Apparently, they can use the info on boarding passes to pose as you and purchase tickets in your name. Of course you have to go thru the ID/id card/passport barrier, but the groundwork has been laid.
This is something worth checking out at MAS or AirAsia websites.

Scary indeed.

Ref:

article at Guardian UK

In essence:

• Instead of destroying personal data, attackers are now more interested in stealing data for use in cybercrimes. The motive is no more mere personal glory.
• Methods are getting stealthier – steal data without doing noticeable damage so that the victims will not notice the intrusion.
• extensive use of botnets – 26% of PCs in the US is infected! Botnets = group of malware-infected PCs, used as launchpads to attack other PCs.

ref:

symantec.com

————————

BlueSecurity is maker of BlueFrog, the vigilante-style antispam product that’s gaining a huge following, working on the premise that the more users join in, the more pressure it will have on spammers to beat it.

As of right now, some say yes, some say no.

The difference is, they don’t sing to impress.

Instead, they plug their ideas for making information security more user-friendly. USD50K is the prize.

The main focus is on humans, who are the weakest component of a security system at work.

No prizes for guessing that this will never topple the other American Idol in terms of popularity. However, ideas derived from the competition are arguably far more useful.

For the year 2005, the 3 winning ideas are:

Bonfire. The warning messages produced by commercial firewall products can rapidly overwhelm users, with the result that many people simply allow any requested traffic to breach their firewall. The Bonfire project will address this problem through a technique called social navigation: Bonfire will aggregate the actions of thousands or millions of users, distributed throughout the Internet, to provide guidance about appropriate firewall configuration and use.

TALC. One of the challenges with making security technologies usable is that most information security threats are essentially invisible. TALC, which stands for Threat Awareness, Learning, and Control, aims to bring these threats into the foreground. TALC will provide a system that visualizes threats to the user, and provides integrated mechanisms to mitigate those threats.

“Click and Drag” Security. The existing direct manipulation interfaces that computers use (windows, pointers, icons, and so forth) have been hugely successful. And yet, the metaphors and techniques of this interface style have been abandoned by most security products, which rely on arcane textual messages. The “Click and Drag” project aims to integrate security directly into the desktop metaphor, by finding new visual representations and interaction techniques for accomplishing security management.

ref

http://it.slashdot.org/article.pl?sid=06/03/21/2125237&from=rss

As clarified by urbanlegends and hoax-slayer.com:

As with any electrical devices, you *might* get electrocuted, but the risk is probably overblown.

Reasons:

• only one case reported so far, meaning the phone or charger was defective
• neither manufacturers nor consumer agencies warn customers against using mobile phones while they are being charged. Being businesspeople, they would not expose themselves to multi-million dollar legal actions by neglecting to make users aware of this potential risk.
  
• Plus, they could have made cellphones unusable while being charged.

Therefore, Phil Zimmerman’s zfone should appeal to criminals and terrorists alike, rather than Skype, enabling you to make secure internet phonecalls:

…to eavesdroppers, Zfone is anything but routine. The protocol is based on SRTP, a system that uses the 256-bit AES cipher and adds to that a 3,000-bit key exchange that produces the codes callers can read off to one another. It has been submitted to IETF for approval as an internet standard, and by most accounts is strong enough to defy even the most sophisticated code-breaking technologies, from a hacker’s packet sniffer to the acres of computers beneath Ft. Meade.

real name: Younis Tsouli

occupation: Al-Qaeda’s top hacker

age: 22

base: West London

skills: web defacement, web cracking, anonymous browsing, hacking, programming, executing online attacks, mastering digital and media design, stealing creditcard info etc

personality: savvy, English speaking

active dates: early 2004 – fall 2005

according to the washington post:

Irhabi established himself as the top jihadi expert on all things Internet-related. He became a very active member of many jihadi forums in Arabic and English. He worked on both defeating and enhancing online security, linking to multimedia and providing online seminars on the use of the Internet. He seemed to be online night and day, ready to answer questions about how to post a video, for example — and often willing to take over and do the posting himself. Irhabi focused on hacking into Web sites as well as educating Internet surfers in the secrets to anonymous browsing.

In one instance, Irhabi posted a 20-page message titled “Seminar on Hacking Websites,” to the Ekhlas forum. It provided detailed information on the art of hacking, listing dozens of vulnerable Web sites to which one could upload shared media. Irhabi used this strategy himself, uploading data to a Web site run by the state of Arkansas, and then to another run by George Washington University. This stunt led many experts to believe — erroneously — that Irhabi was based in the United States.

Irhabi used countless other Web sites as free hosts for material that the jihadists needed to upload and share. In addition to these sites, Irhabi provided techniques for discovering server vulnerabilities, in the event that his suggested sites became secure. In this way, jihadists could use third-party hosts to disseminate propaganda so that they did not have to risk using their own web space and, more importantly, their own money.

Now that he’s caught, is this end of it? Not a chance:

…the hacker had anticipated his own disappearance. In the months beforehand, Irhabi released his will on the Internet. In it, he provided links to help visitors with their own Internet security and hacking skills in the event of his absence — a rubric for jihadists seeking the means to continue to serve their nefarious ends. Irhabi may have been caught, but his online legacy may be the creation of many thousands of 007s.

Why is this so special? The DHS is “charged with charting the federal government’s cyber security agenda .”

Measured against the Federal Information Security Management Act (FISMA) 2002 of which “Title III – Information Security” is of particular interest.
Another good reference point:

US National Institute of Standards (NIST) Computer Security Resource Center (CSRC) policies list.

Another point: it was found that DHS misplaced priorities – used too much resources to document systems and less on testing and remediying vulnerabilities found.

More shocking is that:

Not only did the overall government-wide computer security grade remain flat (at a barely-passing “D+” but several agencies — mostly those on the “front lines in the war on terror” — actually managed to fare worse this year.”

via /.

Apparently, the Tribune found the identities of over 2600 CIA employees (including an undisclosed number of covert operatives) as well as locations of more than 20 CIA facilities across the U.S., internal phone numbers and info on 17 aircraft.

The article further says:

Only recently has the CIA recognized that in the Internet age its traditional system of providing cover for clandestine employees working overseas is fraught with holes, a discovery that is said to have “horrified” CIA Director Porter Goss.

“Cover is a complex issue that is more complex in the Internet age,” said the CIA’s chief spokeswoman, Jennifer Dyck. “There are things that worked previously that no longer work. Director Goss is committed to modernizing the way the agency does cover in order to protect our officers who are doing dangerous work.”

Dyck declined to detail the remedies “since we don’t want the bad guys to know what we’re fixing.”