Security Blog Feed

The Internet Crime Complaint Center (IC3) recently released their report on 2009 Internet crime statistics.  As you can probably guess, there were more complaints, more losses, higher average loss per incident.  IC3 is a federally funded non-profit, a joint operation between the FBI and the National White Collar Crime Center (NW3C). In brief: Complaints received:  336,655 Total loss:  [...]

read more...

Several researchers the University of Michigan have succeeded in cracking  the RSA security technology which protects all ecommerce and online banking transactions. The university scientists found that they could deduce tiny pieces of a private key by injecting slight fluctuations in a device’s power supply as it was processing encrypted messages. In a little more than [...]

read more...

Small business or large, studies show that all companies are at risk of attack by hackers. Government agencies including the FBI have suggested using a separate computer for all transactions involving money or sensitive information, but from a business view, that isn’t scalable or practical. So we’re gonna spill the beans for you. We’re not [...]

read more...

First Direct bank in the UK has been the first British bank to embrace Twitter. Does that really surprise anyone? As a 100% online bank, they’ve maintained a business pace a few clicks ahead of competitors in online services. But last weekend their clients and colleagues got a little surprise. First Direct’s Twitter account was duped, [...]

read more...

Browsing on the web just became a little more scary.   A group of researchers found a way to deploy an attack that can "de-anonymize" the users behind the browser (research paper available in PDF format).  Focusing on the users of social networking sites (LinkedIn.com, Facebook, Xing.com, etc.), these security researchers show how to de-anonymize a [...]

read more...

I was in a conversation this week with someone else in the online security space and I happened to mention that I think Tricerion’s Safe Login is pretty darn sweet. He was a proponent of a keyfob token that additionally used a USB chord and a card too. Yikes. That’s too complicated for me. In [...]

read more...

A world wide phishing attack on carbon emissions trading registries forced registries in nine countries to shut down, while in other countries trading was temporarily suspended.  Fake registries (phishing sites) were set up by a group of criminals who then sent out messages to thousands of users in different companies, making off with about 250,000 [...]

read more...

Well, it might not be the best career move and it probably won’t help you pad your resume, but hey – income is income, right? According to Reuters cyberthieves are hiring, and they’re placing ads online. One site, for example, pays $180 (£112) for each 1,000 times that malware is downloaded onto a [...]

read more...

2 of my 3 Twitter accounts asked me to reset my password this morning when I signed in. It seems that a third party application may have compromised accounts, but stories abound about what really happened. What I can tell you is that I know enough about where to share my passwords that I didn’t accidentally [...]

read more...

The good folks over at Credit Card Processing Gist posted an article yesterday naming the flaws of Verififed By Visa and MasterCard’s Secure Code. Flawed technology and poor design meet good economics – telling us that price is the trump card when it comes to online authentication. When we talk about the authentication space there are [...]

read more...