Posts

Showing posts from November, 2012

Text Spammings, Finally an ICO Fine of Merit

Image
Today t he Information Commissioner's Office (ICO) announced a record fine of £440,000  against the owners of Tetrus Telecoms. The ICO stated the Manchester based Tetrus Telecoms, were responsible for sending millions of unsolicited text messages using unregistered SIM cards, and personal data gained illegally.  Tetrus Telecoms were said to be sending 840,000 spam text messages a day promoting PPI claims and accident compensation claims, in the hope of earning a referral fee should any of the recipients respond. These referral fees netted the text spammers £8,000 a day. This is a lot of easy money, but it does mean 99.9% of those receiving the texts didn't reply, and so didn't want the text message in the first place. Who hasn't had a PPI Text Message this year? Finally the ICO dishes out a fine which is close to their maximum amount of £500K. Often criticised as a toothless tiger, the ICO fi...

The Death of PCI: Two-Factor Online Payments

Image
Back in September 2007, I attended the inaugural Payment Cards Industry Security Standards Council (PCI SSC) Community Meeting in Toronto.  These were the days before PCI was big business, there must of been only a couple of hundred people at the event in a typical down town Hotel in Toronto.  PCI was still finding its feet, the PCI SSC Board members spent most of the event being grilled by delegates brimming with questions about the PCI standard, and it is fair to say some delegates weren't happy chappies at all.  I took the opportunity of asking SSC Board members several questions myself, looking back today some of my questions could be seen as rather naive, given who is behind setting up the PCI SSC and why.  I asked why PCI SSC doesn't just regulate the card issuers, challenge them with a standard to secure the cards and cardholder data to a higher degree, instead of passing the buck onto to everyone else in the industry. I ...

4 Ways Your Child is Vulnerable to Identity Theft

Scary American made awareness video on Child identity theft by Good Money .  It's titled "5 Ways", but it's actually 4 ways for UK parents, we can ignore number 2 on Social Security numbers. My recommendation is to educate and monitor your children/teenagers online activity, and teach them to secure their personal information digital footprint online. 5 Ways Your Child is Vulnerable to Identity Theft Online from Good Money by CreditScore.net on Vimeo . According to the United States Bureau of Justice Statistics, in 2010, 7% or “8.6 million households had at least one member age 12 or older who experienced one or more types of identity theft victimization.” But identity theft is not just reserved for tweens and adults. In this age of information, children are increasingly vulnerable to the same kinds of attacks that cripple credit scores and bust bank accounts. Check out this video to learn about five ways you could be exposing your child’s sensitive...

UK InfoSec Review for October 2012

UK Police net suspected phishing gang http://www.scmagazineuk.com/police-net-suspected-phishing-gang/article/266148/ UK police have arrested three men suspected of being involved in thousands of phishing attacks on banking customers. One Nigerian and two Romanian men were arrested at a central London hotel on conspiracy to defraud and money laundering charges.   The three men were allegedly involved in an operation that placed over 2,000 phishing pages on the internet XSS remains the most frequently attacked website flaw according to FireHost http://www.securityweek.com/cross-site-attacks-rise-top-q3-says-firehost The third quarter of 2012 showed another increase in attacks against cross-site scripting (XSS) flaws on websites. Analysis of 15 million cyber attacks by FireHost users found XSS, directory traversals, SQL injections, and cross-site request forgery (CSRF) attacks to be the most serious and frequent and are part of FireHost's 'Superfecta' group....

UK Data Protection Review for October 2012

ICO fines Stoke-on-Trent City Council £120,000 after sensitive information about a child protection legal case was emailed to the wrong person   11 emails containing sensitive information relating to the care of children were sent to the wrong address by Council employees The fact the Email and attachments were not encryption protected was the root cause of the seriousness of the incident, leading to the high fine. An encrypted file cannot be opened by unintended recipient, therefore it is best practise to use file encryption on any document contain sensitive personal information sent outside a company infrastructure via email. ICO fines Greater Manchester Police £150,000 following the theft of a memory stick holding sensitive personal data from an police officer’s home The ICO action was prompted by the theft of a memory stick containing sensitive personal data from a police officer’s home. The memory stick was not encrypted and contained details of mo...