January 2010
75 posts
Consumerist: How Should I Go About Whistle... →
“We have started calling customers to offer a free promotion. I feel that we got these customers phone numbers for a different reason and that it is wrong to call them all to advertise with special promotions. I have taken a big risk by sending a survey out to all of our employees to see what they thought, and so far, everyone agrees with me. I plan on presenting my arguments in a speech to...
ZDNet: Cambridge researchers knock Verified by... →
“By training people to enter personal details into a form they may not fully trust, the 3DS system lays the groundwork for criminals to ask for more sensitive information, such as banking details, in a fake form, the researchers argue. A spoofed version of the form has been used in phishing attacks, they added.”
Financial Times: Hackers target friends of Google... →
“…the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were. The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.”
Baekdal.com: The Usability of Passwords →
“Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones.”
Mike Cardwell: DNS Pre-fetch Exposure on... →
‘When you view an email in Mozilla Thunderbird, it looks at each of the URLs in the body, and does a DNS lookup on each of the domains. It does this so the page loads faster if you click on the link. It doesn’t just happen on HTML emails, it also happens for plain text emails. Viewing the body in “Plain Text” mode rather than the “Original HTML” or “Simple...
Terry Zink: Spam is solved, we can all go home now →
“…to summarize, a team of researchers downloaded and installed some software that flips a computer into a botnet. This bot then started spewing out spam and the team was able to capture the spam, analyze, and then write spam rules in order to 100% target the spam run.
All you have to do is download the malware, capture the spam traffic, and then use the traffic to build an antispam...
Computerworld: China hacks used as lure for more... →
“…F-Secure…reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user’s machine.”
PC World: Spammers Sneak Through CAN-SPAM... →
“When we think of ‘spammers’, we usually picture an offshore group of criminal individuals, pushing fake pills from websites that are outside the direct reach of U.S. law. But there’s another group of spammers, who are closer to home. These are the home-grown, shady direct marketers who have crossed the line from legitimacy to spam…exploiting what they believe are...
Courthouse News Service: Woman Says Yahoo! Bandies... →
“She says a recent search of her name on Yahoo! generated 1,630 hits - all of them linked to Levitra, which she says falsely implies that she endorses the product.”
Threat Level: DarkMarket Ringleader Pleads Guilty... →
“Members of the site traded in stolen bank card and identification data. They bought and sold specialized equipment for skimming card and PIN numbers, and for cloning data to blank cards. The activities on DarkMarket are estimated to have resulted in fraud amounting to tens of millions of dollars.”
All Facebook: Want To Run A Promotion For Your... →
“Facebook wants to make sure that the user experience is free from spam. These updates to the Facebook promotions guidelines also make it clear that Facebook wants to ensure brands don’t take advantage of user profiles for their own benefit.”
Network World: 80% of government Web sites miss... →
“Most U.S. federal agencies — including the Department of Homeland Security — have failed to comply with a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites.”
CNN: U.S. enables Chinese hacking of Google →
“The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it’s that the U.S. government inadvertently aided the hackers.”
Help Net Security: Analysis of 32 million breached... →
“In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine.”
The Forrester Blog For Security & Risk... →
two samples:
“Advanced persistent threat: a security product manager hyping new categories
Blended threat: a hemlock smoothie”
MediaPost: Why 2010 Could Be A Bad Year For... →
“The good news is that the ISPs (and their technology providers) are doing a much better job at preventing much of the truly criminal spam. With the worst mail out of the way, what are they finding? Of the mail that is not criminal spam, the mail streams that are causing the most noise from ISP subscribers…is mail coming from legitimate companies with very poor practices.”
Internet Storm Center: When Rogue On-Line... →
“This quick note is about one approach used to insert advertisements into forum discussions that completely cover up the legitimate discussion page.”
Dynamoo: AdSlash.com is a bogus ad network →
“We’ve seen a number of ads being punted through AdSlash.com to legitimate ad networks, but it appears that these are leading to a PDF Exploit…AdSlash.com did used to be owned by a hosting company called RackSlash, but it expired and was re-registered.”
PC World: China's Baidu Sues US Domain Registrar... →
“Users had trouble accessing Baidu.com for several hours last week after the company’s domain name server in the U.S. was tampered with.”
Bobbear: Money Laundering and Reshipping Fraud →
“Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. We also provide what victim advice and support we can.”
Looks like a...
All Facebook: Facebook Developers Prepare To Gain... →
“It’s one of Facebook’s most significant changes to the Facebook Platform since it first launched almost three years ago: developer access to user emails. …Most significant are the numerous safe guards Facebook has put into place to avoid abuse by third-party developers.”
Federal Bureau of Investigation: National Center... →
“The FBI and the National Center for Disaster Fraud (NCDF) have established a telephone hotline to report suspected Haitian earthquake relief fraud. The number is (866) 720-5721. The phone line is staffed by a live operator 24 hours a day, seven days a week. You can also e-mail information directly to disaster@leo.gov.”
John Graham-Cumming: Stay classy, SoftwareFX, stay... →
“Seriously, the Haitian earthquake is not a lead generation exercise.”
Microsoft Security Response Center: Security... →
“To date, the only successful attacks that we are aware of have been against Internet Explorer 6. …Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.”
What MSRC isn’t saying (no idea...
apophenia: Facebook's move ain't about changes in... →
“Privacy isn’t a technological binary that you turn off and on. Privacy is about having control of a situation. It’s about controlling what information flows where and adjusting measures of trust when things flow in unexpected ways. It’s about creating certainty so that we can act appropriately. People still care about privacy because they care about control.”
