Security Watch

By Wolfe, Daniel | American Banker, October 22, 2008 | Go to article overview

Security Watch


Wolfe, Daniel, American Banker


Byline: Daniel Wolfe

Flash Fix

A software patch was released last week to address "clickjacking"disguising a link to a malicious Web site as a link to a legitimate one.

Clickjacking, a method uncovered by researchers at SecTheory LLC and WhiteHat Security Inc., uses "iFrame" technology to put an invisible picture from one Web sitewhich acts as a linkover visible links to another, thus tricking people into clicking on the image instead of the desired link, The Washington Post's Brian Krebs wrote Monday in his "Security Fix" column.

Hackers could use this method to guide victims to sites that take over computers' Web cams, enabling the criminals to watch when people enter passwords and other personal information, the column said.

The patch for Adobe Systems Inc.'s Flash player can block clickjackers from gaining control of users' Web cams or microphones, Mr. Krebs wrote.

Web surfers are less vulnerable at sites that generate dynamic "session ID" addresses for each user, Robert Hansen, SecTheory's chief executive, told Mr. Krebs, since it is harder for the attacker to determine which pages are being viewed.

Mr. Krebs said that this technique is powerful but rare. "I am not aware of any malicious clickjacking attacks. I mention that not to belittle the threat from clickjacking, but as a reality check."

Is it ID Theft?

The Supreme Court has agreed to hear a case next year that centers on whether illegal immigrants who use stolen Social Security numbers to obtain employment, but not to steal money or obtain credit in the owners' names, are guilty of identity theft.

Federal prosecutors have charged many undocumented workers with aggravated identity theft, a charge that carries a possible prison term. Some defense lawyers have said their clients did not know that the numbers they were using belonged to real people, the Associated Press reported Monday.

"When a person makes up a Social Security number, having no idea whether it belongs to someone else ... it is hard to see how that conduct qualifies as 'theft,' much less as 'aggravated theft,' " said attorneys for Ignacio Carlos Flores-Figueroa, a Mexican national who was convicted of aggravated identity theft.

A St. Louis appeals court upheld his conviction. Appeals courts in Atlanta and Richmond have taken a similar stance, but appeals courts in Boston, San Francisco, and Washington have agreed with the defendants, the AP said.

No-Fly? No Problem

Airport security can be easily breached through well-known loopholes according to Jeffrey Goldberg, a reporter who described his efforts to bring contraband on a plane in the November edition of The Atlantic.

Mr. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Security Watch
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.