I read an awful lot, but despite (or perhaps because of), the sheer volume I read, not many pieces really fire me up. However, this morning, I was lucky enough to read a terrific article by Jim Mortleman. Entitled "Business in the 21st century: Stay tuned for brave new world", this article is a must read for anyone interested in social media (whatever that is), web 3.0 and the future of business.

Dan McCann talked about scareware in one of the very first articles published on this site.  To review, 'scareware' is a particularly evil form of malicious software.  Scareware will pop up a warning that tells you that your computer is infected with viruses, then it will offer to fix these viruses if you download a program and pay an activation/licensing fee.  Now, here is the problem - you were never really infected with those viruses, rather, you were caught up in a very convincing, thoroughly scary kind of scam.

Yesterday, Panda Labs released some research into scareware (though they call it rogueware).  "The Business of Rogueware" contains some very interesting statistics on the growth of this new kind of scam.  This fake anti-virus software is growing at an incredible pace.  Consider these numbers:

• in the first quarter of 2009, more scareware strains were created/detected than in all of 2008
• approximately 35 million computers are infected with scareware every month.
• cyber-criminals make an estimated $34 million per month through these kinds of attacks

On Tuesday, McAfee released their Threat Report for the second quarter of 2009.  This threat report contains some very interesting statistics on the prevalence of spam and I thought I should share some of these stats with you.  And, if you are interested in reading the entire report, you can download it directly from McAfee (.pdf).

June 2009 produced the most spam that McAfee has ever seen.  It beat the previous high (recorded in October 2008) by over 20%!  This is a tremendous rate of increase and, as McAfee noted, "if the economy could rebound as spam has done in second quarter, we would all be much happier with
our retirement account."  These numbers mean that spam now represents 92% of all email sent.

If you spend any amount of time on the web, you have definitely seen some security warnings. The question is, 'what do you do when you see one?'  Do you automatically click 'yes' to proceed?  If so, researchers from Carnegie Mellon University say that you are not alone.

Shane Gross would normally be the guy to write articles like this, but he is swimming with the fishes. Wait...that's not what I meant to say.  He is swimming with whale sharks off the coast of Mexico.  So, I am lucky enough to get to write this exciting article.

I have some incredibly exciting news.  I just found out that SmartSwipe is now being carried by Futureshop!  We are on store shelves and are also being carried on futureshop.ca.  It is an honour to work with a retailer like Futureshop and the entire swipe cave is buzzing with excitement right now.

The Office of the Privacy Commissioner of Canada recently completed an in-depth investigation into Facebook. This investigation was prompted by a very wide ranging complaint made by the Canadian Internet Policy and Public Interest Clinic (CIPPIC). CIPPIC complained that Facebook was in violation of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). The complaint made twenty four specific allegations, which covered twelve major subject areas.

The Privacy Commissioner rejected four of these are being not well founded. They argued that four others were well founded, but Facebook has already taken steps to fix them. And finally, four complaints were deemed well founded and outstanding - in the Privacy Commissioner's opinion, Facebook is technically violating Canadian law in these four areas. In this paper, I would like to analyze the four areas in which Facebook is 'violating' the spirit of PIPEDA.

Not even the Canada Revenue Agency is immune to security problems. In January, the Canada Revenue Agency was the subject of high profile phishing attacks. Then, in April, I wrote a tongue-in-cheek article about some problems the CRA has had with securely disposing of old hard drives. And today, our security guru %^&# ^&%^$&*)@!(, alerted me to a rather terrifying problem with the CRA's ePass service.

To those of you not familiar with the program, ePass is a great way to access Canadian Tax services. If you use the service, you can file/change your returns online, update your address/banking information and even file disputes. Sounds like a great service, doesn't it? It is, though, unfortunately, using the service might make you markedly less secure.

Social networking sites have been under attack lately. In February, Facebook made a very controversial change to its privacy policy - this change resulted in a massive backlash. Twitter has been the victim of several high profile attacks. In their 2009 Midyear Security Report, Cisco cited social networking as one of the major vulnerabilities in the first half of 2009. Our blog has covered many stories about how criminals use social networking sites (like Facebook, Twitter, LinkedIn, and others) to spread malicious software and steal identities. However, we have not done an adequate job of talking about privacy (whatever that is) on these popular web services.

The social implications of privacy have been one of my favourite topics for several years. The first time I read George Orwell's beautiful 1984, I was struck by a strange dichotomy that I still have not resolved. True freedom lies in either having complete privacy or a complete lack of privacy (combined with a complete lack of judgement). However, advances in technology make a complete lack of privacy incredibly dangerous - crimes like identity theft, credit card fraud, etc are not so much financial attacks as they are attacks against privacy. And, as crimes like identity theft and credit card fraud become more common, people become more concerned with their privacy.