March 2010
57 posts
Lifehacker: How I’d Hack Your Weak Passwords →
“If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? …I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.”
Spamhaus: Fake DNSBL uncovered: nszones.com →
“Spamhaus has uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam systems including Spamhaus, CBL and SURBL, republishing the stolen data under the name “nszones.com”. Nszones.com operates a ‘remove your IP’ scam charging naive internet users to be removed from the pirated nszones.com DNSBLs.”
CSO: Burned Out Yet? →
“Most security professionals that I know experience symptoms of burnout at some stage in their professional career. In fact, one poll last year revealed that over half of the security professionals surveyed were unhappy in their jobs. …True, a certain amount of stress comes with all jobs, but particular career choices tend to bring more burnout than others.”
Terry Zink: US leads in cybersecurity/US does not... →
“On the one hand, the US is leading. On the other hand, the US is losing the cyberwar. But on the other hand, there isn’t even a cyberwar. Which one is right?”
The Anti-Advertising Agency: Movement Happening on... →
“Finally Illegal Advertisers are going to jail. Here’s info on some of the latest….”
DarkReading: Make The Secure Path Easy For Users →
“Companies need to focus their awareness efforts on end users’ understanding of security policies and why they exist. Employees need to be made aware of the consequences of compromised credentials, a lost laptop, or a malware infection. Keeping with the theme of making security transparent, awareness efforts don’t have to explain all of the controls underneath, but they do...
Email Marketing Blog: An Email Snob Interview with... →
“I get upset when people ask me how close to the line they can be before they will be in trouble. If that’s the question they’re asking, they’re thinking about it wrong.”
(via @wise_laura)
BBC: Weak security ID questions put e-mail at risk →
“A study has shown how easy it is to guess the answer to common questions, such as someone’s mother’s maiden name.
It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers.”
eWeek: People Still Tasting Spam Despite Getting... →
“Despite growing awareness that most of today’s unsolicited e-mail constitutes some form of attack, many people continue to open and interact with the spam they receive and expose themselves to the related risks for endpoint infection or personal data theft….”
ZDNet: From Russia with (objective) spam stats →
“…not only are seven of world’s top ten spammers Russians, but also, that the world’s number one spammer is a Russian who lives in Moscow. …they are abusing U.S based infrastructure for their malicious operations, which depending on the nature of their malicious operations, will also utilize the network infrastructures of many other countries to accomplish their tasks using...
Geekosystem: Air America Auctioning Off User... →
“Though the practice is frowned upon by consumers, there are companies out there whose entire business consists of buying and selling bulk e-mail addresses. But…the legality of selling a mailing list hinges on the terms of use contract that the customer signed before agreeing to join the list.”
There’s also some interesting commentary from techPresident.
Box of Meat...
DarkReading: Twitter Spam Reduced To 1% Of Tweets... →
Spammy tweets decline, but researchers say 10 percent of active Twitter users still are spammers
New York Times: Google Alerts Gmail Users to... →
“Since Google doesn’t want to overly inconvenience people who may simply be traveling or who have provided their Gmail password to another Web service, it decided to show them a warning that they could act on or dismiss. The alert will appear when they log in from a location that is typical for them, so the alert is seen by the real account owner and not the intruder.”
CAUCE: Email User Safety At Risk - MAAWG Consumer... →
“Many of the findings are both shocking and disturbing; despite efforts to the educate, consumers are well unaware of the consequences of their actions, and a painful percentage continue to click on spam, knowingly, instead of deleting it immediately. Such actions has, of course, lead to the gargantuan increase in botnet presence on the ‘net and zombie’d computers continue to steal...
SaveIE6: Help us save the best browser around →
only a few days left!
Reuters: Inside a global cybercrime ring →
“Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to Bahrain; from India and Singapore to the United States. …The company built its wealth pioneering scareware…also known as rogueware or fake antivirus software…one of the fastest-growing, and most prevalent, types of internet...
PCWorld: E-crime Reporting Format Draws Closer to... →
“What the specification intends to solve is the inconsistent manner in which e-crime reports are now collected. Different organizations assemble data in a variety of ways, and frequently it is not widely shared….”
