Perimeter
3/12/2009
11:21 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

See How I Suffer For My Science?

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.

Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry.

Why?

Because I love too much.Monday morning I'd finally finished the frustrating process of updating the end user's how-to guide to Facebook privacy and security (for CSI members only). However, one of my conscientious colleagues (I'm not naming names...Kristen) suggested I go a bit further in my explanation about how to delete credit card data from your Facebook account settings. I'd not been able to go through the final steps of that process because I, of course, hadn't ever stored my credit card data on Facebook. However, I thought that this unnamed colleague (Kristen) had a good point, so I decided to add a credit card, just so I'd know how to delete it.

I tried to put in a fake account, just to test it. However, Facebook recognized it was an invalid account and wouldn't allow me to add it. This made me mutter a few snarky words. Fine then, I said. "All right, Facebook, I'll put my own doggone debit card info in there, and then I'll immediately delete it." I started to enter it, got as far as the expiration date, and chickened out. I went back a bit later, got as far as the CVV code, and then angrily got up from my chair and walked away. Finally I just sucked it up, decided it couldn't be all that dangerous, and entered my legitimate account data.

I got an error message saying, "This request cannot be processed at this time." I went back just to check that the debit card info, indeed, was not listed in my Facebook account; it wasn't. Later that night, two debit card purchases made that night, for $49.99 apiece at "DRI*DIGITALRIVER.COM," showed up in my transaction history -- and I've never had a fraudulent charge on my account before.

Coincidence? Quite possibly. But it irks me, just the same. I joined Facebook (and MySpace and LinkedIn) in the first place only because I was doing a story about social networking security for the Alert (members only). OK, yeah, I still use the accounts, but, still, the original motivation was to serve my beloved CSI members.

The February Alert was about smartphone security, so of course I was fiddling around with my BlackBerry (not managed by my company) to get a better idea of what could be done on the handset itself. I put in a new, particularly strong device password. And then I made a bit of an error. Maybe my finger slipped. Maybe my eyes were blurry from staring too ardently at the screen. Maybe I was dreadfully fatigued after spending so many sleepless nights deeply pondering the complex field of smartphone security. But apparently I'd accidentally set up the device so that after two failed password attempts, the entire device would be wiped of all data.

And then I forgot my password...probably that fatigue thing again. It was oddly mesmerizing watching the data wipe in action -- basically just an hourglass, slowing flipping, for about five full minutes.

I suffer because I'm just so, so, so, devoted. I'm sort of a hero.

Or an idiot.

Let's go with some combo of both. Sara Peters is contributing editor to Dark Reading and editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.