Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Year of 2008 In Cybercrime

CmdrTaco posted more than 5 years ago | from the a-whole-lot-less-britney dept.

Security 47

BobB-nw writes "Underground botnet markets and high-profile spam cases headlined the year in tech crime. One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. 2008 also saw major developments in the cases against three major spammers in the United States."

cancel ×

47 comments

Sorry! There are no comments related to the filter you selected.

fr1st? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26120537)

loldongs

Almost a dupe, but yet. (4, Insightful)

ColdWetDog (752185) | more than 5 years ago | (#26120547)

Worse. ANOTHER stupid, mindless Networkworld slide show.

Can someone please rustle up a good old Scientology bashing article, please?

Re:Almost a dupe, but yet. (3, Insightful)

LMacG (118321) | more than 5 years ago | (#26120595)

A cynical person might begin to wonder if there's some kind of deal between NW and /. in order to drive traffic to NW so they get the ad-impressions. Now where would be find anybody so cynical on this website?

Re:Almost a dupe, but yet. (1)

Lost Race (681080) | more than 5 years ago | (#26125275)

Hmm, NW, as in NetworkWorld, as in submitter "BobB-nw"....

The SD editors have made it clear on numerous occasions that they have absolutely no editorial judgment whatsoever, they just post anything that comes across their desk and looks at all shiny or sparkly. They don't even seem to follow the links in most submissions before posting. It's highly unlikely that either "BobB-" or "-nw" paid them anything other than attention.

Re:Almost a dupe, but yet. (1)

Architect_sasyr (938685) | more than 5 years ago | (#26126101)

Sounds like a good plan, but slashdot is probably the worst place to do advertising like that, especially as so many of us will* be using AdBlock/NoScript or Squid filtering, thus negating the ads.

* Should be - I recall a stat a little while back that had something like 40% of /. traffic as IE still. The numbers may be wrong.

Re:Almost a dupe, but yet. (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26120607)

Can someone please rustle up a good old Scientology bashing article, please?

WTF? How the hell would that news for nerds? If you want Scientology shit, go back to the scientology subredit [reddit.com]

Re:Almost a dupe, but yet. (2, Insightful)

owlnation (858981) | more than 5 years ago | (#26120889)

Networkworld = dumbfotainment.

Editors, please banish anything from this site to Idle -- slashdot's garbage can in other words. Better still, just banish it.

"cyber"? (4, Funny)

syrinx (106469) | more than 5 years ago | (#26120589)

It's 2008, not 1998; aren't we done with "cyber" yet?

Re:"cyber"? (4, Funny)

Yvan256 (722131) | more than 5 years ago | (#26120635)

Indeed, it should be an iCrime to talk about cybercrime.

Re:"cyber"? (4, Funny)

mrdoogee (1179081) | more than 5 years ago | (#26120927)

Crime 2.0 ?

Howzabout: ELECTROCRIME ? (1)

A New Normalcy (1190543) | more than 5 years ago | (#26135025)

...lb

Re:"cyber"? (2, Funny)

HungryHobo (1314109) | more than 5 years ago | (#26120939)

How about "nano" that seems to be a popular word, or "solution".
"Hyper" is a bit out of fashion.

"Nanocrime" just rolls of the tongue.

Course we could just call it "crime" or "fraud" to fit what it really is no matter the medium but that doesn't sound so cool.

Re:"cyber"? (0)

Anonymous Coward | more than 5 years ago | (#26121325)

I think the people over at nanowrimo.org would take offense. Nano-crime sounds almost like a slur against Oprah's book club or something. :-p

Re:"cyber"? (0, Redundant)

owlnation (858981) | more than 5 years ago | (#26120931)

It's 2008, not 1998; aren't we done with "cyber" yet?

iCrime?

Re:"cyber"? (1)

xaositects (786749) | more than 5 years ago | (#26123147)

It's 2008, not 1998; aren't we done with "cyber" yet?

