About

Subscribe to InfoSec

  • Enter your email address:

    Delivered by FeedBurner

Bookmark and Share

Recent Posts

Westfield Links

Westfield Blogs

Categories

Blogroll & other links

23 August 2010

Sir, May I See Your Drivers License

I was reading some of the ever increasing material relating to identity theft and ran across an article that I wanted to share.  Apparently there has been a sharp increase of fraudulent identification being given to police and state troopers when they are pulling people over in traffic stops and at driver’s license examination stations.

http://www.daytondailynews.com/news/ohio-news/ohio-highway-patrol-id-theft-increase-alarming-858936.html

Imagine getting a speeding ticket in the mail or having your auto insurance go up because someone falsely used your information when they were pulled over or committed a crime.

I wonder if the police will ever consider making drivers licenses into a multi-factor credential similar to how ATM cards work.  With ATM cards, you have to have the card and know a PIN number in order to use it.  That way when you presented your drivers license you would have to tell the policeman something that he could check to ensure that you were really you.  I am sure that this approach could be easily bypassed as well. 

Bill Murray leads the IT Risk Security and Compliance team at Westfield Insurance.   Sharing Knowledge. Building Trust

Posted by Bill Murray | | Comments (0)

| | | | |

Whose laptop is it anyway?

You start a new job and they provide you with a laptop. An important note is that they provided you with a laptop, meaning they, the company, are the owners.

A lot of people forget that the company provided laptop is just that. They put all sorts of personal information on it and use it like it was their own when not on the company network.  Most companies have an “acceptable use policy” in some form or fashion, but the key thing to remember is that anything you put on the device or resides in the browser’s history could be looked at.

A recent USA Today article provides a good example. A Philadelphia school installed remote monitoring software on the school provided student laptops. The software was stated to be used to capture images to locate lost/stolen laptops.

A student’s family sued the school district for invasion of privacy. After investigators found no evidence of criminal intent, the US Attorney is expected to close the matter.

What’s my point? Remember that the laptop is company property so use it appropriately. Be aware of your employer’s acceptable use and other policies related to “employee expectation of privacy” when you are deciding whether to use your work resources (cell phone, laptop, credit card, etc.) for personal uses.

Jeff Gibson is a Vulnerability and Forensics analyst at Westfield Insurance. Sharing Knowledge. Building Trust.

Posted by Jeff Gibson | | Comments (0)

| | | | |

17 August 2010

What emergency number do you call, when you've been a victim of identify theft?

Recently we received several phone calls at home, asking for a person who we didn't know.  After several calls I asked them to stop calling and found out, I was talking to a collections agent.  Someone had given out our telephone number as the primary number on their account.  So this led me down the path of checking out our credit reports at annualcreditreport.com, and validating all of our accounts, I got lucky, everything was fine, but it led me to wonder, what would I do if our identity had been stolen?

I then remembered, my insurance policy included identity theft coverage.  This led me to the website, where I came across a very interesting article about protecting my child's identity from thieves.  The article recommended 7 steps to protecting your child's future

  1. Don't give out your child's Social Security number online or on the phone unless you already trust the recipient.
  2. Never carry your child’s Social Security card or number in a purse or wallet. Leave it at home in a secure place or in a safety deposit box.
  3. Teach your child that people asking for personal information such as a SSN and mother’s maiden name could be trying to defraud them.
  4. Thieves love recycling cross-shred documents holding personal identifying information.
  5. Watch out for warning signs, such as credit cards arriving in the child’s name or calls from creditors regarding current and past-due debts.
  6. Check your child’s credit report if you suspect identity theft. For children above the age of 13, go to annualcreditreport.com, the government-mandated source for free credit reports. For children under 13, parents and guardians must request credit reports by mail. (For more information, go to www.annualcreditreport.com.)
  7. The absence of an existing credit report usually means that no one is misusing your child’s information, which is good. If one exists, be sure to check for problems.

As I continued reading, I found several additional helpful articles, including tips to reduce the risk of identity theft, and answers to many of my questions.

Jacob Harris is a Vulnerability and Forensics analyst at Westfield Insurance. Sharing Knowledge. Building Trust.

Posted by Jake Harris | | Comments (0)

| | | | |

30 July 2010

Social Media Concerns Continue

I use social media everyday.  My family and friends use social media every day.  Many of my colleagues use social media everyday.  The point is nearly everyone uses some type of social media, to one degree or another, on a daily basis.  That does not mean, however, it is without risk. 

Unfortunately for Facebook, they are once again garnering the lion's share of attention surrounding information security and privacy concerns around social media.  

According to Yahoo! News, "Security concerns over Facebook have been raised yet again after a security consultant collected the names and profile URLs for 171 million Facebook accounts from publicly available information. The consultant, Ron Bowes, then uploaded the data as a torrent file allowing anyone with a computer connection to download the data."

As always, be mindful of your security and privacy settings regardless of which social media you use.

Posted by Robert Salandre | | Comments (0)

| | | | |

Next »