Security breeches of the day

2008-08-06 Thread Perry E. Metzger
[From my daily New York Times news summary] 11 Charged in Theft of 41 Million Card Numbers By BRAD STONE Authorities said the scheme was spearheaded by a Miami man who hacked into several retailers' computer systems. http://www.nytimes.com/2008/08/06/business/06theft.html Russian Gang

security questions

2008-08-06 Thread Peter Saint-Andre
Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: *** What is name of the hospital in which your first child was born? What is your mother's birthday? (MMDD) What is the first name of your first roommate in college? What is the name

Re: security questions

2008-08-06 Thread Leichter, Jerry
On Wed, 6 Aug 2008, Peter Saint-Andre wrote: | Wells Fargo is requiring their online banking customers to provide | answers to security questions such as these: | | *** | | What is name of the hospital in which your first child was born? | What is your mother's birthday? (MMDD) | What is the

Re: security questions

2008-08-06 Thread Chris Kuethe
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote: Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: *** ... *** It strikes me that the answers to many of these questions might be public information or

Re: security questions

2008-08-06 Thread Peter Saint-Andre
Chris Kuethe wrote: On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote: Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: *** ... *** It strikes me that the answers to many of these questions might be public

Re: security questions

2008-08-06 Thread Matt Ball
On Wed, Aug 6, 2008 at 9:23 AM, Peter Saint-Andre wrote: Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: *** What is name of the hospital in which your first child was born? ... What was your most memorable gift as a child?

Re: security questions

2008-08-06 Thread David Molnar
Peter Saint-Andre wrote: [list of security questions snipped] *** It strikes me that the answers to many of these questions might be public information or subject to social engineering attacks... You might enjoy reading Ari Rabkin's recent paper at SOUPS 2008 on this issue: Personal

Re: security questions

2008-08-06 Thread Apu Kapadia
On Aug 6, 2008, at 12:17 PM, Leichter, Jerry wrote: For Web sites these days, I generate random strong passwords and keep them on a keychain on my Mac. Actually, the keychain gets synchronized automatically across all my Mac's using .mac/MobileMe (for all their flaws). When I do this, I