Many websites will allow you to "recover a lost password" if you (or a crook) can supply your date of birth, mother's maiden name, etc. So, of course, crooks buy and sell data like dates of birth, mothers' maiden names, Social Security Numbers, and other easily mined minutae. — Read the rest

Brian Krebs posts a list of additional organizations said to have been targeted in the RSA attack, that massive data breach disclosed back in March. How many additional targets? Nearly 800 of them.

I didn't think it was possible to think any less of disgraced former New York Times reporter Judith Miller. But then, sweet fancy Jesus, I read her analysis of the Great Blackberry Outage of 2011. For Fox News.

I present to you the pull quote:

Cyber- and germ terrorism are quiet killers, and therefore, threats that are easy to underestimate.

Brian Krebs continues his excellent investigative series on the inner workings of online ripoffs, today with a deep look at underground freight-forwarders, so-called "Drops for stuff." These services use patsies recruited on Craigslist through a "work at home" scam to receive goods bought with stolen credit card numbers and forward them on to crooks. — Read the rest

Security researcher Brian Krebs got a look at the auction prices at iProfit.su, a criminal marketplace where you can buy hacked and phished PayPal accounts; he discovered that the going account for 100 zero-balance verified PayPal accounts is a mere $50 — that's 50 cents per account. — Read the rest

"I hope that I'll be able to work for the Department of Defense. From what I hear, they're pretty good at what I want to do."— Cody Andrew Kretsinger, the LulzSec/Anonymous suspect arrested this week in Arizona.

Last February, i.materialise reported that they'd declined an offer to 3D print a new fascia for an ATM, because they suspected it was part of an ATM skimmer (a device used to capture peoples' ATM PINs and card numbers). The news may have inspired another ATM skimmer gang, four men from South Texas who were indicted in June. — Read the rest

Crooks who compromised Fidelity National Information Services's prepaid debit card database were able to draw out $13 million in one night, working with co-conspirators in several countries in one weekend night, after the banks had closed:

Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained.

Beware of Juice-Jacking, warns security researcher Brian Krebs. Those cell-phone charging kiosks in airports and other public places amount to an "unknown device that could be configured to read most of the data on your phone, and perhaps even upload malware."

Brian Krebs is continuing to report on the latest research on spammers and scammers, today naming and shaming the banks that process payments for fake anti-virus and rogue pharmacy affiliate networks, and on the system used by scammers to prevent being cut off by Visa and Mastercard. — Read the rest

Brian Krebs looks at the remarkable drop in spam that the Internet has experienced this year (25-50 billion spams/day today, down from a peak of 225 billion spams/day last July), and at the vicious new malware that's appearing as spam-crooks get more desperate. — Read the rest

Authorities in Russia have arrested Pavel Vrublevsky, co-founder of Russia's biggest online payment processor ChronoPay, over charges that he paid a hacker to attack his company's competitors. More: Joe Menn in the Financial Times, and Brian Krebs at Krebs on Security.

Brian Krebs has an in-depth look at SpyEye, a "crimeware" trojan horse that is used to harvest personal information (especially banking credentials) from infected Windows machines. SpyEye's keylogger is capable of prioritizing the information it grabs by paying special attention to information from browser forms, including Chrome and Opera. — Read the rest

Brian Krebs has a good investigative piece on BuyEmails.org, an India-based website servicing Nigerian fraudsters and other Internet scam artists. They offer curiously targetted email lists ("6 million prospective work-at-home USA residents for just $99"), untraceable bulk email, and direct payment schemes from Nigerian banks, and (hilariously) they don't accept credit cards or Paypal because of all the fraud they've suffered. — Read the rest

Brian Krebs went browsing in an underground proxy marketplace, where criminals rent time on hijacked computers to other criminals who want to use the compromised machines as launching-grounds for untraceable networked attacks. Krebs traced down some of the people whose computers were up for rent and let them know that they were being bought and sold on the underground. — Read the rest

According to Mohamed Hassan (a security expert and IT professor) Samsung has admitted to shipping laptops with covert, undisclosed keyloggers installed, there to "monitor the performance of the machine and to find out how it is being used." Their PR department refuses to discuss the issue: "In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners. — Read the rest

Brian Krebs reports on the takedown of the command-and-control servers for Rustock, the largest and most successful spam botnet. The botnet's output has fallen from thousands of spams per second to one or two spams per second:

It may yet be too soon to celebrate the takedown of the world's largest spam botnet.

The Guardian reports that three UK teenagers who created and ran "one of the world's largest English-language internet crime forums," described in court as "Crimebook", have been sentenced to up to 5 years in jail. Authorities estimated that losses from credit card data traded over Gh0stMarket.net — Read the rest

Security reporter Brian Krebs has a fascinating piece up on Pavel Vrublevsky, founder of Russia's biggest online payment processor, ChronoPay. Krebs reports that this man also co-owns Rx-Promotion, an online pharmacy that sells tens of millions of US dollars worth of controlled pills to Americans each year: Valium, Percocet, Tramadol, Oxycodone, and other substances with high street resale value. — Read the rest

ImageShack discovered that they were being used by fake pharmacy scammers to host images for their crappy websites and spam. So ImageShack now serves this warning image for all the pharma referrers they can find.

Imageshack Swaps Spam Pages for Scam Alerts