Techdirt: Wait, Someone Expects People To Pay To... →
“Apparently some random company is…creating an explicit sarcasm punctuation mark…and is trying to get you to pay $1.99 for a special app to let you use the mark.”
The Last Watchdog: China’s cyberspies aren’t the... →
“…China, Russia, North Korea, Iran, Israel, France, the United States and the United Kingdom are widely known to possess state-of-the-art cyber espionage know-how which is put to use gathering economic and military intelligence. Details of covert cyber-ops get discussed at numerous conferences attended by military brass, federal regulators, law enforcement officials, privacy advocates...
ReadWriteWeb: France Says "Non" to Internet... →
“After years of trying to convince technologically inept relatives to stop using Internet Explorer, computer geeks worldwide may finally have some new to back up their words: the advice of the German and French governments.”
Cory Doctorow in The Guardian: How to say stupid... →
“Criticising social networking sites such as Twitter and Facebook is as pointless as knocking people who discuss the weather”
Neil Schwartzman: Helping Haiti - The Email... →
“Another matter that may be interfering with charities and relief organizations to do their work are spam filters and blacklists. Unfortunately, the reality is that some charities are better at fund-raising and helping people than following email best practices, and despite the fundamental nature of their work, their IPs have ended up blocked, or they are not getting the delivery they need,...
MediaPost: Flash Cookies Could Become Hot-Button... →
“Web users are not yet deleting Flash cookies as often as they shed more traditional cookies, but that doesn’t mean it’s a good idea to use Flash technology to track consumers online.”
Wired: Warning: This site may be sharing your data →
“Aza Raskin, head of user experience at Mozilla, is leading a charge to make privacy settings more explicit to users by creating visual cues in the browser. Raskin’s idea uses a set of small icons to denote the limits of a website’s privacy policy.”
reddit: I was a Doctor at an online pharmacy. I... →
“A few years back I ‘fell’ in to a job at a call center that turned out to be a little more than I had bargained for. My original duties were to call people on a list and offer to have them speak with a physician in order to refill their medication over the phone. …Within a year, I found myself doing the doctor consultations via telephone with some very interesting - and...
Techdirt: Rob Glaser Leaving RealNetworks; A... →
“…a bigger issue may be that so many people absolutely hate RealNetworks because of its long history of spreading adware through really sneaky and nasty installation techniques that hid the (checked off) approval buttons. It reached a point that lots of people never wanted to have anything to do with Real ever again.”
Silicon Alley Insider: Health Insurers Caught... →
threatpost: Google Attack Should Be No Surprise →
“…while the details of these attacks are still coming to the light, the attacks themselves should come as no surprise. Companies such as Google and Adobe are prime targets for smart attackers, regardless of whether they’re state-sponsored or privately funded. Google’s various sites and applications hold a huge amount of incredibly valuable data and Adobe’s software...
Ari Schwartz in TheHill: Consumer protection... →
“…strong responses suggest that there is pent-up anger about the lack of transparency, control and respect for the use of personal information. Therefore, it is surprising that in his recent op-ed on The Hill…the president of the Interactive Advertising Bureau, Randall Rothenberg, would not only continue to suggest that industry is adequately addressing all privacy concerns, but...
enemieslist: A New Metric for Gauging the... →
“I’ve decided that I am from now on going to rank WHOIS servers by the percentage of actual useful data returned in a query response to the amount of useless boilerplate cruft returned in the same query response. Right now, the .name WHOIS server is ranking near dead last.”
The Consumerist: T-Mobile Charges You For Spam →
“At some point, Gamer-Data sent me a text message to which I did not respond. When I did not respond, T-Mobile decided that was good enough to pay Gamer-Data and then charge me $9.99 for its trouble.”
DarkReading: More Researchers Going On The... →
“Yet another botnet has been shut down as of today as researchers joined forces with ISPs to cut communications to the prolific Lethic spamming botnet — a development that illustrates how botnet hunters increasingly are going on the offensive to stop cybercriminals, mainly by disrupting their valuable bot infrastructures.”
Federal Bureau of Investigation: Haitian... →
“The FBI today reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests.”
Nice to see the feds warning users before they get scammed, rather than after.
FDA Warns Public of Continued Extortion Scam by... →
‘The criminals call the victims — who in most cases previously purchased drugs over the Internet or via “telepharmacies” — and identify themselves as FDA special agents or other law enforcement officials. The criminals inform the victims that purchasing drugs over the Internet or the telephone is illegal, and that law enforcement action will be pursued unless a fine...
Annalivia Ford: Postmaster Team update →
Box of Meat doesn’t normally post job listings or requests, but AOL has just let go a bunch of very good people who need jobs now.
Focus: The History of Hacking →
Wired: Fraud U: Toppling a Bogus-Diploma Empire →
The story of a real professor who investigated and eventually toppled one of the largest fake diploma mills.
Official Google Blog: A new approach to China →
“In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident—albeit a significant one—was something quite different.”
Return Path: Easiest Prediction Ever: Spam Will... →
“We’ve published a bunch of predictions recently, because that’s apparently the cool thing to do. Here are our thoughts on how those same trends (plus a few more) will affect you, the spam fighter, as you work to reduce how much unwanted crap your users see in their inboxes.”
Terry Zink: Analysis of a spam message using... →