27 Aug 2008
Captcha is broken - now what?
"Captcha is the bane of the internet," says Matt Mullenweg, who runs the massively popular blogging site Wordpress.com . "I can't figure them out myself half the time!" He is referring to those squiggly, distorted images commonly seen when registering for internet services such as free email accounts or blogging sites. The user has to type the letters in the image before proceeding. Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. The idea is that humans can read the letters, but computers cannot, thus preventing automated scripts from registering. Websites use Captchas in an attempt to disrupt the spam and malware economy - but they are not working. "Spammers and malware authors are able to break Captcha process," says Carl Leonard, a threat research manager at Websense Security Labs. "As a result, we've seen an increase in the amount of mail sent out from reputable mail services such as Gmail, Hotmail and Windows Live Mail, and an increase in the number of blogs that host malicious content, or content that the spammers wish to advertise." Email accounts on such services are particularly valuable because spam filters cannot block them without also blocking genuine mail. Techniques to break Captcha are nothing new. First, if a human can read an image then the chances are that software can do the same thing. In 2005, a software developer, Casey Chesnut, wrote a Captcha-breaking algorithm and demonstrated it by posting automated comments to nearly 100 blogs to demonstrate their vulnerability. In response to this kind of attack, Captcha authors have devised tests that are harder to solve. Images may be more squiggly than they used to be, making them harder to break but also more troublesome for legitimate users. Other ideas include 3D Captcha , relying on object recognition rather than character recognition; or framing questions that are trivial for humans to answer but hard for software to parse. Some approaches work better than others, but there are a number of inherent problems. One is that many Captchas are inaccessible to the visually impaired, and will fall foul of accessibility legislation unless there is an alternative. Another snag is that spammers may play their trump card, using humans. Human resources "Many attackers have found creative ways to entice humans to unknowingly solve the Captchas for them," says Jamie de Guerre, chief technology officer at Cloudmark. "This relay attack involves copying the image served in a Captcha to a user somewhere else, having them solve the Captcha, and then copying their response back to the original website." Another option is to pay. Spammers have employed large teams of temporary staff to solve Captchas, effectively "rooms of people", usually in a third world country, sitting at a computer and solving Captchas. "Most Captchas have been completely broken" says Leonard, adding that the problem is getting worse. "We're seeing more Captchas targeted, more Captchas broken. I don't see how the targeting by the malicious authors right now is going to go away. It's still in their interests to get hold of these valued accounts." Despite these issues, heavily attacked companies such as Microsoft are not abandoning the system. "We are updating our Captcha system to be both more readable for customers but more difficult to break through," a spokesman said. "Improvements include new image distortion logic, overlapping characters and dynamic monitoring capabilities to observe attacks in real time and make necessary adjustments to mitigate them. In addition, we continue to make advances to better prevent spammers from using Hotmail accounts, once created, to successfully send spam." That is all very well, but the failings of Captcha impact every internet user. It is not only a matter of more spam choking inboxes. Breaking Captcha enables networks of computers to post malicious content to legitimate sites. "The huge increase in numbers of legitimate sites affected radically changes traditional trust relationships on the web," says Pete Simpson, the ThreatLab manager at ClearSwift. "Steering clear of dubious sites has always been sound advice, but steering clear of legitimate sites is not an option." What can replace Captcha? "There's probably going to have to be some kind of layered security," says Leonard, "It's up to the industry sectors which and how many layers of security they wish to employ, dependent on what sort of site they have." Layered security means adding human or third-party checks to actions like registration, and then monitoring content later to check for malicious use. The trade-off is that as security increases, usability decreases. Heavy-handed security can easily kill the conversation on social networking sites which depend on making it easy for new users to engage with the community. Safety net In the end, it is just another angle on the woeful security that characterises today's internet. New authentication schemes such as OpenID, or Microsoft's CardSpace, may help as adoption increases. These systems make it possible to register for one site using credentials verified by another. Instead of having many sites with poor verification procedures, the internet could have a few sites with strong verification procedures, that are then used by others. The advantage for the user is that they no longer have to jump through multiple hoops for each new site they encounter. Such a system depends on receiving sites being selective about which third parties they trust to verify a user's identity. That said, the internet is a long way from adopting this level of security, and there is always a danger that whatever steps the industry takes to improve authentication, the scammers will keep up with innovations of their own. Mullenweg's answer is to focus on the content rather than the user. His Akismet system for preventing spam comments relies on a combination of secret algorithms and community reports, and has proved remarkably effective. "Ultimately Captchas are useless for spam because they're designed to tell you if someone is 'human' or not, but not whether something is spam or not. Just because something came from a real human being doesn't mean it isn't spam, which is why content-based solutions like Akismet are the only long-term solution to the spam problem." Related Stories Letters and blogs: August 28 Technophile: Sansa MP3 Michael Cross, Free our data: Ordnance Survey defends its use of lobbying company Game review: Mercenaries 2: World in Flames Hacker Gary McKinnon loses appeal against extradition to US

Slashdot : Wed, 27 Aug 2008
Zero Day Threat
Ben Rothke writes "Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity is an interesting and eye-opening look at how banks and credit card companies make ID theft and fraud rather elementary. But with all that, this book must be read in the larger context of how today's society deals with, and is often oblivious to, risk. When is comes to risk, American society tolerates tens of thousands of drunk-driving deaths, gives millions in federal tobacco subsidies, and is oblivious about near-epidemics such as heart disease, obesity, and diabetes. With all that, it is doubtful that the myriad horror stories Zero Day Threat details will persuade Congress or the other players to do anything to curtail the problem with identity theft and internet fraud." Keep reading for the rest of Ben's review. Read more of this story at Slashdot.

Finextra Research Security channel : Wed, 20 Aug 2008
Hbos chief hit by ID fraud scam
Hbos chief executive Andy Hornby has fallen victim to ID theft after a fraudster stole his identity and withdrew thousands of pounds from his ...

Finextra Research Security channel : Mon, 18 Aug 2008
Police arrest third suspect in Chip and PIN crime probe
Police in the UK have arrested a third man, believed to be the engineering brains behind a sophisticated programme to read and transmit customer PINs ...

Finextra Research Risk channel : Fri, 8 Aug 2008
SEC launches AML site for mutual funds
The Securities and Exchange Commission (SEC) has unveiled an online one-stop reference service to help mutual funds meet anti-money laundering (AML) ...



Search

exact phrase


See Also

Retrieved from "http://www.fraudwiki.org/index.php/Latest_News"
Personal tools
Advertisement