“They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray – yet we tolerated it since we are use to it.”

This paragraph starts of Noam Eppel’s article titled The Complete, Unquestionable and Total Failure of Information Security. I think it’s a very interesting read but I don’t entirely agree on his more or less pitch black view of things. I guess it reminds me to much of Despair Inc..

There are a lot of problems when it comes to IT Security, but this doesn’t differ much from the “real world”. Sure you have click and play rootkits and what not, anybody can learn to break into a computer using tools easily found. You don’t have to be skilled to; grab someone’s purse, steal a car, physically “deface” someone, blackmail, steal from the office and so on.

Ok, so the Internet is a dangerous place. This doesn’t mean consumers or corporations can’t mitigate the risks and stay reasonably secure.

Might I guess that the user who created the screenshot with all the spyware wasn’t logged in as a limited user?

Anyway I’m looking forward to Noam’s next update and make sure you read his article.

[tags]security, cyber crime, hacking[/tags]

Martin McKeay has a post of another brilliant way to get caught. Since this guy actually put people’s life at risk, I hope he gets a harsher punishment than the credit card guy.

[tags]security, hacking[/tags]

This is just sad, according to this article a guy is facing one to two years in jail for hacking. He got caught stealing credit card information and ordering goods which he shipped to his home address. I have two theories of what happened.

1. He is so stupid he deserves jail time for that too along with his other crime.
2. He has a brother in jail and has seen Prison Break, now he is about to free his brother.

I think I favor the stupidity theory, to make the prison stay a bit more comfortable I’ll just go ahead and recommend this colorful wallpaper to decorate the cell.

[tags]cyber crime, fraud, stupidity[/tags]

I was setting up a personal PayPal account today and during registration want me to provide answers to two “secret questions”. This is nothing new and usually I just do what Bruce Schneier talks about it his curse; enter gibberish.

Feeling very clever I press the signup button, the result:

Your information is incomplete or incorrect. Please correct the fields below and try again:

• You may not enter numbers in your mother’s maiden name.

• You must enter exactly four numbers or letters for the last four digits of your driver’s license number.

What could possess anyone to do this? This is just plain stupid. PayPal’s password policy forces you to have eight or more characters, but the secret question for your driver’s license doesn’t allow you to have more than four characters.

[tags]security, passwords, authentication[/tags]

This isn’t related to computer security, rather unauthorized access or policy problems. I had been planning on washing my car for quite some time, time and other factors (read laziness) had however kept me from doing so. It had come to the point where you tried to avoid your clothes touching the car while stepping into it, I wouldn’t have been surprised if some kid had written on it with his fingers; Dirty!

I could have driven it through a car wash but it wouldn’t have been enough to get it clean. Instead I went to a company where they clean the car for you at a reasonable price 300 Swedish Krona (roughly $39).

Now the problem arises when I’m there to leave my car, they just want my key and say that I pay when I come back. I don’t think there’s anything wrong with the company, others who have used them have been happy and they’ve been around for a while.

However I have trouble comprehending how you could have a system that works that way. What’s to stop someone else walking into the store and pay $39 and then drive off with my car?

I wasn’t expecting to get a digitally signed service order, but some kind of paper would have been comforting. They could have asked to see my driver’s license when I left off and picked up the car.

My car is safe in my garage now but I hope those guys change their policy.

[tags]security policy, grand theft auto, security awareness[/tags]