The Obama administration expects the scheme to generally make Internet security better for millions of Americans and to, coincidentally, take away the need for users to memorise login details, passwords, etc, for online use. The measure is being drafted as the National Strategy for Trusted Identities in Cyberspace, which is expected to be in project stage at the Department of Commerce shortly.
‘The Identity Ecosystem will provide more security for consumers; it will also provide better privacy protections. Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions. How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected. The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers.
The NSTIC outlines a private-sector led effort, facilitated by government, to develop the technologies, standards and policies necessary to create the Identity Ecosystem and to enable a self-sustaining market of many different credential providers. The Identity Ecosystem will be built to provide more security and privacy to consumers, while also spurring economic growth by helping businesses move more services online.’
Preferable one avoids transactions Online as far as possible.
For those who are likely to laugh off this suggestion, people have lived and live with out these risky technologies.
Well, a child needs to be burnt to dread the fire!
“We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” the alert said….
“If you have provided your credit carddata through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”..
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
Temporarily turned off PlayStation Network and Qriocity services;
Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Old scams hiding under new headlines were circulating on Facebook this week, including promises of video involving obsessed Justin Bieber fans.
“I can’t believe a GIRL did this because of Justin Bieber,” says the post that has been appearing on Facebook walls and status updates.
Clicking the link leads to a fake YouTube-looking page that says “Please Watch this video only if you are 16 years or older,” according to an M86 blog post. Hidden behind the video window is an iframe linked to Facebook so that clicking anywhere in the window will submit a “like” click to the page and spread the post on the victim’s Facebook page. This is a standard clickjacking attack that is taking advantage of a current hot topic–the teen singer.
The scam doesn’t stop there. A fake Facebook dialog box also pops up that asks the victim to verify his or her age by completing a survey with links to sites relating to auto insurance, according to M86.
Facebook was able to stop this scam fairly quickly, but not before it had garnered more than 20,000 likes. Other variants of the scam were spreading, M86 said.
Separately, scammers had rehashed some scams involving offers of free iPads, free Southwest Airlines tickets, and a Miley Cyrus-related video link via posts on the site and e-mail messages. It’s unclear exactly how those scams worked and if they involved clickjacking.
Clickjacking prompts a victim to click something while a different action is taken behind the scenes. It takes advantage of a vulnerability in a Web browser and is not specific to Facebook.
If you see a potential or obvious scam on Facebook report it to the person whose account is spreading it, M86 said. The NoScriptFirefox plug-in protects against clickjacking attacks such as this, it added.
Because clickjacking exploits a browser weakness, Facebook can’t technically prevent it completely, a Facebook spokesman said. “We continue to build additional protections to mitigate its impact,” he said in an e-mail. “We’re also involved in discussions with others in the industry on how to fix the underlying issue on the browser side.”
Facebook users should be suspicious of anything that looks or feels strange, even if it has been posted by a friend. Facebook offers tips for how to recognize and avoid clickjacking on the “Threats” tab of the Facebook Security Page here.
The company also has developed automated systems to detect and flag Facebook accounts that are likely to be compromised based on suspicious activity like lots of messages sent in a short period of time or messages with links that are known to be bad. Once Facebook detects a phony post it is deleted across the site. The company blocks malicious links from being shared and works with third parties to get phishing and malware sites added to browser blacklists or taken down. And Facebook displays warnings when people click on a link that has been identified as malicious from an e-mail notification.
Here are some basic safety tips for using Facebook or any site on the Web:
• Use an up-to-date browser that features an antiphishing blacklist.
• Choose unique log-ins and passwords for each of the Web sites you use.
• Check to see that you’re logging in from a legitimate Facebook page with the facebook.com domain.
• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional log-in.
London: Simply upper-casing your password can minimise a hacker‘s chance of finding out your account.
A six-letter password in lower-case text takes a hacker’s computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password.
Add numbers and/or symbols to your password and the hacker’s computer has to work for 18 days.
Despite widespread warning, 50 percent of people choose a common word or simple key combination for their password, the Daily Mail reports.
The most used passwords are 123456, password, 12345678, qwerty and abc123.
However, the security conscious among you may want to try this – choose a nine letter password that includes numbers and/or symbols as this would take a hacker’s computer a staggering 44,530 years to break.
In December, media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.
You must be logged in to post a comment.