Stealing Your Data Just Got Easier
If you weren’t already sufficently paranoid about data security (although whether it can be described as paranoid when people are out to try and steal your money is maybe open to debate), here’s a new one for you.
Imagine you bank online. Imagine you’re at home, with a totally secure connection to your bank; you don’t have any viruses, trojans, the connection is secure, and the banking website you are visiting is secure, and someone still manages to steal all your data.
Sounds impossible? Apparently not:
Computer criminals could soon be eavesdropping on what you type by analysing the electromagnetic signals produced by every key press…
The results led the researchers to declare keyboards were “not safe to transmit sensitive information”…
Every keyboard tested was vulnerable to at least one of the four attacks the researchers used. One attack was shown to work over a distance of 20 metres.
Well, gee, that’s nice to know. As if it wasn’t enough to worry about with the government losing CDs with my bank account on it, and seemingly every other organisation on the sun routinely leaving USB drives with personal details on them in planes, trains and automobiles.
Of course, you could go to paranoia mode 2: cut-and-paste paranoia. Simply keep a document with all the letters, numbers and suchlike you might use in. Slowly assemble each password by cutting and pasting it every time…
…or you could do what most people do, and just allow your browser to remember your passwords for you, thus ensuring that you are indeed only as safe as any unpatched bugs in your browser. Or is it perhaps time to return to the ‘mattress’ form of investment?
But of course, it’s important — even though seemingly everyone with access to your personal data leaves it lying around — not to hand over personal information to untrusted sources.
An experiment involving a fake website lured 107 people into submitting their CVs, full of personal information that could have led to identity theft.
Of the CVs, 61 contained enough information to apply for a credit card.
Although I can understand their suggestion that you check the legitimacy of any organisation before you send your CV to it, it seems to show a lack of imagination to feel the need to comment that amongst the most common pieces of information submitted which would be useful to a fraudster included your full address.
Well, I don’t know about you, but I’d always presumed that it was quite sensible to include your contact details on job applications, thus allowing the company in question to actually be able to contact you, should they want to call you in for an interview or even offer you the job!
But they did actually provide some useful suggestions for anyone wanting to post their CV online:
The most useful items of information for criminals, which should be omitted from an online CV, are date of birth, marital status, and place of birthBBC News: Job Seekers Warned Over CV Theft
But don’t worry about where you’ve sent your online CV too much — the hacker down the street will have picked up your personal data if you used your keyboard to type it in anyway…