No, kids in rivets and pink/black vinyl pants carrying cutesy, plastic Japanese backpacks need labels too...

Re:"cyber"? (1)

StikyPad (445176) | more than 5 years ago | (#26123207)

"In the year two thousaaaaand. In the year two thousaaaaaaaaand!"

The cyber-term "cyber" will become an ubiquitous cyber-prefix to all cyber-nouns. And half of all cyber-verbs.

Re:"cyber"? (1)

plover (150551) | more than 5 years ago | (#26125007)

The cyber-term "cyber" will become an ubiquitous cyber-prefix to all cyber-nouns. And half of all cyber-verbs.

It'll just get creepier. Just as we are now all cyber-complacent, the digerati will start shortening it to cy-. Cyverbs will creep into the cylanguage. We already have cyborgs, why not cyarms and cylegs? They'll "log on" to the cyweb with their cyphones.

Ish. Someone get me a cygun before this goes any further. Or a cylon. That'll stop 'em.

Emergence? (5, Insightful)

MosesJones (55544) | more than 5 years ago | (#26120593)

Hasn't there always been an underground crime racket in things like check fraud, ID fraud, ID forging, financial fraud, theft etc. It isn't that this is an emerging market, more than it is where the old market has moved into. In the same way as Wallmart moved from the real to the virtual so are the criminals.

Sure its slightly different in that you don't get mugged and it can be better automated and scaled, but fake or duplicate passports have been around for years as has the ID theft problem. Hell in a world where Illinois can elect 4 out of 8 corrupt governors its hardly surprising that there is a problem with fraud and extortion.

This isn't news about a market that is new, its news about how existing crime organisations are going into new markets, just like the Mafia et al shifting from alcohol and protection into drugs. There has always been a problem with organised crime and there has always been an underground market for illegal information and products (after all these are just different illegal shipments).

This reads a bit like the .com stories of 1999 which said that there was a new magic economy that would replace the old one, then it turned out that mainly it was the boring old economy that worked in the new world. I'd imagine that the same is pretty true for the cybercrime world, same bosses, different henchmen who have more brains than muscles.

Re:Emergence? (4, Interesting)

LilGuy (150110) | more than 5 years ago | (#26121719)

There surely has. I found my way into such a vast place back when I was 13 and discovering IRC. People hawked credit card info like there was no tomorrow, and others sold bots you could add to a net to perform DDoS attacks, all very cheap.

Nothing has changed in the 12 years since except perhaps now clueless reporters are discovering the dark side of the Internet.

Rather obvious transition (4, Insightful)

geekmux (1040042) | more than 5 years ago | (#26120613)

20 years ago, we didn't have the term "brick and mortar" to differentiate between a vendor and an e-vendor. Is it REALLY that much of a shock that the Black Market, which has been around for hundreds of years, now has an online shopping cart?

Re:Rather obvious transition (1)

zappepcs (820751) | more than 5 years ago | (#26120915)

Sorry mate, but in merry olde England, brick and mortar was a valid saying 20 years ago, but it had not yet been applied to online vendors/retailers. I do like the thought of the black market having an online shopping cart though. Sort of like a bacon sandwich vending machine!

Yeah, cybercrime is nice, but... (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26120667)

...does in happen on Linux?

Re:Yeah, cybercrime is nice, but... (4, Insightful)

Beardo the Bearded (321478) | more than 5 years ago | (#26120903)

Yes, it does.

No operating system is perfectly secure. Even Linux, with its non-root mentality, has exploits for it. I've got 74 updates waiting for download right now, many of which are security updates. (Let's just say 1/4 for the sake of argument.)

Windows was wiiiide open for years, which is why there are so many exploits for it. We've all read the "Surviving the First Day of Windows XP" guide; we know how open that OS was. That's not to say it's the only shaky OS. It's just the most famous and the most available.

