Perimeter
3/12/2009
11:21 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

See How I Suffer For My Science?

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry.

Why?

Because I love too much.Monday morning I'd finally finished the frustrating process of updating the end user's how-to guide to Facebook privacy and security (for CSI members only). However, one of my conscientious colleagues (I'm not naming names...Kristen) suggested I go a bit further in my explanation about how to delete credit card data from your Facebook account settings. I'd not been able to go through the final steps of that process because I, of course, hadn't ever stored my credit card data on Facebook. However, I thought that this unnamed colleague (Kristen) had a good point, so I decided to add a credit card, just so I'd know how to delete it.

I tried to put in a fake account, just to test it. However, Facebook recognized it was an invalid account and wouldn't allow me to add it. This made me mutter a few snarky words. Fine then, I said. "All right, Facebook, I'll put my own doggone debit card info in there, and then I'll immediately delete it." I started to enter it, got as far as the expiration date, and chickened out. I went back a bit later, got as far as the CVV code, and then angrily got up from my chair and walked away. Finally I just sucked it up, decided it couldn't be all that dangerous, and entered my legitimate account data.

I got an error message saying, "This request cannot be processed at this time." I went back just to check that the debit card info, indeed, was not listed in my Facebook account; it wasn't. Later that night, two debit card purchases made that night, for $49.99 apiece at "DRI*DIGITALRIVER.COM," showed up in my transaction history -- and I've never had a fraudulent charge on my account before.

Coincidence? Quite possibly. But it irks me, just the same. I joined Facebook (and MySpace and LinkedIn) in the first place only because I was doing a story about social networking security for the Alert (members only). OK, yeah, I still use the accounts, but, still, the original motivation was to serve my beloved CSI members.

The February Alert was about smartphone security, so of course I was fiddling around with my BlackBerry (not managed by my company) to get a better idea of what could be done on the handset itself. I put in a new, particularly strong device password. And then I made a bit of an error. Maybe my finger slipped. Maybe my eyes were blurry from staring too ardently at the screen. Maybe I was dreadfully fatigued after spending so many sleepless nights deeply pondering the complex field of smartphone security. But apparently I'd accidentally set up the device so that after two failed password attempts, the entire device would be wiped of all data.

And then I forgot my password...probably that fatigue thing again. It was oddly mesmerizing watching the data wipe in action -- basically just an hourglass, slowing flipping, for about five full minutes.

I suffer because I'm just so, so, so, devoted. I'm sort of a hero.

Or an idiot.

Let's go with some combo of both. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.