CNN has an article on their site: “Hacker attack at UCLA affects 800,000 people“

I’m not quite sure how they were able to tell, but UC officials indicate that “there was no evidence any data (has) been misused”. An interesting statement, and completely untrue, as improper access is clearly misuse of the data in itself.

I’m really starting to suspect that this data is going into a fraudsters’ data warehouse somewhere . . . someone is systematically acquiring this data for some purpose that is yet to be realized by those of us on the good side.

Maybe we should start putting up marginally defended data systems containing real looking, but false data in order to pollute the fraudsters customer data collection attempts.

data breach, online fraud, online security, privacy, identity theft

As for timing, this may be a bad time for an acquisition as all US financials to comply with the FFIEC Multi-Factor authentication guidance by the end of the year. If RSA is unable to integrate quickly, there may be enough chaos to drive many of their potential customers into the arms of their competition.

This might be a good time to let both products carry forward without making any major changes . . . at least until the banks have chosen and deployed their solution of choice. Integration and deployment of a common platform could be presented as a version upgrade in the future.

Only time will tell.

ffiec, authentication, cyota, multi-factor, passmark security, rsa security

This ad has been seen making the rounds on the Internet.

A full size – readable screen shot is also available.

Not only is this ad in bad taste . . . the ad is asking potential recruits to enter their full name, address, phone number, birth date and other data on an non-secure form, a clear fraud and identity theft risk.

They even have the balls to ask you to refer a friend!

Digging into the “terms” of the offer results in some choice bits, including:

“Users must register by completing all required fields with valid, accurate information in order to receive iTunes®”

Does this mean that I have to stop using iTunes since I’m not in compliance with the Army National Guard terms? Does Apple know about this?

“Limit one (1) registration per person. Any attempt by any person to obtain more than the stated number of registrations by using multiple/different email addresses, identities, registrations and logins, or any other methods will void that participant’s registrations and that participant may be disqualified from receiving iTunes.”

Notice that they are quite specific about not giving you more than three free songs from iTunes if you enter more than once . . . though you will likely receive multiple calls from recruiters.

army national guard, military, recruiting, itunes

From CNET NEWS: ‘According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to ‘Googkle.com.’ The scheme is meant to take advantage of sloppy or hurried typists, given that on most keyboards the letter ‘k’ key sits next to the ‘l’ needed to type ‘Google.’…In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals’ online banking information, while another drops phony antivirus alerts on the victim’s desktop that attempt to lure people to other infected Web sites.’

fraud, google, security, online