Copyright Litigation Blog: Beware of Default... →
‘The court found defendant’s “auto poster” software to be a product violating the DMCA because it permitted posters to circumvent Craigslist’s Captcha and telephone verification controls.’
SF Gate: Law firms are lucrative targets of... →
“Cyber-criminals see law firms as particularly lucrative targets that can earn them hundreds of thousands of dollars per heist. Cyberspies also attack attorney firms to steal client data that can be sold or used to learn the details of future litigation.”
The Star: High-tech copy machines a gold mine for... →
“Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? Forget about hacking their computers – you might want to hit the nearest photocopier instead.”
I Kill Spammers: MSN Live Spaces: Wake Up! →
“All attempts to contact MSN Spaces abuse teams directly, including via this abuse form, has been met with no response, and no feedback on what happened to my report. In most cases, URL’s I have reported remain alive several days or weeks later.”
DarkReading: End Users Buck Security Advice For... →
“…end users are understandably noncompliant because there just isn’t explicit proof that creating a strong password, for example, makes them less likely to have their accounts hacked.”
MediaPost: The Power of 'No' →
‘I have found that the more I empower my teams to say “no” when it is appropriate — respectfully, of course — to prospects, clients, vendors, or each other, the better they can get their jobs done.’
PCWorld: Why Is Email Spam So Much Worse Than SMS... →
“How come email spam is a 5,000,000% bigger problem than text message spam? It mainly boils down to three related factors.”
BBC News: Spammers survive botnet shutdowns →
“Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems.
The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts.
And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.”
AP: SF Attorney Awarded $7K In Spam Suit →
“A San Mateo County Superior Court judge ruled last week the seven e-mails Daniel Balsam received from Redwood City-based Trancos Inc. in 2007 were misleading and violated California’s 2004 anti-spam law.”
Sydney Morning Herald: Virgin Mobile punished for... →
“An organisation must respect a person’s desire not to receive commercial electronic messages, even if it is just to ask if they have changed their mind.”
MediaCommons: Cultivated Play: Farmville →
“The secret to Farmville’s popularity is neither gameplay nor aesthetics. Farmville is popular because in entangles users in a web of social obligations. When users log into Facebook, they are reminded that their neighbors have sent them gifts, posted bonuses on their walls, and helped with each others’ farms. In turn, they are obligated to return the courtesies.”
San Jose Mercury News: Ads for an audience of one →
Using technology from top Silicon Valley companies, advertisers are creating digital signs that can change messages depending on a viewer’s age and gender…the signs could revolutionize the retailing industry, but their intrusiveness has led to criticism from privacy advocates and nervousness from some in the marketing industry. …A survey of 1,000 adults last year by UC Berkeley...
Krebs on Security: Researchers Map Multi-Network... →
“Last week, security experts launched a sneak attack to disconnect Troyak, an Internet service provider in Eastern Europe that served as a global gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to...
Globe and Mail: Privacy is still a social norm →
“…there is little evidence to change our view that privacy remains a social norm. Privacy relates to freedom of choice and control in the sphere of one’s personal information – choices regarding what information you wish to share and, perhaps more important, what you do not want shared with others. What has changed, however, is the means by which personal information is now...
Next: Foreign cybercrime experts to partner with... →
“…Nigeria’s case is disturbing because there are no laws to protect agencies, corporate institutions and the federal government from falling victims to online crimes.
Mr. Etim said that the process of enacting enabling laws in Nigeria to regulate the operations of the cyber environment has been quite slow, but noted that this would be a more meticulous way of ensuring that the laws,...
AP: Break the law and your new 'friend' may be the... →
“U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information….”
Jart Armin in Internet Evolution: Lies, Damned... →
“You may be forgiven if you’re confused over the plethora of conflicting reports and contrasting figures out there. …To the cynically minded it could seem that some of the statistics produced are meant to be attention-grabbing, even though such tactics often prove to be counterproductive. Even more worrying, however, is a sense that some statistics are leveled at lobbying for...
InformationWeek: Developers Vs. Cybercriminals →
“For operators of online games…hackers threaten not only revenue and user trust, but user experience and the intellectual property — game source code — upon which the business is built.”
