Today it was announced that HP intends to acquire Voltage Security. Assuming it closes as planned, it will be a great exit that I am very proud of. Voltage over the past 12 years (it was founded in 2002) has risen from its humble beginnings when we founded it at Stanford has risen to becoming the market leader in innovative encryption technology and is used by over a thousand enterprise customers around the world.
AskSundayLLC/Ask-Sunday/MakeSunday Scam
I recently posted about my experiences with AskSunday, a virtual assistant service. While AskSunday wasn’t a good fit for me, it is a legitimate company and I know people that are using it and that seem to be happy with it. However it turns out that a scammer is using the name of the legitimate company as well as variations of it (Ask-Sunday, MakeSunday, AskSunday LLC) in order to defraud job seekers. The scam was reported by a number of people in the comments of my original post (thanks!!) and was still ongoing as of December 15th.
The scammer who uses a variety of names including “Brian Clark”, “Brian Moore” and “Thomas Moore” basically promises employment for AskSunday LLC and as part of it tries to get complete bank account information from applicants. It them seems like he then he transfers money into the account, ask the applicant to spend it on a project and then withdraws it. The result is the applicant being out of pocket.
More details below. I also highly recommend reading the many great comments below the original post. Please post any new comments there.
Are banks training their customers to be Phished?
When booking travel for our second trip to Europe this year, the badly tuned Falcon Fraud Manager triggered for both of our payment cards again. It blocked Isabelle’s card and sent out an alert for mine. This itself is bad enough, but how they both banks are then verifying the transaction seems like a recipe for setting up their customers to be phished via the phone.
About 12 hours or so after booking travel I received a voice mail saying they had detected a potentially fraudulent transaction on my credit card, and it asked me to call back the number 1-888-918-7313.
Continue reading “Are banks training their customers to be Phished?”
RFC 5408 on IBE Architecture Published
RFC 5408 which describes a Security Architecture for Identity-Based Encryption. It includes protocols for key requests and public parameter requests as well as some basic building blocks for federation. The system described is similar to what Voltage uses for their IBE based encryption solutions. If you are interested in how Identity-Based Encrpytion systems scale in practice and don’t mind reading RFCs, it is a worthwhile read.
Thanks to my co-authors Mark Schertler and Luther Martin. Specifically Luther deserves the majority of the credit for moving this through the process over the past two (or more?) years. Also thanks to Terence Spies at Voltage, as well as Eric Rescorla, Tim Polk and Blake Ramsdell at the IETF for their support.