December 2010
145 posts
John Levine in CircleID: Why DNS Blacklists Don't... →
InformIT: Software [In]security: Cyber... →
‘In a domain where statements like “attacking the phishing problem,” “mitigating bugs,” and “tracking worms across the world,” make perfect sense only to insiders, it is little wonder that policy makers and CEOs are confused about cyber security. The (perhaps intentional) conceptual roll up of cyber crime, cyber espionage, and cyber war into the ...
Ben Laurie: Why Identity Is Still Just Login →
‘The more I think about it, the more I realise that every situation is different. My “identity” is contextual, and different for each context. We know this from endless studies of human behaviour.
So, what was the point of doing what every electronic identity system wants me to do, namely aggregating various assertions about me into various identities, and then choosing the right...
Ben Laurie: Why Identity Is Still Just Login →
‘The more I think about it, the more I realise that every situation is different. My “identity” is contextual, and different for each context. We know this from endless studies of human behaviour.
So, what was the point of doing what every electronic identity system wants me to do, namely aggregating various assertions about me into various identities, and then choosing the right...
November 2010
82 posts
Sophos: Japanese couple arrested for robbing... →
“… the two are said to have advertised a website that offered Lineage players free tools to boost their online characters’ combat characteristics.
However, in reality, the tool is alleged to have stolen players’ credentials and sent the information back to Nishimura’s PC.
…they were then able to illegally access the Lineage II game through other ...
Sophos: Apple Mac malware: A short history... →
“From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.”
Security Week: The Implementation Challenges for... →
There has been a lot of recent buzz surrounding implementation of Domain Name System Security extensions (i.e., DNSSEC)…which are being pitched as major enhancements to global security….
Yet massive industry-wide confusion, continued lack of awareness for DNSSEC outside the DNS industry, a plethora of DNSSEC verification techniques and standards, and arguments over which to use,...
Sophos: Lost laptop leads to first Data Protection... →
“The security breach at Sheffield-based firm A4e happened in June 2010, after the company issued an unencrypted laptop to an employee in order to do work from home. The laptop was subsequently stolen from the employee’s house.
That wouldn’t have mattered too much, of course, if the laptop hadn’t contained sensitive information. Unfortunately it carried personal data...
Wall Street Journal: Shunned Profiling Technology... →
“…two U.S. companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market.”
The Social Customer Manifesto: Flipping Off the... →
“It’s a story of on online bully, Vitaly Borker, who runs an e-commerce site that sells eyeglasses. His intentional goal is to make customers complain about him online. Why? He says it increases his Google rankings, and that’s good for business.”
Return Path: Phishing Attack: An Open Letter to... →
“As you might expect, investigating a data breach of this kind takes a tremendous amount of post-hoc forensic work, so it’s taken us a little while to get our arms around exactly what happened. …Here’s what those two compromises looked like, what we’ve done about them, what we’re doing to monitor more aggressively for future compromises, and what we’d like to ask of you.”
The Onion: 20,000 Sacrificed In Annual Blood... →
“The nation looked on in reverence Friday as 20,000 citizens were decapitated, dismembered, and burned alive in the name of Corporate America, continuing the age-old annual rite to ensure bounteous profits in the coming fiscal year.”
Lifehacker: How to Fix Your Relatives' Terrible... →
“Drop your bags, fix a drink, and grab the Windows CD—it’s time for the holiday ritual of fixing up your relatives’ computer. Here are some tips and downloads to keep handy while you’re cursing all the auto-starting crapware.”
Return Path: Security Alert: Phishing Attack Aimed... →
“Over the course of the past five weeks, spam campaigns have been aimed at the staff members of over 100 ESPs and gambling sites. These targets have received emails typically with content that mentions the staffer by name, and purports to be from a couple, presumably friends or co-workers.
The phish message has been sent numerous times, over several different systems, including using...
The Magill Report: Permission Debate is Settled;... →
“Don’t you friggin’ people have anything better to do? What an unbelievable waste of time. …Inbox Insiders participants debating permission is akin to ladies who lunch debating over how they can change their own behavior to lower gang activity in South Central L.A.”
Krebs on Security: Escrow Co. Sues Bank Over $440K... →
“An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.”
Messaging News: Email is going away? →
‘For me – and I suspect many others – alternatives like Twitter are supplements to email, not replacements. For example, five years ago if I came across an interesting article I would not have sent an email to everyone in my email address book letting them know about that content – today, I will sometimes send everyone in my Twitter “address book” an announcement of what I just read.
