http://www.bbcworld.com/content/template_clickonline.asp?pageid=665&co_pageid=2

Infosecurity Europe recently ran a fake street survey with the aim of getting as many people as possible to reveal personal information which they may use to protect their online identities. A sweetener was offered: those who took part were offered the chance to win chocolate Easter Eggs. But in amongst the harmless questions about Easter were questions which could unlock our online IDs.

Think you wouldn’t be caught out? Most people freely handed over whatever personal information was asked, such as their mother’s maiden name and the names of their pets, of them without seeing any proof of who their interviewer was.

While names, addresses are obvious personal information, mother’s maiden name and pets names are key pieces of identifying information used by many banks and utility companies. And of course, you don’t need to stop someone in the street to get hold of critical information. Phishing emails, pretending to be from banks or other agencies, are still a security nightmare.

Plus the latest on rootkits and:

Top Security Tips

Hi FwF,

If Kevin Mitnick would make the street survey without people knowing who he was, he could wrte a compendium to “The Art of Deception”. I would not trust the man with a cell phone, if I was you! Therefore the human factor is the weakest part in security policies, and needs most attention given to it
.
Lest people be trained not to do so, with a bit of pressure and fear-mongering they are all too ready to give up their log-in data and those of all their colleages in the department. They tried this out in a Dutch hospital and all sorts of patient data were transferred out, and not while they were donloading games on the hospital server, like recently in a U.K. hospital. If phishing and social engineering goes hand in hand it becomes many times as dangerous. These are interesting times, my friends.
Mind my words.

polonus