February 2010
67 posts
nCircle: How does a consumer report PCI... →
“As an attempt at a good-hearted gesture, he gave me some free breadsticks along with the printed email containing my entire credit card and address information.”
Messaging News: Security and Collaboration... →
“…what happens if we make perfect investments in securing our collaboration systems, only to have end-users lose the devices they use to access those systems? With the proliferation of laptop- and smartphone-toting end-users, we have the makings of a disaster, if these devices are lost or compromised. What can we do to minimize these risks?”
techPresident: "Do Not Ask": Lessig's Plan to End... →
“Larry Lessig, ever creative, is trying out what does seem to be a new one as far as the field of email techniques goes. Lessig is giving people on his Fix Congress First email list a chance to opt out — forever and ever — from fundraising emails sent from his organization…. You can still stay opted in for…informational emails.”
Krebs on Security: Microsoft Ambushes Waledac... →
“The software giant orchestrated a legal sneak attack against the Web servers controlling the Waledac botnet, a major distributor of junk e-mail. In an unrelated and more controversial move, Redmond convinced an ISP to shutter a popular whistleblower Web site for hosting a Microsoft surveillance compliance document.”
Zero Day: 10 things you didn't know about the... →
“Some are funny, others are disturbing, the majority indicate a cybercrime ecosystem that actively keeps itself up-to-date with the very latest research profiling it, by reading the blogs of security vendors and researchers.”
Freedom to Tinker: Web Certification Fail: Bad... →
“When you connect to a web site, and your browser displays an https URL and a happy lock or key icon indicating a secure connection, the odds that you’re connecting to an impostor site, despite your browser’s best efforts, are uncomfortably high. …Today I want to explore the root cause: today’s system is based on wildly unrealistic assumptions about organizations and...
Techdirt: PleaseRobMe Is Today's Equivalent Of... →
Krebs on Security: N.Y. Firm Faces Bankruptcy from... →
“A New York marketing firm that as recently as two weeks ago was preparing to be acquired now is facing bankruptcy from a computer virus infection that cost the company more than $164,000.”
UX Magazine: Streams of Content, Limited Attention →
“…now that we’re seeing Web 2.0 go mainstream, we’re seeing all sorts of folks get into the game. What they’re doing often looks different than what early adopters were doing. And the business folks are all trying to turn the Internet into a new broadcast channel (don’t worry, they’re failing). But we need to talk about these shifts so we can talk about...
Help Net Security: SEO poisoning reaches a new... →
“To improve the chances of installing their malware on random computers, scareware peddlers have decided to set up more that 60 websites that contain hundreds of possible search matches for hot/trending topics.”
(wait…isn’t that AOL’s new business model?)
IETF: RFC 5782 - DNS Blacklists and Whitelists →
“The rise of spam and other anti-social behavior on the Internet has led to the creation of shared blacklists and whitelists of IP addresses or domains. …This memo documents the structure and usage of DNS-based blacklists and whitelists, and the protocol used to query them.”
SANS: New Risks in Penetration Testing →
‘…care should be taken in selecting the public ip address that you mount attacks from. If you attack from home or from a free desk at work, you may find that because of this new Reputation Filtering feature, you’ve just blacklisted an IP address that you need every day to do “real work”. You might be blacklisting your entire company, or even worse, your...
SFGate: Consumers found vulnerable to e-mail... →
“Most of those who have opened spam said they weren’t sure what the message was, clicked it by mistake or were trying to unsubscribe. Interestingly, almost 1 in 5 said they did so because they wanted to see what would happen.”
threatpost: ID Theft Criminal Sentenced to 309... →
“Thompson, the leader of a massive identity theft and bribery scheme, was sentenced based on charges of conspiracy, wire fraud, mail fraud, bank fraud, computer fraud, access device fraud, aggravated identity theft, money laundering, and obstruction of justice.”
techPresident: Hill Republicans Fake Email from... →
“…the National Republican Congressional Committee…has sent out an email to the NRCC mailing list that is designed to look as if Nancy Pelosi is the sender. Pelosi’s name is listed in the from field. The actual sender address — masked by default in many email programs, including Gmail — is an NRCC one….”
Chicago Breaking News: Infomercial pitchman gets... →
“The judge has been overseeing a civil complaint filed by the Federal Trade Commission, in which he previously had found Trudeau in contempt of court for using deceptive advertising as he marketed a book.
Some 300 Trudeau fans responded, crashing the judge’s e-mail account and leading him to find Trudeau in criminal contempt of court.”
(via consumerist and techdirt, each of...
Word to the Wise: News from MAAWG →
“During MAAWG a number of companies in the email space announce new initiatives, mergers, products and the like. This MAAWG is no different.”
Benjamin Edelman in CircleID: Measuring... →
“…just how prevalent is typosquatting today, and why is it so pervasive? We set out to answer exactly these questions.”
DarkReading: New Report Examines Malware's... →
‘While many outside of the security industry still perceive “hackers” as teenagers or isolated geeks who work alone, Landesman’s report encourages security professionals — and the general public — to see malware as a cooperative industry that supports specialists, economies, and supply chains.’
Computerworld: Hold vendors liable for buggy... →
“A loose consortium of security experts from more than 30 organizations today called on enterprises to exert more pressure on their software vendors to ensure that they use secure code development practices.”