The folks who break into our computers spend and make fortunes on security. I've spent about $100 in the last 10 years securing my computer. The only things that keeps me from getting cracked are my obscurity and my neural network. In other words, I don't have anything valuable or desirable, and I'm not dumb enough to open random attachments.

Any online system is crackable, given enough time and resources. These cybercriminals have more of both than we do.

Thinking for even one second that you're fully secure because you're using Linux makes you part of the problem.

Re:Yeah, cybercrime is nice, but... (1)

Anonymous Coward | more than 5 years ago | (#26121985)

No, I think I'm fully secure because I:

* Run a hardware firewall between my cablemodem and my Linux box, AND an iptables firewall on my Linux box,

* Drop packets that aren't part of an established or related session (instead of rejecting them), so to most scans I'm a black hole,

* Always clear all my data when exiting Firefox, including cookies and everything else, and periodically clobber my .firefox directory with a clean version I keep handy,

* have no open ports or services that someone could latch onto (i.e. my network-facing Linux box is strictly a workstation),

* And (important!) I always -- ALWAYS -- turn off my computer AND disconnect my cablemodem whenever I'm not actively using them. In fact, my cablemodem is rather nice; it has a button on top that disconnects it, so I don't even have to pull the cable. To hack ME, you've got to know my random DHCP IP address, AND you've got to know whether I'm even online, which only happens for a couple of hours a day.

Before you get all proud of yourself for being wiser than the rest of us Linux guys, realize that using Linux or *BSD actually DOES make you more secure, because the tools available to you to secure your box are top-notch, and with a little effort, you CAN be completely secure.

Get over yourself. Do you think you're adding anything to the conversation?

 

Re:Yeah, cybercrime is nice, but... (0)

Anonymous Coward | more than 5 years ago | (#26123071)

While taking precautions carefully helps, nothing is completely secure. Just like careful use of a condom reduces your chances of disease and fatherhood, they are not a guarantee. What your discussing is basically the same, your putting condoms on your computer and trying to be careful with what other computers you connect too, but even that is not absolute prevention. Still if your going to do it, then it is safer with the precautions.

Re:Yeah, cybercrime is nice, but... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26126119)

Basically you're just saying that you're as secure as the next guy using Windows XP with sufficient knowledge.

Nothing new there, move along.

The problem is that the majority of people having a computer connected to the Internet lack the skills to secure it no matter what OS they are running.

And before they have learned how to secure it they have already made holes in the default security in order to make, for example, a torrent client work.

Re:Yeah, cybercrime is nice, but... (0)

Anonymous Coward | more than 5 years ago | (#26224029)

Ah, but Windows XP has many mysterious services turned on all the time. A home user cannot be expected to understand what any of those services are, or why ports are open, or indeed what ports ARE.

Linux, on the other hand, tends not to behave that way. By default, the only thing Ubuntu has open is the printer port. Use Firestarter to set up a firewall and even that won't be available to the outside world.

Safer by DEFAULT.

If you want to be even safer, use OpenBSD. Those guys are just plain paranoid. I believe it's the only operating system available in which ALL the code has been audited -- and continues to be, on a regular basis.

If you think I'm doing the fanboy boogie, I'd like you to try a short experiment. Your assignment, should you choose to accept it, is to cleanly install three operating systems one at a time on a wiped, empty laptop. For each, you will connect the laptop directly to the internet (no hardware firewall -- don't cheat!), and retrieve a full set of O/S updates WITHOUT YOUR MACHINE BEING COMPROMISED. Try the O/Ses in this order: OpenBSD, Ubuntu Linux, and Windows XP.

I'm taking a shot in the dark here, but I'm guessing you won't see anything remarkable for BSD or Linux, but you'll be lucky if your XP install is even usable by the time you're done.

Let's find out! If I'm wrong, PROVE IT. Show me how tough Windows is. Tip: The average lifespan of an unprotected network-connected Windows XP box is fourteen minutes.

