May 2010
73 posts
Schott's Vocab: Mcaffocalypse →
“Nickname given to the ill effects of a faulty McAfee anti-virus update.”
April 2010
74 posts
Slate: The Cyber Peril →
“…the United States—which has by far the most sophisticated offensive cyberwar capabilities—would almost certainly lose the war, because our economic and military infrastructures are so dependent on computer networks and because we have done so little to protect those networks from a cyberattack.
The situation is reminiscent of the early years of the atomic age, when scientists...
SANS: Who needs exploits when you have social... →
“This is what the attackers do:
- first they modify the FB application’s HTML (the Truth fan web page that the user adds), - then they select all contacts (the setTimeout fs[select_all()] call which gets executed after 3 seconds). - then they invite all user’s friends to the group - finally they display the text in that application”
RiskPundit: Blippy's security/privacy strategy -... →
“…it reveals a shocking, but not untypical, heretofore lax attitude toward protecting the site’s users.”
PCWorld: Texas Man to Plead Guilty to Building... →
“A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP — just to show off its firepower to a potential customer.”
Mary Roach in CircleID: Gift Card Scams in Social... →
“While gift card scams themselves have been around for years, what is new here is that they are being delivered through new channels. In the early days of the Internet, consumers would typically come across these scams via spam email or web advertisements. With the advent of Web 2.0, these gift card scams are now showing up on popular B2C marketplaces—such as Craigslist and eBay—as well...
Technicalinfo: Opt-in Botnets →
“A second generation of cyber-protesting tools has emerged, encompassing a disturbing blend of criminal technology and activist enthusiasm. A growing number of movements are asking their members to deliberately install botnets on their hosts and within their networks in order to participate in more sophisticated and effecting cyber-protests.”
RIPE Labs: Find Abuse Handler Details Using the... →
“You only need to supply a network resource ID and press the search button. The tool will apply some business rules to assemble a list of abuse contact details.”
Dan Martell on Flowtown: What are People’s... →
A beautiful visualization of data from the most recent MAAWG survey.
Internet Evolution: Google Buzz: No Humans Here →
“…almost 90 percent of the public content on Google Buzz is not original material. Rather, nearly 63 percent of the buzz is coming in from Twitter, and 26 percent of it is coming from automated feeds.”
The Falcon's View: The Undervaluation of Writing →
“One of the key skill deficiencies I noticed while teaching was in the quality of writing skills. Quite simply, these students did not generally write much of anything, and when they did write, it was usually all short-hand, lacking structure and clarity. For someone working in the industry these students hoped to join, I found this issue a bit concerning. It’s not that I expect...
Clients From Hell: Marketing Emails →
“We want to know who opens the emailer and when they do we want to hit them with another email straight away, striking while the iron is hot. And for those who don’t open it we’ll send them an email too asking why they didn’t open it.”
Windows Secrets: Hotmail's social networking busts... →
“In its rush to take on Facebook and Google Buzz, Microsoft is now collecting and displaying personal information on your Hotmail page — information you may never have wanted to broadcast. Exactly how it’s mining this information is something of a mystery, but if you use Hotmail or Windows Live, it’s time to review your privacy settings — lest something you said or did...
threatpost: Social Engineering Attacks Prove... →
“Maybe the way we’re going about security awareness training is too boring these days. We need to train employees and end users on the alternative channels in social engineering … they way they’re [attackers] are using personally relevant messaging, social compliance and the reliance on security mechanisms.”
The Consumerist: Man Tells Fax Spammers To Go Fax... →
“The receptionist was not so receptive to my request: Seems they have many employees, and no interest in tracking down who is sending what, because they are very, very busy. Goodbye. …Thirty seconds later, I had the fax number redirected to the receptionist’s number.”
Infosecurity (UK): UN rejects international... →
“The EU and US had refused to countenance a new treaty on cyber crime when there had already been one in place for 10 years. The Budapest Convention on Cyber Crime had been signed or ratified by 46 countries since it had been drafted by the Council of Europe in 2001.”
ESET ThreatBlog: Top 10 signs your computer may be... →
“There are few signs that indicate your computer is part of a botnet that might not be indicating something else. Any malware can cause almost all of the same symptoms that a bot can. Sometimes conflicts between programs or corrupted files can cause the same symptoms as well, but still, there are some signs that should not be ignored.”
