Nearly $1,000,000 stolen electronically from the University of Virginia

[Anne & Lynn Wheeler]

On 09/01/2010 01:39 PM, Perry E. Metzger wrote:
> Hardly the first time such things have happened, but it does focus
> the mind on what the threats are like.
>
> http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/
>

In the mid-90s, dialup consumer online banking gave pitches on motivation for moving
to the internet (major justification was the significant cost in supporting proprietary
dialup infrastructure ... including all the issues with supporting serial-port modems;
one such operation claimed library of over 60 different drivers for various combinations
of customer PCs, operating systems, operating system levels, modems, etc).

At the same time, the dialup business/commercial online cash-management operations were
pitching why they would *never* move to the internet ... even with SSL, they had
a long list of possible threats and vulnerabilities.

Some of the current suggested countermeasures are that businesses have a separate,
dedicated PC that is dedicated solely to online banking operations (and *NEVER*
used for anything else).

a few recent posts on the subject:
http://www.garlic.com/~lynn/2010m.html#38 U.K. bank hit by massive fraud from ZeuS-based botnet
http://www.garlic.com/~lynn/2010m.html#53 Is the ATM still the banking industry's single greatest innovation?
http://www.garlic.com/~lynn/2010m.html#58 memes in infosec IV - turn off HTTP, a small step towards "only one mode"
http://www.garlic.com/~lynn/2010m.html#65 How Safe Are Online Financial Transactions?

-- 
virtualization experience starting Jan1968, online at home since Mar1970

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com