Re:Yeah, cybercrime is nice, but... (0)

Anonymous Coward | more than 5 years ago | (#26145409)

That still isn't fully secure. Not all attack vectors are covered in the 'connections incoming from the cloud' category.

Before you get all proud of yourself for being wiser than the rest of us Linux guys, realize that using Linux or *BSD actually DOES make you more secure, because the tools available to you to secure your box are top-notch, and with a little effort, you CAN be completely secure.

Get over yourself. Do you think you're adding anything to the conversation?

this is you. [wikipedia.org]

Re:Yeah, cybercrime is nice, but... (0)

Anonymous Coward | more than 5 years ago | (#26122129)

The only things that keeps me from getting cracked are my obscurity

security through obscurity will never work!

Re:Yeah, cybercrime is nice, but... (1)

rs232 (849320) | more than 5 years ago | (#26122865)

"Windows was wiiiide open for years, which is why there are so many exploits for it"

How do you explain the current phishing infestation ?

'We've all read the "Surviving the First Day of Windows XP" guide; we know how open that OS was'

It's news to me that it was considered so open. I can't find a link to the original but this says that to secure XP you enabled the XP firewall [sans.org] . Not much of an improvement then.

"Thinking for even one second that you're fully secure because you're using Linux makes you part of the problem"

It's not my Linux getting hacked that's a worry, but the server [theregister.co.uk] getting hacked and my identity stolen.

Re:Yeah, cybercrime is nice, but... (2, Informative)

Beardo the Bearded (321478) | more than 5 years ago | (#26123943)

XP didn't always have that security center.

Before the firewall was put on by default in SP2, a fresh install of XP had - at best - 5 minutes between the time you connected it to the Internet and the time someone else had full control of your machine. It was unbelievable.

Phishing is nothing new. It's the same ancient techniques used by snake oil salesmen and corrupt businesses since we started using money as a trade medium.

You're right about hacked servers. It's a problem that won't go away until they make banks financially responsible for the security breaches.

Re:Yeah, cybercrime is nice, but... (0)

Anonymous Coward | more than 5 years ago | (#26125227)

ECHELON? Isn't that where the government searches for words like bomb, plutonium, assassinate, and anarchy?

Also, awesome game on the C64. Wireframe 3d like Elite! but still awesome.

New developement? (4, Insightful)

N1AK (864906) | more than 5 years ago | (#26120681)

One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices.

I'm not a 1337 hacker, I'm not a computer expert, and I'm certainly not savvy to the cutting edge of crime but I'm sure this isn't remotely new. Is anyone else reading this and thinking that this was the case at least as far back as 2006?

Re:New developement? (1)

LilGuy (150110) | more than 5 years ago | (#26121749)

It goes back WAY further than 2006. It goes back at at least the latter part of the 90s. I actually traded a few cards myself back when I was an underage idiot some 10 - 12 years ago. It was much easier to get away with back then it would seem as it was before the invention of that CV2 number, and most websites would let you order crap without checking the holder's info... but essentially its the same today as it was back then.

Re:New developement? (1)

olehenning (1090423) | more than 5 years ago | (#26121955)

The approach might be the same, but the widespread use of credit cards and personal information online surely means that in the past few years, it is a much larger problem than it was 10 years ago. But I'd say that as for 2008, this is nothing new.

cv2 numbers no defense .. (1)

rs232 (849320) | more than 5 years ago | (#26122723)

"It goes back WAY further than 2006 .. It was much easier to get away with back then it would seem as it was before the invention of that CV2 number"

CV2 numbers are already hacked [bbc.co.uk] through the use of 'bugging' devices that record card wipes and key presses, usually with the collusion of the staff.

"but essentially its the same today as it was back then

Correct, a total failure of the so-called security experts to devise a secure online commercial transaction system ..

