In this edition of the Hack Report audiocast, our panel looked at: Consumer Reports story that U.S. consumers lost more than $7 billion over the two years to viruses, spyware and phishing schemes; the Black Hat conference and its demo of how easily cookies can be captured online and used to fake identification; and the security issues surrounding contactless payment, as MasterCard announced this week a sharp expansion of its PayPass contactless card program.

Panelists this week were: Mark Rasch, former head of the U.S. Justice Department’s high-tech crimes unit; Motorola’s Chris Hinsz, who is the newest member of the PCI Security Standards Council; and Dave Taylor, president of the PCI Security Vendor Alliance, whose dayjob is with Protegrity.

[click on the play button below to start]

Comments: No Comments

Phishtank (powered by OpenDNS) a free repository for phishing sites, released some interesting stats that show phishing activity for the month of October 2006.

The Top 10 identified phishing targets are all within the financial services industry and a quarter of all phishing sites originate within the US.

Top 10 Identified Phishing Targets
1. Paypal
2. eBay, Inc.
3. Barclays
4. Fifth Third Bank
5. Volksbanken & Raiffeisenbanken (Germany)
6. Bank of America
7. Wells Fargo
8. Key Bank
9. JP Morgan Chase
10. Citibank

I’ve been playing with Microsoft IE7 since it started shipping as beta and it seems to do a reasonably good job in identifying suspicious sites.

Other anti-phishing tools:
o Netcraft Toolbar
o Google Toolbar - Safe Browsing Feature, Firefox only

Comments: No Comments