Perimeter
3/12/2009
11:21 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

See How I Suffer For My Science?

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry.

Why?

Because I love too much.Monday morning I'd finally finished the frustrating process of updating the end user's how-to guide to Facebook privacy and security (for CSI members only). However, one of my conscientious colleagues (I'm not naming names...Kristen) suggested I go a bit further in my explanation about how to delete credit card data from your Facebook account settings. I'd not been able to go through the final steps of that process because I, of course, hadn't ever stored my credit card data on Facebook. However, I thought that this unnamed colleague (Kristen) had a good point, so I decided to add a credit card, just so I'd know how to delete it.

I tried to put in a fake account, just to test it. However, Facebook recognized it was an invalid account and wouldn't allow me to add it. This made me mutter a few snarky words. Fine then, I said. "All right, Facebook, I'll put my own doggone debit card info in there, and then I'll immediately delete it." I started to enter it, got as far as the expiration date, and chickened out. I went back a bit later, got as far as the CVV code, and then angrily got up from my chair and walked away. Finally I just sucked it up, decided it couldn't be all that dangerous, and entered my legitimate account data.

I got an error message saying, "This request cannot be processed at this time." I went back just to check that the debit card info, indeed, was not listed in my Facebook account; it wasn't. Later that night, two debit card purchases made that night, for $49.99 apiece at "DRI*DIGITALRIVER.COM," showed up in my transaction history -- and I've never had a fraudulent charge on my account before.

Coincidence? Quite possibly. But it irks me, just the same. I joined Facebook (and MySpace and LinkedIn) in the first place only because I was doing a story about social networking security for the Alert (members only). OK, yeah, I still use the accounts, but, still, the original motivation was to serve my beloved CSI members.

The February Alert was about smartphone security, so of course I was fiddling around with my BlackBerry (not managed by my company) to get a better idea of what could be done on the handset itself. I put in a new, particularly strong device password. And then I made a bit of an error. Maybe my finger slipped. Maybe my eyes were blurry from staring too ardently at the screen. Maybe I was dreadfully fatigued after spending so many sleepless nights deeply pondering the complex field of smartphone security. But apparently I'd accidentally set up the device so that after two failed password attempts, the entire device would be wiped of all data.

And then I forgot my password...probably that fatigue thing again. It was oddly mesmerizing watching the data wipe in action -- basically just an hourglass, slowing flipping, for about five full minutes.

I suffer because I'm just so, so, so, devoted. I'm sort of a hero.

Or an idiot.

Let's go with some combo of both. Sara Peters is contributing editor to Dark Reading and editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web