Wall Street Journal: Our Tech-Savvy Supreme Court →
‘…the first sign of trouble came was about midway through the argument, when Chief Justice John Roberts asked what the difference was “between email and a pager?” (Cue sound of hard slap against forehead.)
At another point, Justice Anthony Kennedy asked what would happen if a text message was sent to an officer at the same time he was sending one to someone else.’
Krebs on Security: Call Centers for Computer... →
“A call service that catered to bank and identity thieves has been busted up by U.S. and international authorities. The takedown provides a fascinating glimpse into a bustling and relatively crowded niche of fraud services in the criminal hacker underground.”
All Spammed Up: Retailers Testing CAN-SPAM By... →
“A new study has revealed that many businesses have been pushing the envelope as far as the CAN-SPAM Act goes. It found that 39% of major online retailers force users to go through 3 or more clicks to unsubscribe from a mailing list, up from 7% in 2008, and 30% send 2 or more emails after the unsubscribe request has been received. This is not a good trend, in fact it can get a business...
Email Security Matters: Why can’t you stop this... →
“The main challenges of being in the spam filtering business are dealing with clients’ expectations on the one hand, and the sheer size of the spam/malware machine on the other.”
Engadget: Botched McAfee update shutting down... →
“We’re hearing from all over that a bad McAfee for Windows XP update is causing computers worldwide to shut down. Apparently DAT update 5958 deletes the svchost.exe file, which then triggers a false-positive in McAfee itself and sets off a chain of uncontrolled restarts and loss of networking functionality.”
Pinsent Masons: Viewing a site's jurisdiction... →
“A statement on a website which said that use of the site indicates consent to settle all disputes in a particular court is not enforceable, a US court has ruled. Viewing the statement did not indicate consent, it said.”
The Last Watchdog: Are there 6.8 million — or 24... →
“While ultra-competitive security vendors squabble about how best to convey the scale of the botnet plague, cybercriminals — from novices to elite gangs — continue to saturate the Internet with infections that allow them to take full control of Windows PCs.”
PCWorld Business Center: Drug-dealing Spammers Hit... →
“It isn’t clear what’s behind this wave of Gmail compromises. But in forum posts, Gmail users note that the hackers appear to be sending spam via Gmail’s mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam.”
Huey Callison in Word to the Wise: What Happens... →
“…until the FTC pursues action…corporations and organizations will continue to get away with supporting, and benefiting from, millions and millions of spams.”
Ars Technical: Google warns that privacy opt-in... →
‘Imagine an Internet in which every website that uses behavioral advertising has to get your up-front permission to do so—make that double for login-account-informed ads, and triple if the site sells your data to third-party applications.
…it imposes two decision making costs on users. First, they have to decide whether they want to bother with the technical opt-in process. ...
Return Path: Has Social Networking Surpassed... →
Ezra Fischer explains why the Morgan Stanley chart showing that social networking has “surpassed” email is wrong.
Wired: Spam Suspect Uses Google Docs; FBI Happy →
“FBI agents targeting alleged criminal spammers last year obtained a trove of incriminating documents from a suspect’s Google Docs account, in what appears to be the first publicly acknowledged search warrant benefiting from a suspect’s reliance on cloud computing.”
New York Times: Web Coupons Tell Stores More Than... →
“A new breed of coupon, printed from the Internet or sent to mobile phones, is packed with information about the customer who uses it. While the coupons look standard, their bar codes can be loaded with a startling amount of data, including identification about the customer, Internet address, Facebook page information and even the search terms the customer used to find the coupon in...
Washington Post: Boy, 9, accused of hacking into... →
“Police say a 9-year-old McLean boy hacked into the Blackboard Learning System used by the county school system to change teachers’ and staff members’ passwords, change or delete course content, and change course enrollment.”
BBC News: Porn virus publishes web history of... →
‘It…takes screengrabs of the user’s web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to “settle your violation of copyright law” and remove the webpage.’
