Speaking of Security – The RSA Blog and Podcast

ATMs enable us to get our cash on demand, for those of us who still use cash, and have come a long way since the first machines in the 1960s which dispersed a set amount of funds and sent back the bank card at a later date.

Convenient to consumers, yes – but to fraudsters, ATMs are seen as a way to get their hands on currency that isn’t theirs and unlike an online transaction can be harder to trace. As a cash-out point for many scams, fraudulent crimes and cyber-attacks the ATM has seen its fair share of unfriendly withdrawals.

• 

In a research study by Harris Polls (commissioned by RSA) on digital identities, the most popular online accounts for consumers are email, financial and banking, and entertainment/shopping. And on average, they access these online accounts from two different digital devices. But what does a digital identity really mean? I like to think of myself as an average consumer/online user so let’s take a look at what I consider to be my digital identity – and perhaps make you think a little more about yours.

• 

As phishers will have it, phishing attacks are quite the seasonal trend. It seems that every April, right after a slow first quarter, fraudsters awaken and get back to working on vast spam campaigns that ride the tides of tax-filing season. This time of year brings a few flavors of spam into the mailboxes of online users, including malware attachments purporting to be tax statements, tax authority-themed phishing, and online tax filing scams. In this special highlight, we will cover the main types of online threats that star during the tax filing season, most of which are already rampant in the wild.

• 

As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it. Do you re-use the same password to login to multiple accounts? Are you visiting social networking sites and planning your upcoming summer vacation while at work? Have you ever logged in to check your work email from unsecured wireless hotspots? These are just some of the activities employees around the world do every day that seem relatively harmless, but could be putting their company at risk.

• 

I have mostly written about mobile apps; specifically on apps becoming an integral part of our daily lives. This is a fact that can be proven by the increase in the number of apps available and downloaded via public app stores. So what else is happening in the information security world? We are bombarded with news articles each day. The key is to identify the combined impacts of these seemingly disparate trends ̶ or news and see the big picture and may be even predict the future.

• 

I’m glad to see the 3DS (3D Secure) industry is finally catching up with RSA’s risk based strategy to address the consumer need for ease and convenience, while helping to protect customer PII as they shop on-line. Because when it boils down to what cardholders want and what card issuers need; if it doesn’t work neither side will be willing to use it!

• 

Several vulnerabilities with multiple implementations of Universal Plug and Plan (UPnP) were announced January 29 by security firm Rapid7. These vulnerabilities can result in remote code execution and affect “between 40 and 50 million” internet connected devices (according to Rapid7). Said another way, this affects products made by “over 1,500 vendors and 6,900 products”. The Rapid7 announcement, available here, discusses their findings in depth.

• 

To understand the power of Jeremi’s cluster, we first need to understand how to guess passwords. If 348 billion guesses are made in one second then this will require (958 divided by 348 billion) seconds is required to try all possible passwords. This works out at approximately 19064 seconds or nearly 5 hours and 18 minutes.

• 

Among the materials associated with their just-released report on the Digital Universe, IDC has just posted a new Youtube video of John Gantz and David Reinsel, called “The Digital Universe and the Internet of Things,” discussing the implications of this massive explosion of data.

• 

Great deals abound online for holiday shoppers during the hottest time of year where e-commerce merchants are looking to cash in on what is projected to be a US$1.25 billion spending spree just on Cyber Monday alone. Where the money goes, so do cybercriminals who are also looking to make illicit gains of their own using clever ruses such as phishing emails and web pages that promote discounts and offers that are too good to be true when in reality they are harvesting credit card numbers, stealing identities and anything else that can be turned into cash. Rueben Rodriguez from RSA’s Identity Data & Protection group joins the Speaking of Security podcast to talk about what consumers and online merchants need to look out for to avoid getting fooled by cybercriminals this holiday shopping season.

•