Can MashSSL solve the mash-up security problem?

A startup out of the University of Texas today released a new open protocol and related technology that addresses the inherent security risks to Web 2.0-type application mashups, according to a new report [darkreading.com].

Comcast passwords left unprotected online

User names and passwords belonging to more than 8,000 Comcast Internet customers were left exposed on the Web for at least two months. A post by Brad Stone on the Bits blog [NYTimes.com] details the situation, which was exposed by a Comcast customer from Pennsylvania.

BBC botnet buy: What were they thinking?

By Roel Schouwenberg
As Dancho Danchev pointed out, the BBC leased itself a botnet [zdnet.com]. I couldn’t quite believe it when I read it. The BBC, arguably one of the very best TV producers in the world, surely should have known better? There are so many things wrong about this that I hardly know where to start.
Firstly, given their figures, they seem to have spent quite an amount of money purchasing the botnet. Regardless of how much the total sum was, they sponsored the underground economy. Paying money to criminals (for illegal goods) is not only unethical but also considered illegal in most countries. The BBC broke the law right there and then already, not when they actively started using the botnet.

Sprint has sent letters to thousands of its customers informing them that a former employee compromised their personal account data over the course of two months in 2008 and 2009. Brian Krebs [Security Fix] says that the company mailed warnings to several thousand customers and that the breach could have been far worse had Sprint not recently upgraded its security controls.

The economy is still terrible and will likely continue to get worse in the near term, and the picture is just as ugly for enterprise security staffs. Peter Kuper, a longtime investment banker and software analyst at Morgan Stanley, said security shops can expect to see their budgets be flat at best this year and cut sharply next year for the first time in more than half a decade.

Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure.

The authors developed the model by studying the security practices at Google, Microsoft, Adobe, and other tech companies, as well as non-tech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.

By Andrew Storms

Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak about transparency when it comes to information security, very few definitions fit the overarching idea of transparency. I believe that the time has come for information security professionals to both dig deeper and out of the idea of transparency to gain a better understanding of this concept.

Brian Krebs’ terrific reporting on the targeted malware attacks against small businesses in the U.S. continues today with a closer look at the way “money mules” operate and their roles in the cybercrime operation.
In this article, Krebs interviews a “money mule” and shows the layers of online job recruitment, the sign-up process that includes bank account details and the way money is siphoned from stolen bank accounts and wired to international locations.  This is a must read article [washingtonpost.com]

The number of identification theft cases surged in 2008, according to a report (.pdf) based on the Federal Trade Commission’s annual data. 

In 2008, ID theft was by far the biggest complaint to the FTC, representing 26 percent of complaints. The next biggest complaint — third party and creditor debt collection scams — represented only 9 percent of complaints.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.