Doh (2)

Big Hairy Ian (1155547) | more than 5 years ago | (#26120785)

And not a word about Gary Mckinnon and the US's ongoing struggle to try and extradite him

the Pentagon, Spaceships and Dope .. (1)

rs232 (849320) | more than 5 years ago | (#26122583)

Which is easier, trying to stem the phishing epidemic or putting away a UFO nut ..

"The Americans have a secret spaceship?" I ask ..

".. What were the ship names?"

"I can't remember," says Gary.

"I was smoking a lot of dope at the time. Not good for the intellect [hostingprod.com] ."

mod UP (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26120839)

than this BSD 3ox,

Your official guide to the Jigaboo presidency (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26120845)

Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.

INSTALLING YOUR NIGGER.
You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.

CONFIGURING YOUR NIGGER
Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat

HOUSING YOUR NIGGER.
Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.

FEEDING YOUR NIGGER.
Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.

MAKING YOUR NIGGER WORK.
Niggers are very, very averse to work of any kind. The nigger's most prominent anatomical feature, after all, its oversized buttocks, which have evolved to make it more comfortable for your nigger to sit around all day doing nothing for its entire life. Niggers are often good runners, too, to enable them to sprint quickly in the opposite direction if they see work heading their way. The solution to this is to *dupe* your nigger into working. After installation, encourage it towards the cotton field with blows of a wooden club, fence post, baseball bat, etc., and then tell it that all that cotton belongs to a white man, who won't be back until tomorrow. Your nigger will then frantically compete with the other field niggers to steal as much of that cotton as it can before the white man returns. At the end of the day, return your nigger to its cage and laugh at its stupidity, then repeat the same trick every day indefinitely. Your nigger comes equipped with the standard nigger IQ of 75 and a memory to match, so it will forget this trick overnight. Niggers can start work at around 5am. You should then return to bed and come back at around 10am. Your niggers can then work through until around 10pm or whenever the light fades.

ENTERTAINING YOUR NIGGER.
Your nigger enjoys play, like most animals, so you should play with it regularly. A happy smiling nigger works best. Games niggers enjoy include: 1) A good thrashing: every few days, take your nigger's pants down, hang it up by its heels, and have some of your other niggers thrash it with a club or whip. Your nigger will signal its intense enjoyment by shrieking and sobbing. 2) Lynch the nigger: niggers are cheap and there are millions more where yours came from. So every now and then, push the boat out a bit and lynch a nigger.

Lynchings are best done with a rope over the branch of a tree, and niggers just love to be lynched. It makes them feel special. Make your other niggers watch. They'll be so grateful, they'll work harder for a day or two (and then you can lynch another one). 3) Nigger dragging: Tie your nigger by one wrist to the tow bar on the back of suitable vehicle, then drive away at approximately 50mph. Your nigger's shrieks of enjoyment will be heard for miles. It will shriek until it falls apart. To prolong the fun for the nigger, do *NOT* drag him by his feet, as his head comes off too soon. This is painless for the nigger, but spoils the fun. Always wear a seatbelt and never exceed the speed limit. 4) Playing on the PNL: a variation on (2), except you can lynch your nigger out in the fields, thus saving work time. Niggers enjoy this game best if the PNL is operated by a man in a tall white hood. 5) Hunt the nigger: a variation of Hunt the Slipper, but played outdoors, with Dobermans. WARNING: do not let your Dobermans bite a nigger, as they are highly toxic.

DISPOSAL OF DEAD NIGGERS.
Niggers die on average at around 40, which some might say is 40 years too late, but there you go. Most people prefer their niggers dead, in fact. When yours dies, report the license number of the car that did the drive-by shooting of your nigger. The police will collect the nigger and dispose of it for you.

COMMON PROBLEMS WITH NIGGERS - MY NIGGER IS VERY AGGRESIVE
Have it put down, for god's sake. Who needs an uppity nigger? What are we, short of niggers or something?

MY NIGGER KEEPS RAPING WHITE WOMEN
They all do this. Shorten your nigger's chain so it can't reach any white women, and arm heavily any white women who might go near it.

