Perimeter
3/12/2009
11:21 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

See How I Suffer For My Science?

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry.

Why?

Because I love too much.Monday morning I'd finally finished the frustrating process of updating the end user's how-to guide to Facebook privacy and security (for CSI members only). However, one of my conscientious colleagues (I'm not naming names...Kristen) suggested I go a bit further in my explanation about how to delete credit card data from your Facebook account settings. I'd not been able to go through the final steps of that process because I, of course, hadn't ever stored my credit card data on Facebook. However, I thought that this unnamed colleague (Kristen) had a good point, so I decided to add a credit card, just so I'd know how to delete it.

I tried to put in a fake account, just to test it. However, Facebook recognized it was an invalid account and wouldn't allow me to add it. This made me mutter a few snarky words. Fine then, I said. "All right, Facebook, I'll put my own doggone debit card info in there, and then I'll immediately delete it." I started to enter it, got as far as the expiration date, and chickened out. I went back a bit later, got as far as the CVV code, and then angrily got up from my chair and walked away. Finally I just sucked it up, decided it couldn't be all that dangerous, and entered my legitimate account data.

I got an error message saying, "This request cannot be processed at this time." I went back just to check that the debit card info, indeed, was not listed in my Facebook account; it wasn't. Later that night, two debit card purchases made that night, for $49.99 apiece at "DRI*DIGITALRIVER.COM," showed up in my transaction history -- and I've never had a fraudulent charge on my account before.

Coincidence? Quite possibly. But it irks me, just the same. I joined Facebook (and MySpace and LinkedIn) in the first place only because I was doing a story about social networking security for the Alert (members only). OK, yeah, I still use the accounts, but, still, the original motivation was to serve my beloved CSI members.

The February Alert was about smartphone security, so of course I was fiddling around with my BlackBerry (not managed by my company) to get a better idea of what could be done on the handset itself. I put in a new, particularly strong device password. And then I made a bit of an error. Maybe my finger slipped. Maybe my eyes were blurry from staring too ardently at the screen. Maybe I was dreadfully fatigued after spending so many sleepless nights deeply pondering the complex field of smartphone security. But apparently I'd accidentally set up the device so that after two failed password attempts, the entire device would be wiped of all data.

And then I forgot my password...probably that fatigue thing again. It was oddly mesmerizing watching the data wipe in action -- basically just an hourglass, slowing flipping, for about five full minutes.

I suffer because I'm just so, so, so, devoted. I'm sort of a hero.

Or an idiot.

Let's go with some combo of both. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?