Tuesday, March 20, 2007

MOMBY is on deck

So I'm still undecided on whether or not Mondo Armando and Müstaschio are for real. All the news reporters seem to think so, but I think it could also be just another April fools joke. Either way, if they actually produce some Myspace exploits, that would be awesome. Myspace has such a history of slow response to security issues, that I'm not feeling sorry for them in any way. And given that it hosts millions of peoples personal information and they tend to be mostly computer illiterate and lack security knowledge, it looks like a good target for hackers. I also really like the approach these guys are taking, by making fun of the other Month of Whatever projects. HD Moore's original Month of Browser Bugs was awesome, but the ones that followed seemed to get less and less important. So in the end, I guess we will just have to wait and see whether this is just another publicity stunt or if these guys have something to offer other then humour. Stay tuned.

Read the Story HERE

Monday, March 19, 2007

Got Identities?

Brian Krebs has written a few articles recently focusing on how bad identitiy theft and credit card fraud really is. There are 2 facts that I find really hard to ignore, which are also really infuriating. The first is that according to Symantec, the majority of the Credit Card trafficking is being done on servers located inside the USA. So what happened to that Patriot act? Why are these criminals allowed to continue doing this, when clearly the FBI has the power to stop it. I know the logic they are using is that they are going after the kingpins and not the small fish, which makes sense. Except that tens of thousands of US citizens are getting thier lives destroyed in the process. And even though they may take down a kingpin one day, another one pops up the next. So eitherway, US citizens are getting screwed. The second problem I have is that we are infact subsidizing our own credit cards getting stolen. The Credit Card industry on a whole acknowledges fraud as an acceptable loss and simple passes on the costs to the customer. They even go so far as to sell us identity theft protection. That is completely ridiculous. Here's a novel idea, how about you make your product secure before selling it to the American public.

Read the Story HERE