Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 4 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Clearswift: Websites should better manage non-active users

by The Gurus
June 2, 2014
in Editor's News
Share on FacebookShare on Twitter

Websites would be able to better manage their incident response if they better controlled non-active users.
 
Speaking to IT Security Guru, Dr Guy Bunker, cyber security analyst at Clearswift, said that the eBay breach showed that it missed how many “active” users there are, as originally it said that there were 230 million people affected, and then it was 145 million active users.
 
He said: “They could have all had good reputations, but it means that they have bought or sold something in the last 12 months. What should eBay do about them? Should shut them down so cannot be subverted and put a message out that they are shutting them down.
 
“eBay needs to do it as if the user is not active, then good reputations can be misused. They should do automatic blocking/stopping of accounts for people who are not active and have not changed passwords, and there needs to be an interim period if they have not changed it in a number of weeks, so they are locked out.”
 
He explained that a standard scam on eBay is sell a pencil every week to get a good reputation, and then sell a car and don’t deliver it, so it subverts a good reputation, and eBay misses this.
 
Research released by Clearswift after the breach found that of 2403 UK adults, 49 per cent of adults would be less inclined to use eBay in the future. Bunker called this a knee-jerk reaction, as there are small business who sell stuff on eBay.
 
He said: “It comes down to security versus convenience, and it is convenient to sell stuff on eBay and there is a massive audience who buy and some who just look, so eBay provides a service and if you were to remove the service what would happen?
 
Commenting, Toyin Adelakun, VP at Sestus, said that many users only buy or sell on eBay infrequently, and yet might potentially receive fairly frequent emails from eBay if the company were to act as suggested here.
 
“Beyond presenting a poor user experience, were eBay indeed to start regularly or frequently sending a certain volume of email to hundreds of millions of users, the company could be providing the perfect cover for an email-based phishing attack,” he said.
 
“Once more, the overall lesson is that email is a decidedly poor vehicle for conveying credential data or meta-data, because firstly, it can be sniffed (i.e. read by unauthorised parties) en route; and secondly, it may in fact be a wolf in sheep’s clothing.”

FacebookTweetLinkedIn
Tags: incident responsepassword
ShareTweetShare
Previous Post

Have you changed your passwords?

Next Post

Report finds only a third of applications communicate with SSL

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information