...
threatpost: Security Worth Buying →
“This really boils down to being an educated buyer with realistic expectations about the computer science behind security challenges. ’Protect me from everything’ isn’t a realistic expectation. Conversely, ‘pay me like I protect you from everything’ isn’t a realistic vendor expectation.”
Sophos: Scottish hacker jailed for 18 months after... →
“Matthew Anderson, from Drummuir, Aberdeenshire, was a member of the m00p virus-writing gang spreading malware in 2005 and 2006 including the Stinx Trojan horse, which was spammed out widely across the globe.”
CyberCrime & Doing Time: Lord Aughenbaugh of the... →
“It turns out you don’t have to be an evil Russkrainian genius hacker to be a successful identity thief. Consider the case of sixth grade educated Lord Joseph Helaman Mormon Aughenbaugh and his trailer-mate, Todd Yurgin.”
CSO: EU, US and NATO to work together on cyber... →
“An E.U. cybercrime centre to be established by 2013 will coordinate cooperation between member states, E.U. institutions and international partners, while an European information sharing and alert system, also planned for 2013, will facilitate communication between rapid-response teams and law-enforcement authorities. The Commission also wants to create a network of Computer Emergency...
Seebach Exhibit 7: NetProspex: Verified spam. →
‘I recently got spammed by some entity called NetProspex, which claims to have “verified” lists of various business people. They had one of my email addresses associated with my name, and were informing me that from time to time companies using their service would be contacting me with information they thought would be of interest to my business.
Note that they did not mention a...
Fortune: It's a little off topic, but here's a... →
A close look at Direct Commerce Academy, the tiny, secretive company that generates so much spam on Facebook-comment enabled websites like Fortune.com.
ZDNet: Our blacklist has failed us: Thai minister →
“Thongchai Sangsiri, director of computer forensics within Thailand’s Ministry of Information and Communication Technology (MICT), told the Asia-Pacific Telecommunity cybersecurity forum in NSW today that its blacklists are verbose and have created onerous management problems for internet service providers.”
Michael O'Reirdan in Messaging News: We're All... →
‘“Wake up!” Or so one might want to shout at those enterprise network operators and IT managers who consistently act as if their operations were islands unto themselves. These are the mavericks that ignore industry best practices and go their own way, believing their networks immune to zombies or bot infections, and who disregard the lessons learned by their peers.’
Computerworld: Website designer fined for email... →
“According to a statement issues by ACMA this week, Bunology downloaded an email list from an undisclosed source for marketing use.
The design company has been forced to pay $11,000 to ACMA for breach of the Spam Act 2003, following an investigation into the allegations and the company’s failure to justify consent for use of the addresses.”
DownloadSquad: 15+ free Windows apps to help you... →
“The holiday season has always been a time for gathering — but in recent years, it’s also been a time when family and friends come bearing gifts of computer troubles. Their computer friends…get asked to do everything from installing RAM upgrades to the annual computer tune-up. We’re happy to oblige, of course, because there’s a decent chance someone will pay...
anti-virus rants: security: it's almost like it... →
“most people can’t marry an anti-malware expert, however, so placing value in product’s ability to shut up is the wrong way to think about things for most of us. don’t get me wrong, if a security tool is too ‘chatty’ then certainly that poses a usability problem, but the quest for complete transparency is a symptom of mismatched expectations.”
Terry Zink: Our latest outbound spam mitigation... →
“Since we are a mail filtering service that acts as a relay, we are not in command of validating login attempts. Thus, all mail going through us we have to assume is already validated upstream. However, we know that this is not the case because piles and piles of spam passes through us all the time every single day from multiple different compromised accounts. Therefore, we know we...
John Yunker in CircleID: The Next Internet... →
“This next revolution is a linguistically local revolution. In terms of local content, it is already happening. Right now, more than half of the content on the Internet is not in English. Ten years from now, the percentage of English content could easily drop below 25%.
But there are a few technical obstacles that have so far made the Internet not as user friendly as it should be for...
Krebs on Security: Why Counting Flaws is Flawed →
“It’s a bit like trying gauge the relative quality of different Swiss cheese brands by comparing the number of holes in each: The result offers almost no insight into the quality and integrity of the overall product, and in all likelihood leads to erroneous and — even humorous — conclusions.”
Tim Berners-Lee in Scientific American: Long Live... →
“…people seem to think the Web is some sort of piece of nature, and if it starts to wither, well, that’s just one of those unfortunate things we can’t help. Not so. We create the Web, by designing computer protocols and software; this process is completely under our control. We choose what properties we want it to have and not have. It is by no means finished (and it’s certainly...
Digital Society: Clarifying the China Internet... →
Darkreading: Slide Show: Extreme And Alternative... →
“Here are ten of the most unique options for either replacing passwords altogether or to act as a strong multi-factor authentication supplement.”
