Monday, September 8, 2008

Over HALF A BILLION records of personal information have been exposed/mishandled in the past eight years

From the Holy $#@! department, this just in from a ComputerWorld article authored by Jay Kline.

From the article:

By my count, over half a billion records of personal information have been exposed or mishandled in the past eight years. And these are only from breaches where a record count has been publicly revealed.

That's more than the population of the European Union, and more than the number of people living in the U.S., Canada, Mexico and all of Central America and the Caribbean combined.

need I say more, ...

WASC Web Application Security Statistics 2007

For those hungry for more web application security vulnerability data, WASC has released its Web Application Security Statistics report for 2007

Direct link to report is here.



Web Fraud 2.0

A couple weeks back Brian Krebs at the Washington Post ran a series on Web 2.0 fraud (here). My apologies if you have seen this already but if not, I recommend that you take a few minutes to check out some of these posts.

Think of this as SasS for the bad guys and if you have not yet been exposed to the existence of these services then I am pretty sure you will find this series *very* illuminating.

Web Fraud 2.0: Cloaking Connections
These days, nearly every aspect of the underground online economy that supports commercial crime operations has been automated. Online forums and criminal social networking sites have long offered aspiring newbies tips on getting started. But a slew of extremely popular...

Web Fraud 2.0: Validating Your Stolen Goods
If there is any truth to the old saying that there is no honor among thieves then it is doubly true for thieves who transact with one another yet never actually meet face-to-face. Perhaps that explains the popularity of certain...

Web Fraud 2.0: Digital Forgeries
For businesses, positively identifying someone online - by name, or physical location - is extremely difficult. Many Internet firms seek to verify the identity of customers by requesting scanned copies of their driver's licenses, passports, or utility bills. But what...

Web Fraud 2.0: Distributing Your Malware
The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute your data-stealing malicious software is a time-consuming process that...

Web Fraud 2.0: Thwarting Anti-Spam Defenses
Spammers have made great strides this past year in defeating CAPTCHAs, the distorted text used as a security test to ensure a person and not a machine is behind a computer screen. But automated programs that spammers use to thwart...