Posted by:
admin
16 years, 9 months ago
Hat Tip to Valley Wag for pointing out this must read Newsweek article "Intrigue in High Places" about how the chairwoman of HP's board spied on other directors, including gaining access to the call logs of their personal cell and residential phone lines by "pretexting". (The investigators pretended to be the board members to the phone companies to get access.) The targeted board member who was the source of leaks to CNet is still on the board, but Tom Perkins of Kleiner Perkins fame resigned in protest.
Perkins himself was pretexted as part of Dunn’s leaker probe. In the materials he sent to the SEC, Perkins includes an August 11 letter from an attorney at AT&T spelling out to Perkins that he was a victim of pretexting in January 2006; Perkins had requested that AT&T examine whether he had been pretexted. The AT&T letter explains that the third-party pretexter who got details about Perkins’s local home-telephone usage was able to provide the last four digits of Perkins’s Social Security number and that was sufficient identification for AT&T. The impersonator then convinced an AT&T customer-service representative to send the details electronically to an e-mail account at yahoo.com that on its face had nothing to do with Perkins. Records for Perkins’s home AT&T long-distance account in northern California were similarly obtained, except by someone using another yahoo.com e-mail account; both e-mail accounts are registered to the same Internet Protocol address, but for which AT&T says it does not know the identity of the user.
Data is a murky piece of property. No one really 'owns' data. They just have rights to it. The telcos have retained the rights to sell your phone information. The government has the right to subpoena the data. If a user has the right to privacy should the telco be held liable for gross misconduct for violating that right?
There are interesting implications about these actions at the board level and corporate espionage as well.
-- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication https://www.linkedin.com/in/nickowen Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)