WILL MY NIGGER ATTACK ME?
Not unless it outnumbers you 20 to 1, and even then, it's not likely. If niggers successfully overthrew their owners, they'd have to sort out their own food. This is probably why nigger uprisings were nonexistent (until some fool gave them rights).

MY NIGGER BITCHES ABOUT ITS "RIGHTS" AND "RACISM".
Yeah, well, it would. Tell it to shut the fuck up.

MY NIGGER'S HIDE IS A FUNNY COLOR. - WHAT IS THE CORRECT SHADE FOR A NIGGER?
A nigger's skin is actually more or less transparent. That brown color you can see is the shit your nigger is full of. This is why some models of nigger are sold as "The Shitskin".

MY NIGGER ACTS LIKE A NIGGER, BUT IS WHITE.
What you have there is a "wigger". Rough crowd. WOW!

IS THAT LIKE AN ALBINO? ARE THEY RARE?
They're as common as dog shit and about as valuable. In fact, one of them was President between 1992 and 2000. Put your wigger in a cage with a few hundred genuine niggers and you'll soon find it stops acting like a nigger. However, leave it in the cage and let the niggers dispose of it. The best thing for any wigger is a dose of TNB.

MY NIGGER SMELLS REALLY BAD
And you were expecting what?

SHOULD I STORE MY DEAD NIGGER?
When you came in here, did you see a sign that said "Dead nigger storage"? .That's because there ain't no goddamn sign.

What about tax zappers? (1)

deviated_prevert (1146403) | more than 5 years ago | (#26121075)

A biggest black eye for IT is the ease with which criminals can use zappers [vancouversun.com] to dupe accounting packages.

Re:What about tax zappers? (0)

Anonymous Coward | more than 5 years ago | (#26122449)

how many cookies does one site need?

Re:What about tax zappers? (1)

deviated_prevert (1146403) | more than 5 years ago | (#26124967)

how many cookies does one site need?

The Vancouver Sun [vancouversun.com] needs as many cookies as it can set. Considering the subscription base consists mostly of Wasps in a sushi based economy!

what OS .. (2, Interesting)

rs232 (849320) | more than 5 years ago | (#26122223)

What OS does the vast majority of this 'identity theft', spam and phishing run on ?

Re:what OS .. (1)

tehcyder (746570) | more than 5 years ago | (#26131605)

What OS does the vast majority of this 'identity theft', spam and phishing run on ?

OSX, but the users don't realise it...

the solution .. (2, Insightful)

rs232 (849320) | more than 5 years ago | (#26122485)

The solution is to stop relying on Credit Card numbers for online verification. Using something like a smartcard, for each transaction, use a card-reader to generate a unique one time session-code. The transaction from the card-reader to the server is encrypted by this one-time session code. No CVC2 number, no PIN or card number need be entered or sent over the connection. To verify card present, the card generates a one-time four digit passcode that is syncronized with the server and this is typed in by the user, only then is the transaction completed. At worst all a key logger would record, is a defunct four digit code and session key.

Re:the solution .. (1)

mlts (1038732) | more than 5 years ago | (#26123671)

Even better would be a two-fold solution:

1: Make SMS messages not cost so much, or have it where they are free for the receiver.
2: For an online verification, the user gets via SMS the name and ID of the business, how much is being asked for as payment, other pertinent info (so the customer can tell if the SMS is genuine or a fake), and finally a 4-6 digit PIN that the customer types in as validation for the transaction. For someone to spoof the transaction, they would have to generate a bogus one with the amount and such, have possession of the user's cellphone and card, or forcing the user to do the transaction for them.

What would be even nicer would be a SMS-like protocol with certificate management built in. It would factor in SSL certs where purchase requests from venders are signed by their keys, and the keys are certified by a known CA. This would help people know that a purchase request for "X" is actually from the shop they were buying at, as opposed to a cheat.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?