International Computer Science Institute

February 22, 2016

The Lowdown on the Apple-FBI Showdown

This post was originally published on this siteMany readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department, which last week convinced a judge in California to order Apple to unlock an iPhone used by one of assailants in the recent San Bernardino massacres. I don’t have much original reporting to contribute on this important debate, but I’m visiting it here because it’s a complex topic that deserves the broadest possible public scrutiny. Image: Elin Korneliussen (@elincello) A federal magistrate in California approved an order (PDF) granting the […]

May 18, 2017

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

This post was originally published on this siteIdentity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between […]

September 12, 2018

U.S. Mobile Giants Want to be Your Online Identity

This post was originally published on this siteThe four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Tentatively dubbed “Project Verify” and still in the private beta testing phase, the new authentication initiative is being pitched as a way […]

August 6, 2020

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

This post was originally published on this siteA group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account’s username to view all […]