November 2011
1 post
RIP JD Falk →
The email and anti-spam communities lost one of their leading lights last night. JD was a passionate defender of email end users. He will be greatly missed by all of us.
For some of the many tributes go to the site above or to this from CAUCE, an organization JD helped found.
http://www.cauce.org/2011/11/jdfalk.html
October 2011
17 posts
Christopher Soghoian in the New York Times:... →
“Brave journalists have defied court orders and have even been jailed rather than compromise their ethical duty to protect sources. But as governments increasingly record their citizens’ every communication — even wiretapping journalists and searching their computers — the safety of anonymous sources will depend not only on journalists’ ethics, but on their computer skills.”
threatpost: Walking Among Security Giants →
“Security is a comparatively young discipline, and that relative youth means that many of the men and women responsible for pioneering the field are not only still here, but are still actively working, writing, speaking and sharing their knowledge and experiences with anyone willing to read or listen. This will not always be the case.”
Consumerist: Protect Your Brand From Becoming A... →
“There’s an opt-out that you can apply for that lets you block your registered trademark from being in the pool of available .xxx domains and prevent third-parties from exploiting your carefully crafted brand identity. The fee is $199-$350 depending on your registrar. The block lasts for 10 years.”
John Levine in CircleID: The Mainsleaze Blog →
“Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume.
The new MainSleaze blog…is all mainsleaze all the time, and she’s having no trouble...
The Next Web: The first email was sent 40 years... →
“It’s become a firm fixture of everyday life, loathed by some but essential to nearly all of us, and yet its future is far from certain. Email is forty years old this month, with the first message having been sent in October 1971.”
Krebs on Security: Who Else Was Hit by the RSA... →
The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.
Ars Technica: Dennis Ritchie: the giant whose... →
“Ritchie, the creator of the C programming language and co-developer of the Unix operating system passed away on October 8 at the age of 70, leaving a legacy that casts a very long shadow.”
Cloudmark The Federal Government and Email... →
“Being able to trust email from federal agencies is highly important to them, not merely for communication among agencies but also between the government and its constituents.”
Brian Solis: Social Media Customer Service is a... →
“Most companies proclaim to be ‘listening’ in the space but very few have changed or implement processes or products based on this listening. Huge ROI can be gained just by measuring changes that stem from listening. It’s sad to say, but the only changes I have seen are those due to large or threatening groundswells. And in my view, change was only made to silence the noise.”
Ars Technica: Computer virus hits US Predator and... →
“Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and...
AllTwitter: Why Mass Following on Twitter Doesn’t... →
“Twitter finds much of its strength in the fact that you can refine who you follow, choosing to only follow family, or people in your niche, or your customers. By diluting this with agreeing to follow those who have mass followed you, you will likely lose interest in Twitter.”
Dark Reading: Are Users Too Dumb For Security... →
“Too many security pros blame users for failing to remember the fundamentals that security awareness training teaches, but the real problem is that these programs just aren’t very good”
Talking Points Memo: The Government and ISPs At... →
“Both the U.S. government and the country’s internet service providers (ISP) agree that botnets are among the greatest threats facing Web users.
But they can’t yet agree on what to do about it, because the ISPs aren’t exactly the biggest fans of a government document calling for them to establish voluntarily, industry-wide standards for detecting and fighting threats.”
Word to the Wise: Spammers and Google →
“It seems spammers are buying very, very old lists scraped from usenet and inviting everyone on those lists to join them on Google+.”
Ned Batchelder: Stopping spambots with hashes and... →
“Rather than stopping bots by having people identify themselves, we can stop the bots by making it difficult for them to make a successful post, or by having them inadvertently identify themselves as bots. This removes the burden from people, and leaves the comment form free of visible anti-spam measures.”
Errata Security: October is Cybersecurity... →
‘Last year, the president declared October to be “Cybersecurity Awareness Month”. But, October has already been Breast Cancer Awareness Month for the pat 25 years. So which is it? Cybersecurity or Breast Cancer?’
Wired: How Two Scammers Built an Empire Hawking... →
“…thanks to a series of lawsuits and criminal complaints filed over the past several years, combined with interviews with former company insiders, it’s possible to reconstruct a picture of how scareware gets made—and how it made multimillionaires out of two misanthropic hucksters.”
September 2011
4 posts
threatpost: The Inside Story of the Kelihos Botnet... →
“Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks.
Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the...
The Last Watchdog: Trust in the Internet falters... →
“Digital certificates enable consumers to submit information that travels through an encrypted connection between the user’s web browser and a website server. The certificate assures the web page can be trusted as authentic. But the unprecedented attacks against CAs shows how fragile that trust can be.”
Word to the Wise: Are you ready for the next... →
“It’s been months since the first attacks. This is more than enough time to have implemented some response to reports of attacks. Yet, many people I talked to last week had no idea what they should or could be doing to protect themselves and their customers.”
Microsoft Research: Sex, Lies and Cyber-crime... →
“Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population. A single individual who claims $50,000 losses, in an N=1000 person survey, is all it takes to generate a $10 billion loss over the population. One unverified claim of $7,500 in...
August 2011
29 posts
Christopher Soghoian in Ars Technica: Not an... →
“Major social networks, e-mail providers, and communications companies offer products with insecure default settings, needlessly exposing their customers to hacking, identity theft, and government surveillance. Some firms offer security options that can be used to protect against common attacks; however, they are frequently so hidden in obscure configuration menus as to be invisible to...
Consumerist: Amazon Dumping Copycat... →
‘Amazon has begun notifying publishers that books that are “either undifferentiated or barely differentiated from an existing title” will be removed from the Kindle store.’
threatpost: How Spammy Facebook Scams Still Manage... →
“As Facebook scams continue to loom and infiltrate news feeds, web security firm Websense has conducted a study to tabulate just how far these campaigns stretch. The news isn’t encouraging, with scams on Facebook estimated to reach more than a million users in a matter of days.”
