[SecurityRatty] tag: boost

Storage jump helps Symantec boost revenue

Tue, 29 Jul 2008 20:00:00 +0000

Led by strong sales in its storage and server management group, Symantec on Wednesday reported a 16 percent jump in revenue for its first quarter of fiscal 2009.

Are Stolen Credit Card Details Getting Cheaper?

Tue, 15 Jul 2008 11:36:12 +0000

What is shaping the prices of stolen credit card details? The investments the cybercriminals or real life scammers ( through credit card cloning or ATM skimming) put into the process of obtaining the details, or can we even talk about investments being made where an experienced scammer has just purchased 1GB of raw credit cards data from a novice botnet master who isn't really aware of the actual value of his "botnet output"?

Depends on which economic theory you believe in, or whether or not you'll take the "bottom-up approach" or the "top-down" one. And since I'm not aware of the existence of "the invisible hand of the underground market" and centralized power to increase the supply or decrease it to boost prices for the stolen credit card details, also indicating the existence of underground cartels putting everyone in a "price taker" position.

The basics of demand and supply for anything underground will always apply unless of course, The more they want, the cheaper it gets, the less they want, the higher the price on per credit card basis gets, since the investment on behalf of the malicious party that originally stolen them is virtually the same, and he can theoretically break-even in every single case since the credit card details were obtained efficiently. It's up to the seller to follow or entirely ignore economic behavior, and do what they feel like doing with this good which must on the other hand reach its market liquidity as soon as possible, else it becomes obsolete. The current market model can be further explained as a good example of competitive equilibrium :

"Competitive market equilibrium is the traditional concept of economic equilibrium, appropriate for the analysis of commodity markets with flexible prices and many traders, and serving as the benchmark of efficiency in economic analysis. It relies crucially on the assumption of a competitive environment where each trader decides upon a quantity that is so small compared to the total quantity traded in the market that their individual transactions have no influence on the prices."

This can be easily explained in a single sentence - it's a mess and every participant is doing whatever they want to, so generalizing on the prices charged for stolen credit card numbers would be unrealistic, since it's the price a single seller with no real impact on the "average" market price for the same good. As for the average market price itself, it would be hard to measure it depending on the quality of the sample you want to rely on, since this is a type of market where sellers don't have to report price changes in their goods for the purpose of statistical research.

A recently released report by Finjan, with whom I've been on the same page of several high profile incidents so far, touches this very same topic :

"Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says. Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditized" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $20. In its latest quarterly survey of Web trends, the California-based company said cybercrime had evolved into "a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world."

Excluding the presence of price discrimination for a while, as well as open topic offers in the lines of "how much for X amount of Y?" answered as "how much are you willing to pay?", it's all a matter of the seller in a particular situation.

Furthermore, in real-life market there's always the scarcity problem, however, in the underground market there's no shortage of resources despite the ever growing wants of the buyers. Generalizing even more, take for instance the butterfly effect of a price change in petrol, and result of which is inevitable increase of prices in every single aspect of your life, but in the underground market mostly due to the malicious economies of scale achieved, a price increase in renting a botnet would have no effect in the prices charged for the stolen credit card details obtained through the infected hosts. How come? Basically, the price and resources for malware infection are prone to decrease, if we take a malware infected host as a static foundation for the basis of any upcoming cybercrime activities using it.

Perhaps the most disturbing part is that the market for stolen credit card details is so mature, and its entry barriers so low these days, that the confidential data that cannot be efficiently obtained through real-life means like credit card cloning or ATM skimming on a large scale, is now purchased online for the purpose of abusing it in real-life by embedding the valid information into plastic cards.

VMware VI Client plug-ins and how to manage them

Tue, 15 Jul 2008 06:04:47 +0000

VMware VI Client plug-ins can provide a VirtualCenter implementation with a functionality boost. Discover more on plug-in management tactics and plug-in options, including the Juxtaposition RDP plug-in, in this tip.

Welcome, David Starr

Wed, 09 Jul 2008 09:01:00 +0000

One of the main reasons that Fritz, Aaron, and I wanted to create this company was to provide a home for people who love to teach. We didn't want to build an empire, and we weren't out to get rich. We just wanted a place where we could comfortably practice what we love to do: giving software developers a boost - watching that light go on over their heads when a new concept becomes clear. We love to teach, and it's always exciting to find talented individuals who share that passion.

David Starr is one of those people. I've seen him in action, and not only does he have a lot of very practical experience from the trenches, but he also has a clear ability to convey his knowledge and experience to his students. It's clearly important to David to connect with his students, and he does so in a way that lets them know that it's all about them - he's not there just to show off his mad skillz (which he has in abundance!) So I'm very excited to welcome David on board as our newest Pluralsight instructor. I apologize for not writing this sooner - we've all been really busy getting the new website out the door.

Here's what David had to say.

Welcome!

Attrition.org goofs on another nitwit looking for a hacker

Thu, 03 Jul 2008 00:20:22 +0000

Not quite as funny as the congressional aide who wanted his alma mater hacked to boost his GPA, but this guy looking for someone to "help me crack this e-mail" gets strung along nicely …. primarily because he's never seen "Monty Python and the Holy Grail."

Perimeter buys Edgeos to boost security offerings

Tue, 10 Jun 2008 20:00:00 +0000

Perimeter eSecurity, a managed service provider, said on Tuesday it has acquired security vendor Edgeos for an undisclosed amount to boost the capabilities in its products.

Windows Server 2008 RemoteApps give Terminal Services a boost

Mon, 09 Jun 2008 06:57:24 +0000

RemoteApps in Windows Server 2008 give Terminal Services administrators the ability to create a published desktop -- without the desktop.

Early case assessment tools for e-discovery

Thu, 05 Jun 2008 07:42:01 +0000

E-discovery is a costly but necessary process for any customer facing litigation -- which increasingly means most of your customers. Learn how early case assessment tools can help reduce e-discovery costs for your clients and boost business for you.

Give your system memory a boost with x64

Wed, 21 May 2008 04:44:17 +0000

It's no secret that memory for 32-bit systems has its limitations. By upgrading to x64 processor architectures, IT pros can access more memory while still executing the same application codes. Microsoft MVPs Danielle and Nelson Ruest break down the benefits of implementing x64 architectures in your Windows enterprise.

Popular open source spam filter gets boost

Sun, 18 May 2008 20:00:00 +0000

SpamAssassin, popular open source spam-filtering software, will have deadlier aim thanks to an add-on tool that is being offered free of charge to small businesses and individuals by MailChannels.