Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmThe Israeli Digital Rights Movement's campaign for privacy | Internet Policy Review2017-09-29T09:41:58+00:00
https://policyreview.info/articles/analysis/israeli-digital-rights-movements-campaign-privacy
jmThis study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement's official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [....]
1. Why the database should be abolished: because it's not necessary - As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens' privacy.
2. Why the database should be abolished: because it's ineffective; [...]
3. Why the database should be abolished: because it will be breached - The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.
]]>digital-rights privacy databases id-cards israel psc drm identity-theft securityhttps://pinboard.in/https://pinboard.in/u:jm/b:eaa5bdc6ab84/Why I Hate Security, Computers, and the Entire Modern Banking System | Motherboard2016-05-04T19:23:51+00:00
http://motherboard.vice.com/read/why-i-hate-security-computers-and-the-entire-modern-banking-system
jmI cannot count the number of times I’ve freely given out my routing and account numbers—in emails, in webforms, in paperwork. This is because it’s necessary for other people to know my routing number and account number in order for them to send me money. But apparently, with that same information, they can also snatch money straight from my account. What kind of insane system is this? There’s two factor authentication, there’s one factor authentication, and then there’s this, which I think I can call zero factor authentication.
]]>identity-theft phishing banking banks usa authentication 2fa securityhttps://pinboard.in/https://pinboard.in/u:jm/b:d10ed2246683/An Analysis of Reshipping Mule Scams2015-11-11T17:33:37+00:00
https://www.benthamsgaze.org/2015/10/27/an-analysis-of-reshipping-mule-scams/
jmWe observed that the vast majority of the re-shipped packages end up in the Moscow, Russia area, and that the goods purchased with stolen credit cards span multiple categories, from expensive electronics such as Apple products, to designer clothes, to DSLR cameras and even weapon accessories. Given the amount of goods shipped by the reshipping mule sites that we analysed, the annual revenue generated from such operations can span between 1.8 and 7.3 million US dollars. The overall losses are much higher though: the online merchant loses an expensive item from its inventory and typically has to refund the owner of the stolen credit card. In addition, the rogue goods typically travel labeled as “second hand goods” and therefore custom taxes are also evaded. Once the items purchased with stolen credit cards reach their destination they will be sold on the black market by cybercriminals. [...] When applying for the job, people are usually required to send the operator copies of their ID cards and passport. After they are hired, mules are promised to be paid at the end of their first month of employment. However, from our data it is clear that mules are usually never paid. After their first month expires, they are never contacted back by the operator, who just moves on and hires new mules. In other words, the mules become victims of this scam themselves, by never seeing a penny. Moreover, because they sent copies of their documents to the criminals, mules can potentially become victims of identity theft.
]]>crime law cybercrime mules shipping-scams identity-theft russia moscow scams papershttps://pinboard.in/https://pinboard.in/u:jm/b:e6225b4098e9/How your entire financial life will be stored in a new 'digital vault' - Telegraph2015-08-19T22:17:40+00:00
http://www.telegraph.co.uk/news/shopping-and-consumer-news/11804682/How-your-entire-financial-life-will-stored-in-a-new-digital-vault.html
jmIn a move to make it easier to open bank accounts and Isas, people will be asked to share all of their accounts, tax records and personal details with a central service.
To check someone's identity, a company would then ask potential customers a series of questions and check the answers against the information in the vault. The checks would replace the current system in which new customers must send by post copies of their passports, cross-signed by a friend, along with bank statements and utility bills.
hahahaha NO FUCKING WAY.]]>bills banking uk tax privacy digital-vault accounts authentication identity-theft bad-ideashttps://pinboard.in/https://pinboard.in/u:jm/b:0e1f88e9e8c8/Epsilon Interactive breach the Fukushima of the Email Industry (CAUCE)2015-03-10T12:15:14+00:00
http://www.cauce.org/2011/04/epsilon-interactive-breach-the-fukushima-of-the-email-industry.html
jmUpon gaining access to an ESP, the criminals then steal subscriber data (PII such as names, addresses, telephone numbers and email addresses, and in one case, Vehicle Identification Numbers). They then use ESPs’ mailing facility to send spam; to monetize their illicit acquisition, the criminals have spammed ads for fake Adobe Acrobat and Skype software.