The Onion: Twitter Now Features Ads →
Seth's Blog: Cannibalism and spam →
“We don’t often have conversations about cannibalism. We don’t trade recipes or talk about health issues. That’s because it’s off the table, not permitted, inconceivable.
Marketers should feel the same way about spamming people. Spamming them by email, by text or yes, by calling their cell phones with a robot, repeatedly, just because it’s cheap and...
CNET News: 88 percent of firms show Zeus botnet... →
‘Specifically, “domains individually representing 88 percent of the Fortune 500 were shown to have been accessed to some extent by computers infected by the Zeus Trojan,” the study said.’
MediaPost: Fined Again, Tagged Pays $650K To San... →
“The San Francisco District Attorney’s Office has extracted a $650,000 settlement from social networking site Tagged.com for allegedly using deceptive registration practices in the spring of 2009.
The site previously agreed to pay $750,000 to settle similar allegations with the Attorneys General of New York and Texas. Additionally, it recently settled a lawsuit by agreeing to...
The Consumerist: eBay Scammers Evolve, Use Live... →
“When she tried to ask some questions about the transaction, they directed her to a live online chat that was mocked up to look like a real eBay customer service chat and tried to assuage her concerns….”
threatpost: Apache Foundation Hit by Targeted XSS... →
‘Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”’
Redhead Writing: If I Can See You, You're Not a... →
“Apparently, there are lots of folks out there claiming to be ninjas. Most likely these are gurus and experts that have found themselves out of a career and to avoid the unemployment lines, they’ve gone down the ninja path. So I began to wonder: how many self-professed ninjas are on Twitter? Am I surrounded? Are there LOTS of them? Should I be afraid?”
Concurring Opinions: How Identity Theft Is Like... →
“The reason so much identity theft occurs is because it is cheaper to expose people to the risk of identity theft than to exercise more care in vetting credit applications.”
ITworld: Fighting back against toxic Facebook and... →
“The brains at Stanford Law School have come up a with a wiki that lets you speak your mind about iPhone, Facebook, and other apps — and warn the world when one of them goes rogue.”
/dev/random: Help Your Laptop to Survive a... →
“Today, you can’t attend a security conference without a laptop and some Internet connectivity. …But using a laptop in wild environment is always risky.”
Wired: April 12, 1994: Immigration Lawyers Invent... →
“It didn’t matter that most recipients had no need for such services. They’d just been spammed by a company — for the first time in the net’s history. Not surprisingly, some lines of the message were in ALL CAPS AND BOLD.
Canter and Siegel went on to notoriety, claiming they’d made $100,000 from their Perl-script spamming. The two remained unrepentant, despite the backlash which led...
Terry Zink: How traffic shaping works, part 1 →
Brad Feld: Don’t Be A Twammer →
“Automatic tweeting from within applications is becoming commonplace. This is good in many cases, but unless the sender authorizes the actual tweet, it’s twam. There’s no opt-in dynamic around twam, so before a service sends out a tweet for the first time, it seems like good form is to make sure the user wants to tweet.”
Seth's Blog: Rights and responsibilities →
“You’re responsible to your community, to your customers, to your employees and to your art. Serve them and the rights thing tends to take care of itself.”
Milton Mueller in CircleID: How the Internet Gets... →
“There is an organized industrial and political imperative to drill into our heads the idea that the Internet is dangerous and its threats are spiraling out of control, and it doesn’t matter what facts are uncovered—they are all interpreted to support this preconception.”
What The Hell? Security: The 9 Laws of Phishing →
“You can’t control content produced by other people. In many cases you can’t even anticipate its delivery to you. But you control what you do with it.”
Gizmodo: Are Passwords a Waste of Time? →
“…passwords themselves are still fine. It’s the constant changing of passwords every few weeks in the enterprise environment that’s the issue. In fact, the constant changing is counterproductive, says a new study from Microsoft Research….”
Mental Floss: The Snopes.com “25 Hottest Urban... →
“I love Snopes. It’s my go-to resource when someone forwards me an email and I know it’s fake, but I don’t have time to type out a response explaining why email forwards are always hoaxes. The folks at Snopes have already done the legwork, in well-researched articles that validate all sorts of hoaxes, urban legends, and crazy internet stuff. Sending someone a Snopes link is the ...