August 2009
88 posts
CrapHammer: What Spammers Know That We Don't →
“The Real Estate, Online Pharmacies and Porn Spammers have once again proven they are leaders in adapting new technologies to their annoying purposes.”
This does not, however, mean that marketers should start adopting the same tactics.
Continuations: Clouded Email Deliverability:... →
“It has been great for startups to be able to fire up instances on Amazon EC2 or Slicehost for next to nothing, but one thing that has gone down the drain in doing so is email deliverability. I try out a lot of new services all the time and at this point I would say that well over half of those new services don’t get their email messages into my inbox.”
The same is true for any other...
Al Iverson's Spam Resource: White House Spam,... →
‘Taking list data from multiple politically-related groups, combining that data, and calling it “your list” is hardly a new practice, but it’s an awful practice. A stupid practice. A spammer practice.’
Softpedia: Click Fraud Malware Hides as Firefox... →
‘The extension is being offered on various forums via JavaScript as an Adobe Flash Player update. Once installed, it appears in the Add-ons Management window under the Extensions tab as “Adobe Flash Player 0.2.”’
Slate: Why corporate IT should unchain our office... →
He neglects to mention that preventing the unsafe computing behaviors of yesteryear is largely ineffectual against today’s threats.
News.com.au: Faraway planet bombarded with Earth... →
“More than 25,000 messages were hurtled toward the planet in a chunk of data that took two hours to send….”
1 tag
Web Ink Now: Sleazy opt-in email tactics from... →
“Sure, one person may buy your product, but is it worth annoying thousands? Is the economy really that tough?”
Consumerist: Robocalls Banned! →
“What’s not covered: pretty much what you’d expect, like robocalls from political groups, charities, and debt collectors.”
In other words, they banned everything except the robocalls I actually receive.
Network World: FBI investigating laptops sent to... →
“The U.S. Federal Bureau of Investigation is trying to figure out who sent five Hewlett-Packard laptop computers to West Virginia Governor Joe Mahchin a few weeks ago, with state officials worried that they may contain malicious software.”
When it comes to security, always look a gift horse in the mouth — and anywhere else the malware might be hiding.
CDT PolicyBeta: Facebook Taking Steps to Increase... →
“Whereas developers previously had access to all profile data on a user, the new system will require applications to specify categories of information they wish to access and obtain express consent before data is shared. Users will have to specifically approve any applications access to their friends’ information and that information would still be subject to the friend’s privacy and...
Fergie on CircleID: Glaring Weaknesses in... →
“…most of the major criminal organizations are still operating (pretty much) in the open, with fear of retribution or criminal prosecution, for a number of reasons.”
Macworld: Inside Snow Leopard's hidden malware... →
“If you try to open an infected file, Snow Leopard will present you with a stronger warning, saying that the file may damage your computer and suggesting that you move it to the Trash.”
Snow Leopard is the cutesy name Apple assigned to the new version of Mac OS X, which came out this week.
Network World: New attack cracks common Wi-Fi... →
“The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers….”
CRN: Facebook, Twitter May Lead To Burglary →
“Posting vacation plans to social networking sites like Twitter or Facebook might just be an invitation for a thief to burgle your home while you’re away.”
Same’s true of vacation or “out of office” auto-responders, but people keep misusing those.
1 tag
“Office English and the King’s Own English are not the same thing....”
– Adam Koebel, on Twitter
CNET News: ACLU chapter flags Facebook app privacy →
“…millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not realize the extent to which developers of quizzes and other applications have access to personal information.”
DarkReading: Most Insider Leaks Happen By Accident →
“These are individual actors who often are just trying to do their jobs and don’t understand that what they are doing is dangerous.”
CircleID: Study Finds Some 4000 Domains Expired... →
Grist: Is it time to get rid of phone books? →
“WhitePages is sponsoring a Ban the Phone Book” initiative to encourage the creation of “opt-in” programs, wherein citizens would only receive a phone book if they requested one. In the survey, 81 percent of respondents said they’d support such a program.”
As always, humans prefer opt-in.
Bank Systems & Technology: Bill of Rights for... →
“[The bill] calls for consistent processes for handling identity crime incidents in addition to amendments to privacy legislation and regulation so victims can more easily access and correct their personal information records.”
Washington Post Security Fix: Tighter Security... →
‘…the group recommends that commercial banking customers “carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.”’
DarkReading: SQL Injection Demystified →
“Attackers are using the old standby SQL injection en masse — a look at the attack and how to protect your applications from it”
Any web application which accepts input — even something as simple as a search box, or a “contact us” form — may be susceptible to these attacks.
SC Magazine UK: ISP criticised for distributing... →
“As the password is changed monthly instead of being generated randomly, all subscribers that signed up in the same month will have the same password.”
Seth's Blog: The massive attention surplus →
“The internet has…created a surplus of attention…but marketers haven’t gotten smart enough to do something profitable with that attention. …Yes, I will give my attention to an ad, but only if it’s anticipated, personal and relevant. We still give permission to marketers that earn it, but so few marketers do.”
