[SecurityRatty] tag: fraud-detection

Hacking Your SOX Off: Sarbanes-Oxley, Fraud, and Fraudulent Financial Reporting

Sun, 30 Nov 2008 09:24:22 +0000

New Video: Hacking Your SOX Off: Sarbanes-Oxley, Fraud, and Fraudulent Financial Reporting
I had to do a presentation for one of my MBA courses, and one of the topic choices was the Sarbanes-Oxley act. I chose it because I thought I could relate it to computer security, but as it turns out the connection is somewhat tenuous as you will see if you watch the presentation.

Hacking Your SOX Off: Sarbanes-Oxley, Fraud, and Fraudulent Financial Reporting

Sun, 30 Nov 2008 09:24:22 +0000

Elgan: Why you can't trust 'friends' on Facebook

Wed, 26 Nov 2008 02:00:00 +0000

Social networks like Facebook and MySpace are subject to new, more dangerous opportunities for fraud, writes Mike Elgan, and you would be well-advised to verify every friend.

New Visa Card, Generates Random Security Codes

Mon, 17 Nov 2008 06:20:02 +0000

In response to popular concerns with online credit card fraud, Visa Europe has announced a newly designed credit card, complete with a keypad and digital number display, according to the Daily Mail.

Apple plays catch-up, ads anti-fraud safeguard to Safari

Fri, 14 Nov 2008 02:00:00 +0000

In an update to its Safari Web browser, Apple on Thursday patched several security flaws and added anti-phishing protection -- making it the last major browser to receive the feature that blocks known identity-stealing sites.

Apple plays catch-up, adds anti-fraud safeguard to Safari

Thu, 13 Nov 2008 21:00:00 +0000

Apple Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.

Experian South Africa launches fraud prevention tool

Mon, 10 Nov 2008 21:00:00 +0000

Experian South Africa has launched its latest application, a fraud prevention tool aimed at helping companies tighten security.

Zeus Crimeware Kit Gets a Carding Layout

Mon, 10 Nov 2008 02:53:52 +0000

With cybercriminals clearly expressing their nostalgia for several notorious and already shut down credit card fraud communities, they seem to have found a way to once again give their self-esteem a boost. Following the ongoing modification of open source crimeware kits and the inevitable innovation introduced by third parties, last week a new layout was introduced for Zeus, once again courtesy of a group that's piggybacking on Zeus popularity.

It's particularly interesting to see how a one-man operation evolves into a group of third-party developers starting to claim ownership rights over the modified versions despite that they're basically brandjacking the Zeus brand and building business models on the top of it.

Open source crimeware and web malware exploitation kits on the other hand undermine the business model of a great number of "malware/spyware for hire" vendors, which surprisingly doesn't stop them from continuing offering their services and products which are often using the de facto crimeware kits as the foundations for their propositions. Are the buyers even aware of this fact? From a buyer's perspective in times when most of the output is sold in bulk form, or access to the botnet rented for a specific period of time, the buyer doesn't care about the cybercrime platform of use, but is looking for transparent ways to justify the investment he's made into renting the service.

Now that Zeus administrators and their cybercrime clerks in the face of those managing the campaigns knowingly or unknowingly knowing the type of campaigns and the data that they manage, can listen to their favorite music within Zeus and choose different layouts for the command and control interfaces while commiting cybercrime, what's next?

Convergence and improved monetization.

Fun Reading on Security AND Compliance 9

Fri, 31 Oct 2008 09:05:00 +0000

Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security." Here is an issue #9, dated October 30th, 2008. BTW, I am renaming it into “Fun Reading on Security AND Compliance”

“A Gartnergate?” What happened after Mr Pescatore uttered his now famous 12 words: “The best security program is at the business with the happiest customers.” This (complete with Gunnar’s famous “firewalls+SSL” chart), this – will add more as this snowballs.
Do you have an “ignorable” security policy? If yours is BOTH “ignorable” and “unfair”, then fuggedaboutit. Cisco survey kinda proves it. A few fun comments are here (“If people can't get their jobs done without having to find a way to circumvent policy then the policy is wrong.”)
Risk and clouds – here, here, here and here in poetic form (!). Fun reading, but you know what? For many, many organization, what they have today is LESS secure than any future cloud computing advance…
Richard Bejtlich drop-kicks SIEM too, then kicks it in the balls. Then kicks the dead horse (1,2,3)
Excellent reminder about why people don’t care about security with a fabled quote from MJR (yes, it is my fave too!) Overall, Rich “reassures” with: “Don’t worry. When things get bad enough, we’ll get the call. If you’ve kept your documentation and communications up, you won’t get shafted with the proverbial short end.”
A few essays on risk, from ANSI, from Schneier and from BlogInfoSec (part 1 and part 2, especially read part 2)
So, what do CTOs really do every day? Interesting summary here and here.
Fun exploration of security x privacy x compliance.
Burton Group opines on which security technologies will fare better/worse during "The crisis”
A really fun interview with our CEO Philippe Courtot here.
More on IT vs IT security, this time from Richard.
Do you want people like that doing “security”? A normal call center employee recognizes fraud, but their so-called “outsource security dept” authorizes the scam. Niiice.
Finally, “Robots Hunt 'Non-Cooperative Humans' in Army Plan” No comment :-)

Enjoy!

ICANN Targeting Notorious Domain Name Seller

Thu, 30 Oct 2008 21:00:00 +0000

The net's naming authority is moving to shut down a domain name seller after learning its CEO was convicted of online credit card fraud. Security researchers say the Estonia-based EstDomains plays too friendly with online criminals, while the company defends itself by saying it already has a new CEO.