DomainIncite: Is ICANN too scared of lawsuits? →
“Arguments about the new top-level domain Applicant Guidebook kicked off with a jolt this week, when ICANN was accused of abdicating its responsibilities and being too risk-averse.”
The Onion: Row Of Asterisks Spices Up Otherwise... →
“Seven minds were blown Monday when employees of Houston Seed and Supply opened an e-mail containing a row of asterisks, a groundbreaking textual embellishment that recipients said caught them off guard but utterly captured their imaginations.”
TechCrunch: The Phone Call Is Dead →
“Less obsolete but more annoying than a handwritten letter, the phone call is fading as a mode of communication even if the nostalgic will be singing its praises for awhile….
If old media has taught us anything, it’s that it takes most industries at least a generation to be completely disrupted, especially something as powerful as Big Telco.
But we are definitely on our way...
Umair Haque in the Harvard Business Review: Why... →
“If you want to be disruptive, don’t start with best practices. Try, instead, find your industry’s worst practices and take tiny steps — or better yet, giant leaps — towards bettering them.”
Lauren Weinstein: Bulletin: Domain Exploitation... →
‘The Minnesota-based Society for Leveraged Internet Mercenary Exploitation Domains (SLIMED) expressed enthusiastic satisfaction with leading domain registrar Go Daddy’s decision to feature the new “.co” [sic] Top-Level Domain (TLD) as the default on its home page today, reducing to “trash” status the old, obsolete, useless, silly, obscene, disgraceful,...
The Boston Globe: Once you hit send, you can... →
‘The risk of private e-mails being seen by unintended recipients is hardly new. Practically everyone knows somebody who’s hit the “send’’ button and regretted it. Yet the ease and speed with which these communications can now spread have turned the e-landscape into even more of a minefield than it was a few years ago.’
Open Source Digital Forensics →
“The Open Source Digital Forensics site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, computer forensics, incident response). Open source tools may have a legal benefit over closed source tools because they have a documented procedure and allow the investigator to verify that a tool does what it claims.”
Sophos: FAQ: Security and Facebook’s new messages... →
“It’s actually more like sending a text or an instant message. The messages won’t have any subject lines, for instance. Furthermore, Facebook says it will store a complete history of all of your communications with one person in one place.”
DMLcentral: "Bullying" Has Little Resonance with... →
“If we want to combat bullying, we need to start by understanding the underlying dynamics. And we need to approach interventions with an evaluation-based mindset. We won’t know how to stop bullying and no amount of legislation requiring education is going to do squat until we actually find intervention mechanisms that work. And that starts with understanding what’s...
Schneier on Security: Internet Quarantines →
“There’s the technical problem—making the quarantine work in the face of malware designed to evade it, and the social problem—ensuring that people don’t have their computers unduly quarantined. Understanding the problems requires us to understand quarantines in general.”
The Tech Herald: Deconstructing BlackHat SEO... →
“For the past few weeks The Tech Herald has been tracking an interesting BlackHat SEO campaign. It targeted trending keywords and topics related to the midterm elections, Halloween, Veterans Day and more, snaring an untold number of victims in the process. So what are these attacks? How do they work? What can you do as a webmaster to avoid them or avoid falling victim to them?”
Krebs on Security: Pursuing Koobface and... →
“The report lists the nicknames of top Koobface affiliates, showing the earnings for each over the past year and the Web addresses of their associated affiliate programs. This is the kind of intelligence that — if shared broadly — has the potential to massively disrupt large scale criminal operations, because cybercrime researchers can use it to make sense of seemingly disparate pieces...
Terry Zink: Rethinking the term “false positive... →
‘In the spam filtering industry, we are known for playing fast and loose with definitions and I really think that it is time to change. In statistics, a false positive is an incorrect result of a test which erroneously detects something when in fact it is not present (a type 1 error). With regards to filtering spam, a false positive is a legitimate message mistakenly rejected or...
Al Iverson's Spam Resource: SMTP Address... →
“Every once in a while, somebody asks me to help them with a project to do SMTP validation of a large number of email addresses, or help them build this functionality into some product or website. SMTP address validation is a really bad idea, for many reasons. Allow me to explain.”
J.D. Falk in CircleID: Facebook + email = Facebook →
“…what’s everyone freaking out about? Perhaps it’s that Facebook email will be Facebook first and email second.”
Word to the Wise: MAAWG: Not a Marketing... →
“There seems to be this great misunderstanding among a huge number of email marketers and delivery professionals that MAAWG is some sort of marketing or marketing related conference.
They’re wrong.”