Ramblings & ephemera

Getting past security on planes

From Bruce Schneier’s Crypto-Gram of 15 August 2003: It’s actually easy to fly on someone else’s ticket. Here’s how: First, have an upstanding citizen buy an e-ticket. (This also works if you steal someone’s identity or credit card.) Second, on the morning of the flight print the boarding pass at home. (Most airlines now offer […]

A nanny’s man-in-the-middle attack

From Bruce Schneier’s Crypto-Gram of 15 April 2004: Here’s a story of a woman who posts an ad requesting a nanny. When a potential nanny responds, she asks for references for a background check. Then she places another ad, using the reference material as a fake identity. She gets a job with the good references—they’re […]

Problems with ID cards

From Bruce Schneier’s Crypto-Gram of 15 April 2004: My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails. It doesn’t really matter how well an ID card works when used by […]

Refusing a technology defines you

From Sander Duivestein’s “Penny Thoughts on the Technium” (The Technium: 1 December 2009): I‘m interested in how people personally decide to refuse a technology. I’m interested in that process, because I think that will happen more and more as the number of technologies keep increasing. The only way we can sort our identity is by […]

Social networking and “friendship”

From danah boyd’s “Friends, Friendsters, and MySpace Top 8: Writing Community Into Being on Social Network Sites” (First Monday: December 2006) John’s reference to “gateway Friends” concerns a specific technological affordance unique to Friendster. Because the company felt it would make the site more intimate, Friendster limits users from surfing to Profiles beyond four degrees […]

Bruce Schneier on identity theft

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007): Identity theft is a problem for two reasons. One, personal identifying information is incredibly easy to get; and two, personal identifying information is incredibly easy to use. Most of our security measures have […]

A woman who never forgets anything

From Samiha Shafy’s “An Infinite Loop in the Brain” (Der Spiegel: 21 November 2008): Price can rattle off, without hesitation, what she saw and heard on almost any given date. She remembers many early childhood experiences and most of the days between the ages of 9 and 15. After that, there are virtually no gaps […]

Debt collection business opens up huge security holes

From Mark Gibbs’ “Debt collectors mining your secrets” (Network World: 19 June 2008): [Bud Hibbs, a consumer advocate] told me any debt collection company has access to an incredible amount of personal data from hundreds of possible sources and the motivation to mine it. What intrigued me after talking with Hibbs was how the debt […]

The real solution to identity theft: bank liability

From Bruce Schneier’s “Mitigating Identity Theft” (Crypto-Gram: 15 April 2005): The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. … The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the […]

Two-factor authentication: the good & the bad

From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005): Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five […]

Why disclosure laws are good

From Bruce Schneier’s “Identity-Theft Disclosure Laws” (Crypto-Gram Newsletter: 15 May 2006): Disclosure laws force companies to make these security breaches public. This is a good idea for three reasons. One, it is good security practice to notify potential identity theft victims that their personal information has been lost or stolen. Two, statistics on actual data […]

Offshoring danger: identity theft

From Indian call centre ‘fraud’ probe (BBC News: 23 June 2005): Police are investigating reports that the bank account details of 1,000 UK customers, held by Indian call centres, were sold to an undercover reporter. The Sun claims one of its journalists bought personal details including passwords, addresses and passport data from a Delhi IT […]

Identity theft method: file false unemployment claims

From Michael Alter’s States fiddle while defrauders steal (CNET News.com: 21 June 2005): More than 9 million American consumers fall victim to identity theft each year. But the most underpublicized identity theft crime is one in which thieves defraud state governments of payroll taxes by filing fraudulent unemployment claims. It can be a fairly lucrative […]

Credit cards sold in the Underground

From David Kirkpatrick’s “The Net’s not-so-secret economy of crime” (Fortune: 15 May 2006): Raze Software offers a product called CC2Bank 1.3, available in freeware form – if you like it, please pay for it. … But CC2Bank’s purpose is the management of stolen credit cards. Release 1.3 enables you to type in any credit card […]

The difficulty of recovering from identity theft

From TechWeb News’s “One In Four Identity-Theft Victims Never Fully Recover“: Making things right after a stolen identity can take months and cost thousands, a survey of identity theft victims released Tuesday said. Worse, in more than one in four cases, victims haven’t been able to completely restore their good name. The survey, conducted by […]

Familiar strangers

From danah boyd’s “G/localization: When Global Information and Local Interaction Collide“: In the early 1970s, Stanley Milgram was intrigued by what he called “familiar strangers” – people who recognized each other in public life but never interacted. Through experiments, he found that people are most likely to interact with people when removed from the situation […]

Culture, values, & designing technology systems

From danah boyd’s “G/localization: When Global Information and Local Interaction Collide“: Culture is the set of values, norms and artifacts that influence people’s lives and worldview. Culture is embedded in material objects and in conceptual frameworks about how the world works. … People are a part of multiple cultures – the most obvious of which […]

How much does stolen identity info cost?

From The New York Times‘ “Countless Dens of Uncatchable Thieves“: In the online world, he operates under the pseudonym Zo0mer, according to American investigators, and he smugly hawks all manner of stolen consumer information alongside dozens of other peddlers at a Web site he helps manage. “My prices are lowers then most of other vendors […]

Identity production & sharing during adolescence

From danah boyd’s “Friendster lost steam. Is MySpace just a fad?“: No, it is not just a moral panic that could make MySpace a fad. The primary value right now has to do with identity production and sharing, practices that are more critical to certain populations at certain times in their lives and it is […]

SSL in depth

I host Web sites, but we’ve only recently [2004] had to start implementing SSL, the Secure Sockets Layer, which turns http into https. I’ve been on the lookout for a good overview of SSL that explains why it is implemented as it is, and I think I’ve finally found one: Chris Shiflett: HTTP Developer’s Handbook: […]