Perimeter
3/12/2009
11:21 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

See How I Suffer For My Science?

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry.

Why?

Because I love too much.Monday morning I'd finally finished the frustrating process of updating the end user's how-to guide to Facebook privacy and security (for CSI members only). However, one of my conscientious colleagues (I'm not naming names...Kristen) suggested I go a bit further in my explanation about how to delete credit card data from your Facebook account settings. I'd not been able to go through the final steps of that process because I, of course, hadn't ever stored my credit card data on Facebook. However, I thought that this unnamed colleague (Kristen) had a good point, so I decided to add a credit card, just so I'd know how to delete it.

I tried to put in a fake account, just to test it. However, Facebook recognized it was an invalid account and wouldn't allow me to add it. This made me mutter a few snarky words. Fine then, I said. "All right, Facebook, I'll put my own doggone debit card info in there, and then I'll immediately delete it." I started to enter it, got as far as the expiration date, and chickened out. I went back a bit later, got as far as the CVV code, and then angrily got up from my chair and walked away. Finally I just sucked it up, decided it couldn't be all that dangerous, and entered my legitimate account data.

I got an error message saying, "This request cannot be processed at this time." I went back just to check that the debit card info, indeed, was not listed in my Facebook account; it wasn't. Later that night, two debit card purchases made that night, for $49.99 apiece at "DRI*DIGITALRIVER.COM," showed up in my transaction history -- and I've never had a fraudulent charge on my account before.

Coincidence? Quite possibly. But it irks me, just the same. I joined Facebook (and MySpace and LinkedIn) in the first place only because I was doing a story about social networking security for the Alert (members only). OK, yeah, I still use the accounts, but, still, the original motivation was to serve my beloved CSI members.

The February Alert was about smartphone security, so of course I was fiddling around with my BlackBerry (not managed by my company) to get a better idea of what could be done on the handset itself. I put in a new, particularly strong device password. And then I made a bit of an error. Maybe my finger slipped. Maybe my eyes were blurry from staring too ardently at the screen. Maybe I was dreadfully fatigued after spending so many sleepless nights deeply pondering the complex field of smartphone security. But apparently I'd accidentally set up the device so that after two failed password attempts, the entire device would be wiped of all data.

And then I forgot my password...probably that fatigue thing again. It was oddly mesmerizing watching the data wipe in action -- basically just an hourglass, slowing flipping, for about five full minutes.

I suffer because I'm just so, so, so, devoted. I'm sort of a hero.

Or an idiot.

Let's go with some combo of both. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?