Security Blog 
   HOME  |  ARCHIVES  |  CONTACT  |   QADDISIN  |   WIFI SECURITY PROJECT  |   RSS


3.25.2004

Global Extortion: Online Gambling and Organized Hacking
A related story to the offshore gambling discussion below. I find this fascinating - organized crime is moving in on the same areas online, money laundering, sex, gambling, as they have offline (for quite sometime now). These DoS attacks must be really effective, because books are paying up.
posted by mt at 13:02


3.24.2004

Throwing your hard drive away?
Think twice about that and make sure you wipe it first.
In fact, only 10 percent of the drives I purchased had been properly sanitized.

Much of the data we found was truly shocking. One of the drives once lived in an ATM. It contained a year's worth of financial transactions—including account numbers and withdrawal amounts—from a organization that had a legal requirement to not divulge such information. Two other drives contained more than 5,000 credit card numbers—it looked as if one had been inside a cash register. Another had e-mail and personal financial records of a 45-year-old fellow in Georgia. The man is divorced, paying child support and dating a woman he met in Savannah. And, oh yeah, he's really into pornography.

posted by mt at 07:57


3.23.2004

Security consulting illegal?
A scary read from Mark Rasch of Security Focus.
As a computer security expert, you are hired by an offshore casino in the Cayman Islands to develop a security and authentication technology. Your client is a licensed Cayman casino that has been operating for over 30 years, and wants to make a foray into online gaming.

You perform a standard penetration test, a security assessment, an architecture and code review, help establish the SSL and authentication protocols, and help with firewall implementation and monitoring -- you know: the full suite of security services. You test the beta site and its configuration, and give your stamp of approval.

With check in hand, you return to America and days, weeks or months later, the site goes active. A few weeks after that, you are visited by an FBI agent with a federal grand jury subpoena seeking records relating to your security work. Weeks after that, a knock on the door announces the arrival of deputy U.S. Marshals with a warrant for your arrest for violation of 18 U.S.C. 1084 and 18 U.S.C. 2.

This really hits home for me, as our company discussed DoS security with a gaming site. A contract never materialized, but can someone explain to me how it would have been a crime? Sometimes the government can really get its priorities out of whack.
posted by mt at 10:34


HOME - ARCHIVES

This page is powered by Blogger. Isn't yours?