Home How it works Free Services About Blog
Ultrasaur / Blog / data
Ultrasaur Blog

Keeping track of exciting new threats to your digital records.

Posts Tagged ‘data’

From the not-really-secret-files

Tuesday, July 7th, 2009

Using a Social Security Number as a password is fairly common in the US for reasons I can’t understand.

Of course this password is nowhere near random, different states get different prefixes and now:

With just two attempts, the researchers correctly guessed the first five digits of SSNs for 60 percent of deceased Americans born between 1989 and 2003.

Oddly, the solution is the old (and wrongheaded):

The new findings remind consumers that they should use caution when sharing data online

Which is a little strange considering that all that was involved in this attack is knowing the victim’s date of birth — the kind of information that has been published in old fashioned local newspapers for a lot longer than the internet has been around.

Tags: , ,
Posted in misc | No Comments »

Data breach risk

Friday, May 8th, 2009

According to Verizon the average insider-sponsored data breach nets the attacker 100,000 records. This is considerably more than attacks from other vectors (outsiders & partners), which makes sense if only from a bandwidth perspective.

Interesting though it is to read about, Spire Security makes the point that multiplying %of attacks by #of records stolen to calculate pseudo-risk (likelihood x impact) isn’t especially useful. (Unlike him, I’m more inclined to forgive the base rate fallacy problem since the solution shouldn’t be to change the structure of a business’ affairs.)

I think the major flaw in calculating risk is that there is so much variety in how you can calculate the impact. If stealing 100,000 records means taking the company directory, it’s relatively benign: in fact taking so many records might be a symptom of not knowing what they want to take.

And copying 8 million prescriptions is less bad than deleting them, which is itself less bad than altering some of them to be fatal.

Tags: , ,
Posted in Uncategorized, hackers | No Comments »