I have a new article online at Security Focus on insider abuse. It's funny, I almost feared coming off as paranoid when writing about this, but I've received feedback already telling me I understated how big of a problem this actually is.

I fear that the security business is rapidly becoming just that - a business where mitigating threats is based on ROI, which means that defending against such attacks just isn't feasible for most organizations. And while the occasional privacy violation seems trivial, perhaps even silly to some readers, these abuses really do add up over time. What about the thousands of tiny violations that go unreported or unnoticed? As we've learned from the larger companies failures, they can be costly in terms of lawsuits and publicity when discovered.

posted by mt at 12:25

Interesting article on how hackers profit off of stolen CC's and ID's.

This is the online underworld, where stolen private information is quickly and easily sold over the Internet. The credit card numbers, bank account numbers, eBay accounts and other data sold there are stolen in corporate security breaches like the one at ChoicePoint, through offline crime like old-fashioned pickpocketing, and through scams known as "phishing" attacks, in which criminals trick people into revealing account information with slick-looking fake e-mails.

posted by mt at 12:04