Many applications installed on Android phones interact with Google services by asking for an authentication token …

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot…

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

Now what might an unscrupulous person do with this? Might one be able to observe a person using his Android phone, capture the  token, then use it to find-out more about the person?

In June 2004, the Cantwell/Enzi amendment of a federal bill called FACTA finally permitted ALL identity theft victims access to the credit applications and the transaction records in accounts opened fraudulently in their names. The reality is that once an account has been identified as fraudulent, the credit issuer must provide application and transaction information to you and to the designated police, as long as you send a police report with your request. That law is FCRA section 609(e).”

If your subject gets into entirely different surroundings from those in which he was first observed — and this is the important part — really plays up to the new surroundings and behaves as if he had never been out of them, then he would be invisible to even the cleverest Private Investigator.

A fool tries to look different; a clever man looks the same and is, at the same time, different.

The deceiver assumes the new role by actually becoming the person he is impersonating. He is quietly absorbed into his new surroundings. In essence, the person you are seeking may be hiding in plain sight.

In Plain Sight

When he’s out and about near his Denver home, former Broncos quarterback John Elway has come up with a novel way to travel incognito—he wears his own jersey. “I do that all the time here,” the 50-year-old Hall of Famer told me. “I go to the mall that way. They know it’s not me because they say there’s no way Elway would be wearing his own jersey in the mall. So it actually is the safest thing to do.”  (Source: http://sportsillustrated.cnn.com/vault/article/magazine/MAG1175387/4/index.htm)

New Firefox Add-On Detects Firesheep, Protects You on Open Networks

If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.

Some doctors’ offices and car dealers in the Greater Toronto Area got a failing grade after private investigators found easily accessible personal records in their dumpsters.

Protect yourself by forcing the authentication through TLS or stop logging into Facebook using public networks.

Identity cards scheme will be axed ‘within 100 days’

The National Identity Card scheme will be abolished within 100 days with all cards becoming invalid, Home Secretary Theresa May has said.

Identity documents and what the person in question tells you are not sound evidence of a person’s identity. A person’s identity is  rooted in their life — where they have lived, worked, gone to school, their relatives and friends.

Countries that have a national identity card system run the risk of the identity card becoming  the single point of failure by making the card the only source of identity information. When this happens, the crook can hide behind the card produced by a compromised system.

If you are in a position that requires you to test claims of identity, then you have to dig deeper for supporting documentation and verification.

The best place to start digging is the persons employment. This may be faked by providing fake companies with phone numbers that are answered by confederates. Check for the  existence of the firms before contacting them. A good place to start is to Google the firm’s phone number to see if appears associated with the firm and nothing else.

For current residence ask for utility bills and home insurance policies. A faker may have a utility bill but they rarely pay for a fake home insurance policy.

When checking references, always ask for the names and contact details of the subject’s friends and family. Of course, you rarely get this, but you may get  useful corroborating data, or you may learn that these people don’t really know the subject if they do not know any of his friends or family.

Most people regard a passport as the most reliable and secure identity document. However, this is far from the truth of the matter. For example, Citizenship and  Immigration Canada does not accept certain travel documents because they are easily forged or obtained through fraud.

On March 11, 2010, CIC amended the Immigration and Refugee Protection Regulations to clarify the factors used to determine which travel documents can be used to apply for a visa, and to travel to or enter Canada.

Under the new Regulations, the following travel documents are considered unreliable and are not acceptable for entry into Canada:

• any passport claiming to have been issued by Somalia,
• non-machine readable passports issued by the Czech Republic,
• temporary passports issued by the Republic of South Africa, and
• provisional passports issued by Venezuela.

We have not found any way to link a passport number to the issuing country and the person named in it. Nor, have we found a reliable source of information about how to recognise a forged passport. This makes relying on such a document without expert knowledge and the resources of a government department unwise.

If the current passport was issued through an embassy outside the country of residence, then you may have reason to investigate further. Also, remember, it is easier to make yourself look like the person pictured in the passport than it is to forge the passport. If you have any doubt that the person in the passport is the person before you, then action must be taken.

I always ask for home, work, fax, and mobile numbers.  I always Google these numbers and search them in D&B and other databases with a telephone number field. It is amazing what turns-up when you do this. For example, dozens of businesses using the same fax number, or prostitution ads using the same number. Things like this have to be investigated.

I recently found a subject’s mobile phone number on eBay where he was selling goods from his former employer who found this very odd, but the police didn’t — they charged him with a series of thefts.

Email addresses should be treated in the same manner but also search for usernames and social sites associated with the subject.