zedgarhoo...@gmail.com (zMan) writes: > I've heard of folks who've fallen for this. What I can't imagine is the > confluence of someone who I know well enough to blindly send money to AND > think I'd be high enough on their list of folks to email AND wouldn't know > that they were overseas already AND don't have someone I'd call immediately > to ask "Have you heard from Joe?". Who has people in that category?! > > Mind you, if someone got hacked through browser spoofing in an Internet > cafe *while overseas*, it would be a lot more plausible. The fact that this > isn't the normal MO suggests that the much-vaunted browser spoofing isn't > nearly as easy as folks make it sound...
re: http://www.garlic.com/~lynn/2012j.html#47 Yahoo Password Breach: 7 Lessons Learned - Security - Attacks/breaches - Informationweek http://www.garlic.com/~lynn/2012j.html#53 Yahoo Password Breach: 7 Lessons Learned - Security - Attacks/breaches - Informationweek http://www.garlic.com/~lynn/2012j.html#54 Yahoo Password Breach: 7 Lessons Learned - Security - Attacks/breaches - Informationweek one of the issues is whether there is better low-hanging fruit 95-96 time-period ... there were industry presentations by dial-up consumer online banking regarding motivation for moving to the internet (top of the list was enormous consumer support costs for serial-port dial-up modems ... being able to offload to ISPs). At the same time, the dial-up commerical/cash-management online banking operations were saying that they would *NEVER* move to the internet because of a long list of security vulnerabilities (nearly all of which have since been seen). the commercial operations eventually started moving to the internet (anyway ... possibly loss of institutional knowledge in the industry) and started seeing all the vulnerabilities that had been predicted. some of this has shown up recently in court cases where business operations have lost hundreds of thousands or millions from their accounts in such attacks ... and they are suing the financial institutions for the loss on the grounds of providing inadequate security. recent posts in (linkedin) "Financial Crime Risk, Fraud and Security" discussions: http://www.garlic.com/~lynn/2012i.html#18 Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft http://www.garlic.com/~lynn/2012i.html#32 Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft http://www.garlic.com/~lynn/2012j.html#0 Federal appeal court raps bank over shoddy online security http://www.garlic.com/~lynn/2012j.html#8 Federal appeal court raps bank over shoddy online security related news URL references: Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft; Automated attack bypasses two-factor authentication http://www.darkreading.com/authentication/167901072/security/attacks-breaches/240002267/zeus-spyeye-automatic-transfer-module-masks-online-banking-theft Cyber crooks evading advanced bank security to transfer funds http://www.scmagazine.com/cyber-crooks-evading-advanced-bank-security-to-transfer-funds/article/246227/ Exclusive: Online bank-theft software grows more sophisticated http://news.yahoo.com/exclusive-online-bank-theft-software-grows-more-sophisticated-080445057--sector.html Online bank-theft software grows more sophisticated http://www.chicagotribune.com/business/breaking/chi-online-banktheft-software-grows-more-sophisticated-20120618,0,278609.story Fake Android antivirus app likely linked to Zeus banking Trojan, researchers say; Cybercriminals are distributing a mobile component of the Zeus banking Trojan as an Android security application, Kaspersky experts said http://www.networkworld.com/news/2012/061912-fake-android-antivirus-app-likely-260331.html Federal appeal court raps bank over shoddy online security http://www.networkworld.com/news/2012/070512-federal-appeal-court-raps-bank-260672.html ENISA Warns Banks: Assume All PCs Are Infected http://news.softpedia.com/news/ENISA-Warns-Banks-Assume-All-PCs-Are-Infected-279470.shtml Court Slams Bank For Ignoring Zeus Attack http://www.informationweek.com/news/security/attacks/240003172 Zeus: How to Fight Back; Sophisticated Trojan Demands New Game Plan http://www.bankinfosecurity.com/interviews/zeus-how-to-fight-back-i-1592?rf=2012-07-06-eb Cybercrooks preying on small businesses http://nakedsecurity.sophos.com/2012/07/06/cybercrooks-preying-on-small-businesses/ -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN