threatpost: How Mass SQL Injection Attacks Became an Epidemic
“…very few Web developers have had any kind of training on writing secure code or deploying Web applications safely, so they end up worrying mainly about functionality and performance, with security an afterthought at best.
So the end result is millions of Web applications with simple, easy-to-exploit vulnerabilities that have become a virtual shooting gallery for attackers.”
New York Times: Concern for Those Who Screen the Web for Barbarity
“The surge in Internet screening services has brought a growing awareness that the jobs can have mental health consequences for the reviewers, some of whom are drawn to the low-paying work by the simple prospect of making money while looking at pornography.”
Techdirt: There Is No 'Internet Kill Switch' Legislation... And Pretending There Is Distracts From The Real Debate
‘…it appears that the meme of an “internet kill switch” — which apparently was first put forth by Declan McCullough — has pretty much taken over the debate on the bill. And some are noting that this is problematic, as there are lots of real issues to be discussed around the bill…’
St. Petersburg Times: SOCom says no military information on stolen laptops
“The heist occurred at the iGov facility at 9211 Palm River Road and was captured on surveillance camera, according to a search warrant filed by a Hillsborough County sheriff’s detective. Up to seven people spent nine hours loading thousands of Panasonic Toughbook laptops and other equipment onto two semitrailer trucks.”
InformationWeek: NIST Proposes Tracking Cyber Attacks Via Web Services
“The service would record transactions — whenever they are invoked — between pairs of services, and piece them together into pictures of the complex transactional scenarios that occurred during specific time periods, such as during an attack.”
View From The Bunker: Is today really Black Thursday for Cyber Attackers?
“The implementation of DNSSEC has been a long time in coming and each milestone passed is a very necessary step in the right direction. The signing of responses from the 13 root zone server clusters today should be seen in that context—it’s a start and a very big start. However, any expectation that this milestone marks the date that the Internet suddenly becomes safe is exaggerated.”
spamnation: The Facebook connection?
“…the Chinese fake-storefront scammers who have been using other people’s Hotmail accounts to send spam have also been hijacking Gmail accounts. Talking to people who have had their Gmail accounts hijacked has revealed one interesting fact: everyone we spoke to had used the same password for both Gmail and Facebook.”
MSNBC: See an online job scammer at work
“There’s nothing new about Internet-based money mule scams — they’ve been around for at least 10 years. What’s new is a persistent national unemployment rate that’s been hovering near double-digits for the past year. …the scams grow more sophisticated and the cover stories more believable, even as the ranks of the unemployed grow more desperate.”
Sucuri: Understanding and cleaning the Pharma hack on WordPress
“This attack is very interesting because it is not visible to the normal user and the spam (generally about Viagra, Nexium, Cialis, etc) only shows up if the user agent is from Google’s crawler (googlebot). Also, the infection is a bit tricky to remove and if not done properly will keep reappearing.”
Herald.ie: Tesco fined for sending junk e-mail
“The supermarket giant was fined €2,000 at Dublin District Court after it pleaded guilty to four counts of sending mails to customers who had indicated that they did not wish to receive them.”
HP: "We Haven't Been Hacked" ...is not a metric
“…most companies that are getting attacked right now will never know. Unless you have very sophisticated, self-defending, well-written code then your web applications are sitting ducks. What’s worse - you will probably never know until someone finds your customer’s data posted on a blog, and IRC channel, or fraudulent charges start showing up on people’s statements.”
Return Path Blog: Spam Complaints Fuelled By Poor Practice
‘…legitimate senders of commercial email are encouraging spam complaints by simple poor email marketing practice. Just under “I suspect them of phishing attack” - the primary reason people reported emails as spam were examples of poor email marketing practice - “Too many (frequency)” and “Don’t remember signing up”.’
Optimal Security: Time to Ditch WinXP SP2!
“Basically, there will no more WinXP SP2 updates or patches, including any critical security updates. In fact, Microsoft will not even be testing any new or unresolved vulnerabilities against SP2 to see if it is impacted, nor will they be developing any more patches or updates for it.
…But, perhaps more importantly, there will be no further security updates for Internet Explorer 6 running on WinXP SP2.”
Periodic Table of Meat, from pleatedjeans.files.wordpress.com (via tip from @wise_steve)
Redmondmag.com: What Does Microsoft Know About You?
“From Windows Activation Technologies (WAT) to Bing, Microsoft stockpiles information on you even when you don’t sign up for services such as Hotmail.”
About me
a friendly linkblog covering email technology, spam prevention, "deliverability," and related topics.
Box of Meat is not associated with any particular company or organization.
www.flickr.com
|
Box of Meat is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