Online Behavioral Advertising “Icon” Study :... →
“This study assessed the communication efficacy of behavioral advertising disclosures based on icons and short disclosures placed near webpage advertisements as an alternative to providing transparency and choice via traditional online privacy notices.”
anti-virus rants: the true nature of security →
“do we examine what security is and what the nature of it’s relationship is to other supposedly related topics or do we simply build upon a foundation of an instinctual gut level feeling about what is and isn’t secure?”
New York Times: Google Alters Buzz Service Over... →
Risks Digest: Medical Privacy: They never, ever... →
“…the automated voice kindly told me that they needed to verify my identity, then asked me to enter my birthdate and one other super-secret piece of information… my ZIP code.”
DarkReading: Consumers Fighting Back Against... →
“Nearly half of all victims now file police reports, resulting in double the reported arrests, triple the prosecutions, and double the percentage of convictions in 2009….”
Pinsent Masons LLP: OFT to test e-commerce... →
“The investigation will focus on uncovering any practices that intentionally deceive consumers, and will concentrate on online transactions.”
Fugitivus: Fuck you, Google →
“You know who my third most frequent contact is?
My abusive ex-husband.
Which is why it’s SO EXCITING, Google, that you AUTOMATICALLY allowed all my most frequent contacts access to my Reader, including all the comments I’ve made on Reader items, usually shared with my boyfriend, who I had NO REASON to hide my current location or workplace from, and never did.”
Opt-in isn’t...
Kottke.org: Meat stylus for the iPhone →
ReadWriteWeb: The Internet Is Hard →
“Banners, logos, carefully crafted wordsmithery - this is all filler, we’ve found out. Users have been calloused by 15 or so years of surfing through bad ads and marketing babble, and they are unconsciously tuning out everything but the one thing they came to find.”
Suresh Ramasubramanian in CircleID: "Internet... →
‘The concept of an “internet driver’s license” is an old usenet trope—dating back to the time when people spoke of an “eternal september” (referring to when, earlier, newbies would only come into usenet every september as the term opened in colleges, but after 1993 and aol, compuserve, juno etc, more and more people entirely new to the Internet kept coming in,...
Doc Searls in Linux Journal: EOF - The Google... →
“Advertising is a bubble. If that’s a true statement, Google is a bubble too. And if that’s true, many of the goods we take for granted on the Web are at risk. Let’s run down some evidence.”
John Graham-Cumming: Is your new technology crappy... →
JGC discusses the evolution of messaging technology after email, both successes and failures.
Lauren Weinstein: "Google Buzz" -- and the Risks... →
‘Gbuzz, being tightly integrated with Gmail, apparently makes the implicit assumption that your frequent e-mail contacts should also automatically be declared as your “friends” for social update sharing purposes, and by default creates automatic “follow” lists on this basis. Maybe this will work just fine for some people, but man, it might be just plain dangerous for...
CBS MoneyWatch: Hackers Steal $50,000. Bank Says... →
“It’s every technophobe’s nightmare, but this time its true. Some $50,000 was stolen from Fan Bao’s online bank account by Croatian computer hackers and the bank told him that the loss is not their problem.”
Silicon Alley Insider: WARNING: Google Buzz Has A... →
“The problem is that — by default — the people you follow and the people that follow you are made public to anyone who looks at your profile.
In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most.”
Computerworld: Is challenge/response the ultimate... →
spamnation: From Russia with scams →
Tracing the current crop of “Russian bride” scam spam.
Architecture of Ideas: Facebook Privacy Settings... →
iPhone Developer Program: App Store Tip: Enhance... →
“If you build your application with features based on a user’s location, make sure these features provide beneficial information. If your app uses location-based information primarily to enable mobile advertisers to deliver targeted ads based on a user’s location, your app will be returned to you by the App Store Review Team for modification before it can be posted to the App...
USA Today: [Hotel] Loyalty programs: Study reveals... →
“The top three complaints:
Too much spam and junk email (44%)
Too many conditions and restrictions (38%)
Rewards that lack real value (37%)”
EverythingPR: Beware of Valentine's Day Spam →
“…no one can actually stop the Valentine’s Day spam, but you should not fall for it. Do not buy stuff advertised in email messages, not even from the companies you know. There are enough phishing attempts made in Amazon and eBay’s names to make you worry.”
Schott's Vocab: Splinternet →
“A fragmented Internet – the consequence of proprietary hardware and software, private networks, and content gated behind logins.”
Rob Leathern in Internet Evolution: The... →
“We see the cycle of hype, hope, and disappointment repeat itself again and again. And yet every one of us, from investor to employee to partner to competitor, continues to make the same mistakes.”
There are too many good points in this article for a valid synopsis.
Krebs on Security: Comerica Phish Foiled 2-Factor... →
“A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.”
Consumerist: Google Wants To Be Facebook, Facebook... →
‘The Wall Street Journal is reporting that Google has plans to make Gmail “more social,” according to an anonymous source. The idea is to make it easier to post links and share status updates. Meanwhile, Facebook is apparently planning a “Gmail killer.”’
John Graham-Cumming: 24 years of email →
“In 24 years I think there have been three major end-user innovations: address books, MIME and email searching.”
Wall Street Journal: The Rise of Caller ID... →
“Caller ID spoofing technology allows a user to change the caller ID to show any desired number on a recipients caller ID display. There are currently a handful of companies that offer this service….”