aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
diff options
context:
space:
mode:
authorszTheory <szTheory@users.noreply.github.com>2018-04-13 10:34:37 -0400
committerGitHub <noreply@github.com>2018-04-13 10:34:37 -0400
commitfe1c93aa1d1dd84c86151673f7803272024aa1a7 (patch)
tree143ca0d12bda9f706eb47a3613a54920c4ebb54b /guides/source/security.md
parent57fe81200f1b645acd62ec004b4664944a3fbf68 (diff)
downloadrails-fe1c93aa1d1dd84c86151673f7803272024aa1a7.tar.gz
rails-fe1c93aa1d1dd84c86151673f7803272024aa1a7.tar.bz2
rails-fe1c93aa1d1dd84c86151673f7803272024aa1a7.zip
Update security.md with latest underground market prices
Updated underground market prices according to the 2017 Symantec ISTR (was previously citing the 2008 report)
Diffstat (limited to 'guides/source/security.md')
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index 06c24670de..a21526d895 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -74,7 +74,7 @@ Hence, the cookie serves as temporary authentication for the web application. An
* Instead of stealing a cookie unknown to the attacker, they fix a user's session identifier (in the cookie) known to them. Read more about this so-called session fixation later.
-The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from $10-$1000 (depending on the available amount of funds), $0.40-$20 for credit card numbers, $1-$8 for online auction site accounts and $4-$30 for email passwords, according to the [Symantec Global Internet Security Threat Report](http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf).
+The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from 0.5%-10% of account balance, $0.5-$30 for credit card numbers ($20-$60 with full details), $0.1-$1.5 for identities (Name, SSN & DOB), $20-$50 for retailer accounts, and $6-$10 for cloud service provider accounts, according to the [Symantec Internet Security Threat Report (2017)](https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf).
### Session Guidelines