In other words: even with a surplus of...
Vineeta Shetty on Internet Evolution: In India,... →
“…the open platform acts as a magnet for all forms of unmoderated clutter, as people begin identifying where they live, marking where they got their last haircut, and so on…asking users to validate themselves by registering their email addresses is the simplest way of sifting the wheat from the chaff…”
John Levine on CircleID: Helping Banks Fight... →
“Although the primary target of this suit is the crooks, an equally important subsidiary target is banks, who have consistently stonewalled attempts to learn about the extent of the losses the details of the scam, and what the banks are doing to deter it.”
Al Iverson's Spam Resource: Permission Marketing:... →
“Every ESP (email service provider) or direct sender uses the term, making it entirely neutral as a measure of whether or not a company is a spammer, or if they’re a provider that would allow spammers on their network.”
DarkReading: It's All About Infecting, Selling Big... →
‘The botmaster told the undercover researcher that he didn’t focus on exploiting vulnerabilities when going after prospective bots. Instead, he mostly used social engineering via instant messages. He can spam 10,000 users with a lure like a “check this out”-type link and get a one percent or better response rate, he said.’
Return Path: Yahoo!, Email Stamps and Whitelists →
An actual answer from Yahoo! about that email stamp paper (plus an ad for a Return Path product.)
Ira Winkler on Internet Evolution: Tech Reporters... →
“Why isn’t the press talking about the underlying enablers of the attacks, the botnets? Why doesn’t the press report that 160,000 negligent computer users enabled the attacks in question? Why don’t we see investigative reporters track down infected systems? Likewise, why don’t we see reporters question government officials to ask them why we are doing nothing to impede the bots that enable...
Twittercism: Twitter Will Be The Birthplace Of... →
“…we’re probably less than five years away from spambots being so sophisticated that not only will you gladly follow them, you’ll be engaging with them. Heck, you’ll be buying from them. You won’t know the difference between these artificial mass-marketers and the genuine ones…”
Brad Feld: An Example of Failing At Marketing... →
“I don’t know who’s managing the District 9 twitter marketing campaign, but their abuse of twitter…just caused me to decide not to go see the movie tonight. Here’s the history of the experience.”
Jonathan Hochman on Internet Evolution: Nasty... →
“When a developer visits an infected site, the page installs a virus on their machine that silently copies the passwords stored in FileZilla, CuteFTP, and possibly other File Transfer Protocol (FTP) client software, and sends them to a central server. The server then runs a bot to access all sites for which credentials have been stolen and installs an iframe injection attack on many pages,...
Dark Reading: Study of Russia-Georgia Cyber... →
“A year-long study of the cyberwar between Russia and Georgia is being published this week, along with some dire warnings to U.S. businesses and individuals.”
msnbc: Sue Facebook for sharing your info?... →
“Frankly kids, suing Facebook for violating your privacy is like going to a kegger at the Devil’s house, then waking up on the front lawn the next day hung over, naked, missing your soul …and surprised.”
Return Path: Don't Snip Your Best Asset →
“Alongside the rise of Twitter and its famously 140-character message size limit has come an explosion in URL shorteners…with spammers gleefully abusing these systems and some shortening services on the verge of disappearing, we must question whether the use of URL shorteners in any other medium — such as email — is a wise practice.”
Joho the Blog: meta-meta-spam →
“Based upon this press release, uSocial is correct: It is not a spammer. Rather, it enables spammers. And then they spammed me to tell me about it.”
Twittercism: There Are Three Kinds Of Lies: Lies,... →
“When held up against the offline, ‘real’ world – and particularly other social networks, such as Facebook and Myspace – Twitter’s 40 per cent inanity rating is almost certainly incredibly low. Be honest: are 60 per cent of all the conversations you have of genuine, measurable value?”
see also: deeper insights into the same study from Danah Boyd.
Politico: White House will change e-mail rules →
“The White House said Sunday night that it will change its e-mail sign-up procedures after some recipients of a health-care e-mail complained that they had not asked to receive updates.”
Leading by example!
John R. Levine: Are phishing and malware separate... →
“It seems to me that although the details are different, the fundamental problems and solutions are very similar, so it makes sense to consider them together.”
Seth's Blog: Willfully ignorant vs. aggressively... →
“Challenging the status quo is what I do for a living. …But there are two ways to do it, and one of them is ineffective, short-sighted and threatens the fabric of the tribe. The other seems to work.”
MediaPost: Gmail Points Way To Brighter Future For... →
“The amount of email they must process in any given day is staggering. Their servers groan under the weight of it all. And the vast, vast majority of that email traffic is AWFUL. …I’m talking about botnets sending pharma spam, phishing scams, and messages aimed at driving visits to Web sites that will discreetly insert malware on their machines. That’s what keeps these...
OpenDKIM →
“The OpenDKIM Project is a community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service.”
It’s a source fork from Sendmail’s DKIM library and milter, by the same author — so it’s likely to be the new reference implementation.