I've covered this before, but google's team has done a fantastic job of promoting improved application security practices. The gruyere (http://google-gruyere.appspot.com/) is a set of application security training activities focused on educating developers on how to identify and respond to application security issues using a real application. For those with no budget for security training, this is perfect!
While there are a lot of new posts regarding the new ways to exploit people using novel techniques and 0day exploits, there continues to be a rash of tried and true methods of coercion. I want to just walk through a simple example and reflect on how effective these methods continue to be. Many people turn toward online classified sites to buy and sell items online. This example starts with kijiji.ca which even I've used on occasion to find used electronics and other items. Doing a search on the site for a " Samsung Galaxy Note 2 " returns a posting from today with someone selling one for an unreasonably priced unit. $125 for a $500 phone?, but what if it's for real? No harm in just asking some simple questions. Email sent with some obvious questions regarding the condition and location. About an hour passes before I get a response from what appears to be a legit seller. Notice no answer to the questions I asked, but a friendly pointer at where th