Username Selection Influential on Online Security

Latest news
Dr. Web Finds Fresh Version of Trojan Rmnet Scam E-mail Circulates Soliciting Private Banking Details Amnesty International Website Compromised to Produce Malware Cyber-criminals’ Latest Strategy is Application-Based Malware Scam, Which Infects Twice, Spotted

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
HSBC Clients Targeted with Phishing Scam BBB Cautions about Phishing E-mails Supposedly from American Express USPS Cautions Consumers about Malware Laced Scam E-mails St. George Bank Clients Alerted about Fraudulent E-mails Commtouch Cautions about Siberian Dogs Fraudulent E-mail

Trampolines usa

Username Selection Influential on Online Security

Written by Administrator

Tuesday, 22 February 2011 06:00

The National Institute for Research in Computer Science and Control, INRIA in France cautions that it's important for a user to make an appropriate selection of username since Internet marketers can utilize the detail for tracking his activity and cyber-crooks for carrying out phishing against him.

Actually, investigators at INRIA examined around 10m usernames gathered from eBay accounts, Google profiles as well as other sources. Consequently, it was discovered that some 50% of the user-IDs utilized in connection with one website had an association with one other Internet profile that could let scammers and marketers develop a more complicated impression about the users.

State the security investigators that it can be so that a scammer utilizes such a poorly-selected username for creating the user's profile and subsequently present persuasive phishing messages before that user, possibly through references of particular purchases he made on another site.

For instance, if a scammer could map a person's Google profile with that person's eBay account then there may be chances for dispatching spam mails, which talk about a new sale. Such personalized spoofed e-mails, according to the investigators, could dupe many people into following malevolent web-links with which criminals could compromise PCs.

Says INRIA, people with usernames that are more unique can easily get targeted with cross-site profiling, while those setting ordinary usernames can be harder vis-à-vis tracking them down.

Stated doctoral candidate Daniele Perito at INRIA, who was one of the investigators, the remaining 50% of user-IDs, which had low entropy, caused it harder for linking the users. Indeed, those user-IDs could be associated with several users, he explained. Technology Review published this on February 14, 2011.

Moreover, according to Professor of Computer Science Avi Rubin at Johns Hopkins University (USA), it isn't astonishing that people set common usernames for multiple sites, but that because the passwords selected are separate, an individual's password for any 1 website hardly gives a valuable clue towards determining his password for another website. Technology Review published this.

Meanwhile, the investigators advise those operating websites to use CAPTCHA on non-search engines, which try for tracking usernames by creeping into their websites.

Read full article...