Phishing is basically an attempt to deceive a user into thinking that an email link or similar item is from a legitimate company but is actually from a hacker who wants to scam you.

People can attempt to fool you in a variety of ways. One of the ways con artists get the information they want is by impersonation. In an impersonation attempt, the con artist will claim to be an employee or representative of a particular company and ask you for your password and login information. Most companies have made an avid attempt to warn their customer base of these types of scams. There really are not any companies who will ask you for your password or login information via email. If you do get one of these phishing emails, you should send a copy of it (including email headers) to the company, which they claim to be from. They can let you know whether or not it is a spoof.

Spoof :

Another way con artists like to attempt to impersonate a company in hopes of stealing your personal information is by sending a spoof email. A spoof email will look almost exactly as an email from that particular company would. Spoofers have become increasingly more sophisticated in their methods and some of today’s emails are virtually undetectable as spoofs by the average reader. They can so closely mimic the style, layout and colors of the “real” company’s image and have become a serious security issue. In most spoof emails, the sender will say that there has been a security breach and if you do not log in to your account, you may loose access or funds. They will almost always provide a link for you to click on and most of these links are very, very similar to the real company’s links. Ninety-nine percent of the time, if not always, these types of emails are scams and are an attempt to unwittingly con you out of giving up private and personal information.

Packet Sniffing

Packet Sniffing, which is a very old hacker technique, can be done by anyone that is in range of a wireless network. This allows them to capture and analyze data as it travels over the airwaves – and extract the information that they want.

Spoofing attack

In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

http://en.wikipedia.org/wiki/Spoofing_attack

NordSecMob – Master’s Programme in Security and Mobile Computing (NordSecMob) is a full-time Master of Science Degree Programme with duration of 2 years. During these two years, students will study at two of the five Nordic partner universities: Helsinki University of Technology (TKK) in Finland, Technical University of Denmark (DTU), The Royal Institute of Technology (KTH) in Sweden, The Norwegian University of Science and Technology (NTNU) and the University of Tartu (UT) in Estonia.

Erasmus Mundus programmes offer culturally enriching higher education opportunities for both European and Non-European students. Students from any country can apply to the NordSecMob – Master’s Programme in Security and Mobile Computing. Both European and non-European students have the opportunity to apply for the Erasmus Mundus Scholarships. For non-European students the Erasmus Mundus scholarship amount goes up to a maximum of 48 000 Euro for a two year programme) and for European students up to 20 000 Euro for a two year programme. The NordSecMob-programme gives the students a chance to experience the cultures of two northern European countries.

Well, I am working with a friend in a mobile solution for the Excitera Mobile Cup and our application (that unfortunatelly I can’t give much more details now)  is in the Web 2.0 and Mashup world. I joined him on the competition because of my interest in mobile applications and expertise in the SIM domain. But we are not creating a SIM mashup, although with the Smart Card Web Services it would be possible. Actually the whole thing I mentioned in the last post of turning the SIM into a self signed IdP for reputation based systems could be very well explored by mashups if the SIM Card web service offers an API to retrieve attribute information to Value Added Services. Then, the sim could be responsible for the secure handshake for the attribute sharing just as the https implementation defined in the OMA Standards for the Smart Card Web Services.

Actually, one of the applications I was thinking when I started my thesis was to mix the potential of context information stored in all of our identities with the location information from GPS, Cell ID, Wlan positioning or any other position technology accessible to the SIM (even if through a satsa or other connection to the mobile).  The idea was to have the sim as the secure storage of the identities and the entity that would deal with the handshake of sharing the identity attributes (and also location attribute) with the Value Added Services.

For the identity management, actually there is already a mashup API provider that is trying to create a central point for attribute and contact sharing of all our tons of digital identities. This service provider is the DandyID. The idea is pretty good, although I dont like their name =) I’ve just tried it really fast and I think they may have added too many ID providers in the list (maybe they could have left the main ones in the first identity page and the secondary ones in another page), and I haven’t seen a functionality to already fill my profile based on the information that I already have from my identities. Maybe it is because the application is just in beta, let see.

Back to the mashups and web 2.0, I’d like to share this excellent link that clarified most of my doubts about it. It is kind of hard not to get excited with the mashup potentials when reading it, but I’d say to be somehow carefull with the expectations around mashup applications (I’ll be on the application I’m working with at Excitera). A lot of people are trying to launch web 2.0 apps, get users and, then, try to see how to make money out of it. I do not see much future on those apps as users are less and less keen on paying for services, as last-fm announced that they will charge for the music streaming most people I know start to look for free options. And as this article mentions making money out of advertisement is harder than it may sound.

Due to this personal diving into web 2.0 (without loosing the mobile focust) you may have the risk of seeing more web 2.0 related post here! But, I can assure that most of the posts will still be more related with my thesis work. By the way, soon I’ll post the application description.