October 2009
119 posts
Overheard in the Newsroom: 2070 →
‘To PR person on phone: “I would love to receive your email updates, but I’m afraid they would just clog up my Spam filter.”’
Al Iverson's Spam Resource: Ask Al: Bad things... →
“…unless AOL has suddenly implemented a new policy of picking up a bus full of day laborers from the parking lot in front of the Home Depot, driving them over to your home, and beating you with zucchini while you sleep fitfully on a carpet remnant in your unheated basement…”
Techdirt: It Doesn't Matter How Many Twitter URLs... →
“The real question should be how often are people getting malware because of clicks on Twitter.”
Seth's Blog: Opt in and opt out →
“I think there are a few general principles that could save us time and money and hassle….”
The Last Watchdog: Unstoppable new phishing... →
Read the article; this stuff is too big and scary to summarize.
DarkReading: New Honeypot Mimics The Web... →
“Glastopf uses a combination of known signatures of vulnerabilities and also records the keywords an attacker uses when visiting the honeypot to ensure it gets indexed in search engines, which attackers often use to find new targets. The project uses a central database to gather the Web attack data from the Glastopf honeypot sensors installed by participants who want to share their data with...
guardian.co.uk: A people's history of the... →
“To mark the 40th anniversary of the first stirrings of the internet…we present an interactive documentary of your stories and videos, alongside our own research and interviews with key figures.”
(via gizmodo)
TidBITS Opinion: Why Email Remains the King of... →
“It all comes down to two simple facts: email is based on open standards, and it’s the lowest common denominator for Internet communication. Any communication system that wishes to supplant email will need to offer both openness and ubiquity, and nothing available today comes even close.”
PC World: UK Police Smooth Over Rift With Internet... →
“U.K. police have apologized over a recent public presentation that linked a nonprofit Internet registry with money laundering by a notorious group of Russian cybercriminal gangsters.”
TechLaw: Obscenity in E-Mail Messages Judged by... →
“In a nutshell, the defendants used spam to promote adult websites.
The court ruled that the appropriate standard for e-mailed obscenity is a national community standard…the application of a local community standard to e-mail speech was unconstitutional.
…the court remarked that domain name registrants who use [domain name] registration services that conceal the...
ClickZ: E-Mail Marketers Trip up on Quality... →
“In recent weeks the Email Experience Council (EEC), a leading e-mail [marketing] industry group, has come under fire in industry circles for a series of errors in its regular e-mail communications. While I agree that it doesn’t give a great impression when an ambassador of our industry repeatedly sends e-mail communications with errors, I don’t lay the blame solely at the feet...
CNET News: Facebook awarded $711 million in spam... →
‘Facebook was awarded $711 million in a judgment Thursday against self-described “spam king” Sanford Wallace.’
Washington Post Security Fix: PhoneSnoop app bugs... →
“…a spyware program that allows attackers to turn a target’s handset into a microphone that can be accessed remotely.”
Federal Computer Week: Government to build $1.5B... →
“The federal government will spend an estimated $1.5 billion to build a new data center in Utah to support intelligence and defense agencies’ cybersecurity programs….”
DarkReading: Nearly 6 Million Infected Web Pages... →
“Among newly compromised Websites of 10 pages or more, nearly 20 percent of their pages were infected. The bad guys have been infecting more pages as a way to score more victims.”
(640K should be enough for anybody.)
PC World: Internet Phone Systems Become the... →
“Cybercriminals have found a new launching pad for their scams: the phone systems of small and medium-sized businesses across the U.S.”
Joho the Blog: Elizabeth Goodman on walled gardens →
“…walled gardens originally were created not to keep people [out, but] to create a microclimate.”
Wired GeekDad: The First E-Mail Address: Raising... →
“…when setting up e-mail addresses for your kids, you should work off the assumption that this will become a primary form of communication they will use for the near future and should be approached with that level of importance.”
