Contact scraping

Any site that asks for a username and password pertaining to another site should raise red flags for you, but apparently contact scraping is getting results:

Once you enter your credentials, like your [email] user name or password, the company sweeps through your contact list and sends everyone an invitation to join the site.

Nothing new here, but the tactic can be tough to spot. Facebook has nearly tricked me into giving up all of my email contacts a couple of times.

Read more about passwords,privacy

StrongWebmail hacked after issuing $10K challenge

Here’s the story:

Who among us doesn’t love a good hack? After putting forth a $10,000 come-and-get-us challenge, it’s possible that StrongWebmail CEO Darren Berkovitz is rethinking his stance on that. The company, which makes voice-based authentication software, dared hackers to break into Mr. Berkovitz’s Web-mail account and report back details from an upcoming date on his calendar. A week later, a team of high-profile security researchers contacted a reporter with precisely that information.

Once again, it’s worth pointing out that there is no such thing as perfect security. You have to choose a level that is good enough. It can be uncomfortable to know and accept that your email address could get hacked, but there’s no way around it. All you can do is decrease the chances in a way that doesn’t cramp your style too much.

I advocate cramping your style a bit more than others in your category of “target juiciness”. If you have typical assets to protect, put just a bit more effort into security than the typical person. If you are atypical, put just a bit more effort into security than those with your level of assets.

Read more about economics of security