TechFlash: Classmates to pay up to $9.5m to settle... →
“Seattle-based Classmates.com has agreed to pay up to $9.5 million to its users to settle a lawsuit that accused the social network of sending emails that made people believe their old friends from high school were reaching out to connect — only to discover, after paying for a membership, that their long-lost buddies were nowhere to be found.”
VRT: APT: Should your panties be in a bunch, and... →
‘The co-opting of APT [Advanced Persistent Threat] by the marketing folks have led to the point that people are classifying any malware, rootkit or bot as “APT”. Zeus is not APT, Aurora is not APT. APT is a level of threat, a description of the sophistication, patience and talent behind an attack. The attacks are targeted, typically involving both an exploit and social...
CyberCrime & Doing Time: PKK Hackers Arrested in... →
‘…the hackers are associated with the Kurdistan Workers’ Party, or PKK, and were taken to Diyarbakır for further questioning. This article calls the hacker team the “Cold Attack Team”, and says that it took orders from leaders in Kandil in Iraq and in Europe regarding what websites to hack and what messages to place there. It also mentions that the hackers distributed...
Globe and Mail: Ontario adds Internet safety to... →
‘Next fall, there will be specific sections in the curriculum for grades 4 and 7 about Internet safety and the potential risks of online activities. …there will also be “age appropriate” discussions about online dangers in Grades 1 through 8.’
Wired: 10 Years After: A Look Back at the Dotcom... →
a bit off-topic for Box of Meat…or is it?
SophosLabs: All browsers are (not) created equal →
“It is going to be very interesting to follow the browser race now that Microsoft had to offer an alternative web browser with Windows Update and new Windows installations. So, are we going to see other browser equally used and equally targeted by malware writers? Could we expect a flood of newly discovered vulnerabilities when vulnerability researchers change their focus?”
Word to the Wise: Improving the email interface →
“The way to get the functionality inserted as a standard part of the software/web interface, is to get users to ask for it. In order to get users to ask for it, the best way to start is to create a plug-in that they like and use. If they like it in their Outlook interface at work, then they’ll ask for it in their webmail interface at home.”
PCWorld: FBI Embeds Cyber-investigators in... →
‘Troy wouldn’t comment on what cases the agents were working, but he said, “those countries were selected for a reason.”’
CSO: Security B-Sides: Perfect Authentication... →
“Everyone realizes passwords have their shortcomings. But alternatives like two-factor authentication are not as powerful as one would expect. The problem? As always — human behavior.”
Techdirt: FTC Finally Forces FreeCreditReport.com... →
“The misleading ads have been incredibly lucrative for Experian, who apparently has convinced an astounding 20 million people to sign up for FreeCreditReport, and spends $70 million per year in advertising to get more people to sign up.”
MediaPost: No One WANTS To Watch Your Advertising →
‘I am a little tired of hearing the argument “if it’s the right ad in the right place, then people will be engaged.” I am a huge fan of relevancy, but you’re not going to convince me that it’s possible to achieve perfect relevancy and solve the issue of advertising on the Internet.’
The Internet Patrol: Funeral for IE6 Not a Hoax -... →
New York Times: Advertising on Facebook Strikes... →
‘“When it works, it’s amazingly impactful, but when it doesn’t work, it’s not only creepy but off-putting,” said Tim Hanlon, a principal at the consulting firm Riverview Lane Associates of Chicago. “What a marketer might think is endearing, by knowing a little bit about you, actually crosses the line pretty easily.”’
The Onion: Google Responds To Privacy Concerns... →
‘“I’d like nothing more than to apologize in person to everyone we’ve let down, but as you can see, many of our users are rarely home at this hour,” said Google cofounder and president Sergey Brin, pointing to several Google Map street-view shots of empty bedroom and living room windows on a projection screen behind him. “And, if last night’s searches are...
Word to the Wise: With great wisdom… →
“There’s now a generation (for lack of a better term) of ESP & deliverability staff who weren’t around before there were ESPs, maybe not even before CAN-SPAM, but have learned many of the same things….”