The Telegraph: Fraudster used Facebook to hack... →
“Iain Wood spent up to 18 hours per day online, working out passwords from personal information posted on social networking sites by his acquiantances.”
Securelist: Flying phishers: cybercriminals... →
“Customers of Brazilian airline companies are being targeted by a flood of phishing messages whose goal is to steal customer’s accounts and their miles in the frequent flyer programs maintained by local airlines. The miles stolen from customers are becoming a new kind of currency among Brazilian cybercriminals and phishers, who can use them to issue tickets for themselves, sell tickets to...
The Globe and Mail: Free sucks. I want my privacy... →
“I have always been understanding that these tech giants need to make money. Supporting tens of millions of users takes time and a whole lot of resources. While it’s in Google, Facebook, and LinkedIn’s interests to attract as many users as possible – and clearly free is the way – there are obvious consequences: Users get to play without paying, but every few months we get kicked in the...
Consumerist: The Bandit Sign Vigilante →
‘One man has had enough and won’t take it anymore. He’s going to take cleaning up Philly into his own hands, one “We buy houses!” and “Get paid daily from home!” sign at a time.’
Kaila Colbin in MediaPost: An Open Letter To The... →
“What do you think will happen if you take away one of the few communication platforms for people who are unheard?”
Sonic.net CEO Blog: The Five Levels of ISP Evil →
‘I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on….’
Matt's Hacking Blog: Addressing the latest... →
“First, to combat some FUD: Facebook is not sharing this information from you with your friends. Your buddies aren’t going to be able to call up your Grandma.
But what Facebook have entirely ignored, and why this is again an issue, is the question of permission.”
Techdirt: How One Unverified Claim Of A $7,500... →
‘…for anything in which someone puts a prefix of “cyber-” before a word, we can assume that reports of the “impact” are going to be massively inflated.’
Light Blue Touchpaper: Measuring... →
“In particular, we find that around one-third of the collected search results were one of 7,000 infected hosts triggered to redirect to a few hundred pharmacy websites. In the pervasive search-redirection attacks, miscreants compromise high-ranking websites and dynamically redirect traffic different pharmacies based on the particular search terms issued by the consumer.”
New York Times: The Facebook Scare That Wasn't →
“…this is where Facebook often gets into trouble — not because they necessarily did a bad thing, but because they didn’t explain themselves well enough.”
Techdirt: Court Says Sending Too Many Emails To... →
“…the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions.”
Sophos: Hacktivism, hacking and hackers – what do... →
“In a world under clear and ongoing economic erosion by cybercriminals - not by hacking, or by hacktivists, or by hackers, but by cybercriminals - the overuse of the H-words in the media actually works against computer security in general.”
Word to the Wise: A Disturbing Trend →
“Over the last year or so we’ve been hearing some concerns about some of the blacklisting policies and decisions at Trend Micro / MAPS.
One common thread is that the ESP customers being listed aren’t the sort of sender who you’d expect to be a significant source of abuse.”
Unmask Parasites: Hacked WordPress Blogs Poison... →
“I found 4,358 self-hosted WordPress blogs that contained many (usually more than 100) doorway pages that redirected visitors coming from Google Image search to fake AV sites.
Those doorway pages can be easily identified….”
Scott Hanselman: Hackers can kill Diabetics with... →
‘One has to read these articles and blog posts very carefully. It’s easy Link Bait to say “A hacker can kill diabetics wirelessly without them knowing it!” …While Jerome Radcliffee, the gentleman who did the proof of concept, is no doubt very clever, the folks who are blogging this fear mongering should do their homework and read the details.’
New Scientist: US internet providers hijacking... →
“Searches made by millions of internet users are being hijacked and redirected by some internet service providers in the US. Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.”
(The article includes a list of the ISPs which...
Sophos: Internet Explorer users have low IQ? Media... →
“…fascinatingly, it wasn’t just the research that was utterly bogus - it was the company behind the research too. Because AptiQuant didn’t really exist.”
Vanity Fair: Exclusive: Operation Shady... →
“For at least five years, a high-level hacking campaign—dubbed Operation Shady RAT—has infiltrated the computer systems of national governments, global corporations, nonprofits, and other organizations, with more than 70 victims in 14 countries. Lifted from these highly secure servers, among other sensitive property: countless government secrets, e-mail archives, legal contracts, and design...
Tina Dam in CircleID: ICANN, the New gTLD Program,... →
“What concerns me is that if we do not get the first round of introductions of new gTLDs right next year we might cause a lot of damage to the Internet. The intent with all the new gTLDs is of course consumer choice, and to allow for innovations beyond the traditional domain name space. We cannot afford allowing bad intended (purposely or not) entities to destroy this development.”
Securosis: Words matter: You stop attacks, not... →
“Every so often, the way security marketeers manipulate words to mislead customers makes me cringe. I’m not going into specifics because that isn’t the point. I just want to clear up some terminology that many security companies misuse, which really makes them look silly.”
SecurityWeek: Don't Focus on Headlines: Worry... →
“Although Groups Like LulzSec and Anonymous Have Created Headlines with Very High Profile Attacks, They Represent a Tiny Fraction of the Online Crime that Happens Around the World Each Day”
Journey Into Incident Response: Google the... →
“Search engines are not only great tools for locating information across the Internet but they can alert organizations of potential security incidents. Others have already published methods on how to use search engines to locate information including web pages infected with SPAM links and common vulnerabilities. In addition to this information, search engines can help determine if a...
“There is no bigger sucker than a marketer who’s afraid he’s missing...”
– Bob Hoffman, quoted by Tim Orr in a comment on MediaPost