Online Financial Crime Headed From Bad to Worse

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://www.bizreport.com/article.php?art_id=5770

"The implications are significant. A savvy criminal could use a
cleverly designed e-mail to trick a victim into visiting what looks like
a trusted Web site -- like a bank site or Amazon.com -- but which in fact
is nothing more than a page designed to fool a victim into entering
credit card numbers, passwords and other sensitive
information."

"The main thing I'm really concerned about with these bogus e-mails
is that they're quickly becoming more and more complex and
sophisticated," said Johannes Ullrich, chief technical officer for
the SANS Internet Storm Center, which collects data on Internet attack
trends. "Even for experts like us, it's becoming harder to
distinguish between what's real and what's fake."

"If Microsoft issues a patch to fix the flaw, it would likely be the
20th "critical" software patch to be released by the Redmond,
Wash., firm this year. ..."

My suggestion is to look at the situation realistically - there is going
to be another flaw to be exploited even after you patch, so use your
systems accordingly :-)

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************