On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen.
Thus far, puzzlingly, Epsilon has refused to release the names of compromised clients. [...] The obvious issue at hand is the ability of the thieves to now undertake targeted spear-phishing problem as critically serious as it could possibly be.
]]>cauce epsilon-interactive esp email pii data-protection spear-phishing phishing identity-theft security adshttps://pinboard.in/https://pinboard.in/u:jm/b:3343947e41a3/Apple Pay suffering fraud problems2015-01-30T22:32:33+00:00
http://www.droplabs.co/?p=1204
jmFraud in Apple Pay will in time, come to be managed – but the fact that easily available PII can waylay best in class protection should give us all pause.
]]>fraud apple apple-pay pii identity-thefthttps://pinboard.in/https://pinboard.in/u:jm/b:a6a16bc500d5/Madhumita Venkataramanan: My identity for sale (Wired UK)2014-11-04T17:31:02+00:00
http://www.wired.co.uk/magazine/archive/2014/11/features/my-identity-for-sale/viewall
jmAs the data we generate about ourselves continues to grow exponentially, brokers and aggregators are moving on from real-time profiling -- they're cross-linking data sets to predict our future behaviour. Decisions about what we see and buy and sign up for aren't made by us any more; they were made long before. The aggregate of what's been collected about us previously -- which is near impossible for us to see in its entirety -- defines us to companies we've never met. What I am giving up without consent, then, is not just my anonymity, but also my right to self-determination and free choice. All I get to keep is my name.
]]>wired privacy data-aggregation identity-theft future grim biometrics opt-out healthcare data data-protection trackinghttps://pinboard.in/https://pinboard.in/u:jm/b:a50748e07bb4/IPSO representative trivialising impact of the Loyaltybuild data breach2013-11-16T21:06:59+00:00
http://www.irishtimes.com/news/crime-and-law/step-into-the-breach-1.1596368?page=3
jm“I wouldn’t be overly concerned if one of my cards was caught up in this,” Dillon says. “Even in the worst-case scenario – one in which my card was used fraudulently – my card provider will refund me everything that is taken”.
This reflects a deep lack of understanding of (a) how identity fraud works, and (b) how card-fraud refunds in Ireland appear to work.
(a): Direct misuse of credit card data is not always the result. Fraudsters may prefer to instead obtain separate credit through identity theft, ie. using other personal identifying data.
(b): Visa debit cards have no credit limit -- your bank account can be cleared out in its entirety, and refunds can take a long time. For instance, http://www.askaboutmoney.com/showthread.php?t=174482 describes several cases, including one customer who waited 21 days for a refund.
All in all it's trivialising a major risk for consumers. As I understand it, a separate statement from IPSO recommended that all customers of Loyaltybuild schemes need to monitor their bank accounts daily to keep an eye out for fraud, which is pretty absurd. Not impressive at all.]]>loyaltybuild ipso money cards credit-cards visa debit-cards payment fraud identity-theft irelandhttps://pinboard.in/https://pinboard.in/u:jm/b:223c94d8c188/Experian Sold Consumer Data to ID Theft Service2013-10-24T12:17:45+00:00
http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service/
jmWhile [posing as a US-based private investigator] may have gotten the [Vietnam-based gang operating the massive identity fraud site Superget.info] past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.
“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the data-breach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”
via Simon McGarr]]>via:tupp_ed privacy security crime data-protection data-privacy experian data-breaches courtventures superget scams fraud identity identity-thefthttps://pinboard.in/https://pinboard.in/u:jm/b:6dadc230e4b3/Massive identity-theft breach in South Korea results in calls for national ID system to be abandoned2012-06-28T21:37:18+00:00
http://www.koreatimes.co.kr/www/news/include/print.asp?newsIdx=92106
jmsouth-korea identity fraud identity-theft web bullying authentication hackinghttps://pinboard.in/https://pinboard.in/u:jm/b:83ae6a5da43f/UK company selling "have you been phished" check using stolen data2009-07-22T08:56:42+00:00
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article6718560.ece
jmprivacy uk law hacking phishing fraud crime police database identity-theft lucid-intelligence data-protection security colin-holderhttps://pinboard.in/u:jm/b:882475f1ee04/