privacy
Sears & KMart’s Official Malware
CA’s Security Advisor Research Blog has an interesting post about a bit of malware they discovered when doing research for their Anti-Spyware product — the My SHC Community system. You’re offered a chance to join when you buy something from sears.com or kmart.com. The system offers you “special offers and promotions,” the usual marketing stuff [...]
Checks: The Most Dangerous Transaction
During this year’s Christmas shopping season, I made some large in-person transactions at the same time as my wife made an online transaction, and my credit card was suspended by the issuing bank for potential fraudulent activity. This happens relatively often, whenever someone’s spending patterns are flagged by the neural-network based automated fraud detection used [...]
Backdoored PNRGs from the NSA
Bruce Schneier has an article at wired.com about the new government-sponsored official standards for random number generators in NIST Special Publication 800-90. Apparently, it’s possible that one of them contains a back-door for the NSA; depending on how the constants in the algorithm were chosen, the NSA may have another set of constants that let [...]
Secure P2P for Pirates
According to a recent Reuters article, the unrepentant pirates of Sweden’s The Pirate Bay are working on developing their own peer-to-peer networking system. It turns out that this is a relatively fascinating security problem, even though in this case it’s the criminals needing the security, vs. the law-abiding companies trying to break it — a [...]
Do Not Track Lists: Good Luck With That
The New York Times reports that people will be able to sign up for “do-not-track” lists to prevent online advertisers from monitoring their activities. It is not clear from the article if they’re expecting a government solution, along the lines of the National Do Not Call Registry for telemarketers, or merely solutions from ISPs and [...]
