An incredibly interesting report on electronic crime recently crossed my desk. "E-Crime Survey 2009" was conducted by the 7th Annual e-Crime Congress in partnership with KPMG. Electronic crime is growing at an alarming pace. This paper sheds light on some of the reasons why electronic fraud is growing so rapidly. I do not scare easily, but one particular quote, made by Uri Rivner, who is the Head of New Technologies - Identity Protection and Verification Solutions, RSA,The Security Division of EMC, actually sent chills down my spine. Rivner wrote:

Trojan kits such as Zeus and Limbo are now so affordable and user-friendly that many non-sophisticated fraudsters that were previously focused on Phishing are now diversifying to crimeware. If your Trojan isn’t configured for a specific target bank, worry not: for $10 you can buy a custom HTML injection template for use with your Trojan. It will address any specific defences used by the bank, and even automatically check the balance for you. And for less than $300 per month you can even buy a “Software as a service” subscription to a Zeus Trojan hosted in a “bulletproof” server and connected to an infection kit. Just pay the subscription, sit back, and start infecting machines around the world and harvesting the victim’s credentials. 

Several weeks ago, Don Power wrote an article on this site about Conficker (aka the April Fools Worm) and its similarity to the Y2K issue. I came across an article today that lends weight to this comparison and thought that I should share.

Dennis Fisher wrote an excellent article on Threatpost about research done on the Conficker botnet. The good folks at Kaspersky Labs have analyzed the P2P network that Conficker uses to send updates to infected machines. Turns out that there are only around 200,000 computers connected to the botnet. Talk of Conficker's famed 'sleep mode' notwithstanding, 200,000 is a big number, but it is a far cry from the global calamity that some sources were predicting.

Have you ever gotten an email that looked like it came from a company you do business with? It might contain words like 'verify your account details', or it might warn you to some suspicious activity in your bank account. And, its call to action will be a link to a page where you should log in immediately.

Of course you have - I just described a phishing attack and phishing is nothing new. However, have you ever wondered why the links shown can look so incredibly legitimate? The 'answer' is that there is a quirk within HTML (aka 'the markup language that makes web sites look the way they do') that makes it possible to 'show' a different address than you are really going to.

My Dad spent over forty years in the Royal Canadian Mounted Police. Over the course of his career, he was stationed through F-Division (RCMP-speak for 'Saskatchewan'). Being RCMP brats, my little sister and I were lucky enough to live in some very interesting places.

One of the more interesting places we lived was a vibrant little town called Carlyle. I was seven years old when we moved there and the whole town quickly became my playground. Perhaps the most interesting aspect of Carlyle was its proximity to other little towns, like Arcola, Kisbey and Forget. One of my parents' good friends lived in Forget, so we used to spend quite a bit of time in that beautiful little place with its fascinating history.

Author's Note: Dan and Shane wrote some pretty wonderful articles yesterday, so I am feeling pretty nervous about this one.

NetSecure Technologies' security guru, Nima Sharifimehr and I were having a conversation about this blog and some articles we hope to write together. After a particularly enlightening conversation on fields like privacy, social media, information security, and sidejacking methods, I asked him for a list of things that he would teach every internet user in the world about security.