fraud posts

It would be easy for Linux and Mac users to point to this blog post by Brian Krebs at the Washington Post's Security Fix and feel smug. The post flat out states that the simplest, most cost-effective way to avoid online fraud is: "Don't use Microsoft Windows when accessing your bank account online."

If you're a Windows user, ouch.

But hold on a second. The thing is, Krebs isn't endorsing the Mac or Linux platform in his condemnation of Windows. Rather, he's pointing out that Windows is the most-targeted platform, but that certainly doesn't mean that Macs or Linux machines are invulnerable.

Krebs points out that the safest way to avoid malware and make sure your banking session is secure is to boot your machine from a Live CD that is a pristine, uninfected environment. Live CDs are typically Linux variants, but the OS doesn't really matter -- what matters here is that you are booting an operating system that malware can't infect because its state is not persistent.

This is solid advice, and it leads me to wonder how long it will be before the major OS makers offer a locked-down virtual machine, or better yet a locked-down banking partition that is a fast booting light OS containing only a secure browser with which to do your most sensitive online tasks.

Kind of sounds like a job for Chrome OS, doesn't it?

What's better than spam? How about seeing a man found guilty of operating a phishing scheme face 101 years in prison? A 45 year old man in California was recently found guilty of posing as AOL's billing department and tricking people into giving him their credit card information, by using hacked Earthlink accounts and fraudulent web pages. Under the glorious Can-Spam Act, this guy has been convicted on multiple counts including wire fraud, and misuse of AOL trademark. So if you have noticed a little decrease in the amount of spam in your inbox, most likely it stems from cases like this. The government taking spam issues extremely seriously and laying down the law, it seems as though fewer and fewer spammers and phishers are in operation. Look out for final sentencing information that will be announced on June 11th for this case.

Veteran security and anti-virus company McAfee has agreed to pay a $50 million fine for inflating its revenues by $622 million between 1998 and 2000—131% in 1998 alone. According to Red Herring, "McAfee consented to pay the multimillion-dollar penalty to the SEC without admitting or denying the allegations of the complaint." The SEC will distribute the fine among investors.

[Via Slashdot]