DarkReading: MAAWG's Mission Evolving As Botnets,... →
“Spam and malicious email have been gradually declining as more stealthy and efficient Web-borne attacks have become a popular choice for the bad guys. MAAWG ISPs and vendors yesterday reported slight drops in email abuse, but it’s still steady at around 90 percent of all email traffic.”
Cisco Security: Common Errors Causing DKIM... →
“…this is the first time that we have had comprehensive information on signatures that fail to verify. The study involved about 14.2 million messages with DKIM signatures, 5.33% of which failed to verify. The messages came from 16,797 different domains, 10,968 (65%) of which had 100% verification rates and 2,899 of which failed consistently.”
anti-virus rants: sector.ca's wall of shame was... →
“this is pretty unbelievable to me, that security pros can’t keep their own shit secure at a security conference. no wonder security appears to be so hard and we have so many breaches - you folks aren’t paranoid enough! you absolutely belong on a wall of shame if you thought you could use some strange networking service and just naturally be secure. use an encrypted tunnel to a...
The Industry Standard: Eight steps to Internet... →
“…there are a handful of ways to become an Internet pariah in a very short period of time. In the hope that you might not fall into some of these traps, allow me to enumerate those ways.”
The Last Watchdog: Windows 7’s security ‘time... →
“While Microsoft has made great strides in security, the decision to add gradations to the User Account Control mechanism in Windows 7 — and set the default setting at medium -high — once again lays bare the company’s engrained features bias.”
Washington Post Security Fix: Cyber Crooks Stole... →
“According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim’s online banking credentials with the help of malicious software distributed through spam. The intruders then initiate a series of unauthorized bank transfers out of the company’s online account….”
Al Iverson's Spam Resource: Top Five Tips for... →
Al explains everything — yes, everything — that senders (of any kind) actually need to know about blacklists.
Kim Solez, MD in Internet Evolution: The Web Could... →
‘What constitutes a “private space” in the Internet Age is becoming more and more unclear. We live in a world where email is mined for marketing, and Facebook passwords are revealed in legal investigations. Choosing to put something online is tantamount to choosing to give up the privacy of that thing, at least in the worst-case scenario.
Now it turns out that even our thoughts...
CNET News: Schneier warns of marketers and dancing... →
“…Schneier pokes fun at National Cyber Security Month, talks about his background in crypto and working for the U.S. Defense Department, and says he fears privacy invasion more from marketers than governments or criminals.”
Return Path: A Deluge is Underway; is Email... →
“Both Raindrop and Wave have the potential to change (and hopefully improve) the way we communicate online. Everyone who works in email, and in messaging in general, will be watching and blogging and exchanging lots of email about it.
Thing is, the competition happening here isn’t just between Google and Mozilla. It’s between two entirely different ways of...
Help Net Security: Nigeria shuts down 800 scam... →
“The Nigerian Economic and Financial Crimes Commission has shut down no fewer than 800 scam websites and arrested members of 18 syndicates behind the fraudulent scheme in a renewed bid to clap down on internet fraudsters….”
DigitalIDNews: Group looks at ID theft... →
“A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that terms are defined in statute versus in practice—terms such as identity theft, identity fraud and data breach.”
Ben Laurie: "We Used To Be More Secure" →
A tale of a bank having removed simple, old-fashioned, difficult-to-bypass security measures in favor of shiny technology.
Email is not Dead →
“Media hype often leads to “email is dead” headlines, followed by praise for whichever new technology killed email this time. It never happens. However, new developments mean the way people use email is changing.”
DarkReading: Major Secure Email Products And... →
‘A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of “Bill Gates,” which landed successfully in users’ inboxes.’
Red Pill Email: Why I Critique Political Email... →
“If you’ve read some of my posts you know that I’ve taken political emailers to task on several occasions and I’m not usually nice about it. So why do I critique political email practices? Because bad email practices are bad email practices regardless of political affiliation, but let me give you a few more reasons….”
MediaPost: Trust Is The New Black →
“When consumers have so many different kinds of relationships with so many different people and companies and products and services and ideas, how can any, or many, of them stand out? How can media companies or marketers establish meaningful visibility, let alone usage loyalty, in this ever-entangling clutter? There is only one answer now: trust.”
Al Iverson's Spam Resource: Barry Don't Play That →
“…an employee of an ISP’s abuse desk wrote in, offering up the following points of wisdom, thoughts on what annoys an ISP representative.”
Kill All Humans: Everyone’s network leaks →
“Everyone has a spam problem. Be it a problem with receiving too much spam in their inbox, receiving too many false positives in their spam folder, or on the flip side, having their marketing mail show up as spam in their reader’s spam folders.
Everyone involved is working quite hard to figure out ways to help one another while maintaining some security for their end users. This is great....
OnlyOnce: Why I joined the DMA Board, and what you... →
“The DMA could be stronger in fighting for consumers’ interests. Why? Because what’s good for consumers is great for direct marketers. Marketing is not what it used to be, the lines between good and bad actors have been blurred, and the consumer is now in charge. The DMA needs to more emphatically embrace that and lead change among its membership to do the same.”
Daggle: How Link Spammers Killed My Wife’s Web... →
“If you’re link spamming, you suck. If you know someone who is link spamming, they suck — and you should tell them so. If you don’t know why you suck, here’s a story about the human impact of what you do.”
The Last Watchdog: Scareware purveyors advance to... →
“…even if the victim does not make a purchase, his or her machine gets botted and can now be used to spread spam, steal account logins and carry out other criminal activities, including spreading more scareware promos.”
Neil Schwartzman on Al Iverson's Spam Resource:... →
“If it’s already best practice, why does the government get involved?”
Bronto: Finally, A Step Towards Permission-Based... →
‘There is a lot of controversy around B2B marketing and what many in the industry deem as “cold-calling by email.” If a company buys a list of executives and mass emails them, it’s easier to identify that as not permission based marketing. But if a lone sales person emails one executive about a potential business opportunity, is this spam? …Most B2B salespeople would say no, some...
Al Iverson's Spam Resource: I Support Opt-In... →
“I’m having a hard time seeing a problem with an opt-in requirement; it’s already best practice. People who don’t follow opt-in as a best practice are already doing things wrong. We want less spam in the world, not more. Even marketers should agree, shouldn’t they?”
DarkReading: Security Software's New Form Factor:... →
“Taking a page from their predecessors in the open-source community, these vendors have developed a simple strategy: If you give it away, they will come.”
Red Pill Email: MoveOn from Bad Email Practices →
“You know, I really do hate to love talking about political entities and email, but there are just so many silly and downright stupid things that political mailers do that it can be a real smorgasbord of blog fodder.”
TechRadar: 29 tech phrases you should be punched... →
“In an ideal world, anybody using these expressions would be punched in the face by their PC; for now, we’ll have to make do with mocking them instead.”
(they missed “deliverability”)
Seth's Blog: The Rule of High School →
“Any sufficiently overheated industry will eventually resemble high school. High school is filled with insecurity, social climbing, backbiting, false friends, faux achievements, high drama and not much content. Much of this insecurity comes from a market that doesn’t make good judgments, that doesn’t understand how to reliably choose between alternatives. So it turns into a...
Blight Watch: Yahoo Settles Click Fraud... →
“The suit claimed Yahoo was serving their ads up to some mighty shady sites, such as parked domains and typosquatting sites (which are slightly-misspelled URLs of legitimate sites). This led to a lot of click fraud, and a lot of angry advertisers.”
Who Has Time For This?: The Fallacy of the Fallacy... →
“Earlier this week Julia Angwin posted a story titled The Fallacy of Identity Theft, in which she accused big corporate bad guys of conspiring against the poor folk to whip up a panic regarding the non-existent crime of identity theft. …I wonder why she didn’t interview any victims prior to writing her cutesy rant?”