May 2010
73 posts
McTim in CircleID: What Digital Divide on IP... →
‘While it is certainly true that there are “digital divides” between developed and developing parts of the world, the historical imbalance in IP addressing is not one of them. The fact is that while we will “run out” of IPv4 addresses at some point in the not too distant future, there are an unimaginably large number of IPv6 addresses available. In fact, here in...
Benlog: Privacy Advocacy Theater →
“This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw.”
SANS Internet Storm Center: How Do I Report... →
“There was no simple one-stop-shop for the end customer to use. Some browsers and ad-ons gives something resembling that functionality, but it too is still limited to protecting the users of that tool. Upon reflexion, I realize why a one-stop-shop doesn’t exist. A single collection and repository of information is not the correct model. It wouldn’t scale, it...
TIME: The 50 Worst Inventions - Pop-Up Ads →
“Escaping advertising was already a hopeless feat online when web browsers introduced pop-up ads in the early 2000s, an almost unavoidable trick by websites to generate revenue.”
AFP: 3 indicted in $100 million Internet... →
“Sundin and Jain were the owners and operators of a company called Innovative Marketing located in Kiev that purported to sell anti-virus and computer repair software. Jain was IM’s chief executive while Sundin served as chief technology officer.
They are accused of placing fake advertisements on legitimate company websites which led Internet users to falsely believe that their...
Computerworld: Five indicted in cybertheft of... →
“Five people were indicted this week on wire fraud and other criminal charges stemming from a 2007 cybertheft in which nearly $450,000 was stolen from the bank accounts of the city of Carson, Calif.”
The Denver Post: Denver enlists posse to try to... →
“Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.”
The Australian: Human behaviour key to... →
“The sky is not falling, the situation is not as bad as many make out, but we need to accept that the internet has been ‘pwned’.”
Al Iverson's Spam Resource: Groan: .co TLD to be... →
“What an opportunity to inappropriately monetize misdirected traffic!”
The Tech Herald: Tabnapping! Quick call the fuzz! →
“Just when you thought it was safe, criminals online can now steal your login credentials and your baby, all from a single tab within your browser. Face it you’re doomed. Okay, it isn’t that bad, but the demonstrated weakness in browser UI design…could be evil, depending entirely on the user.”
eSoft Threat Center Live Blog: Anatomy of a Modern... →
“…sites that are taken over by hackers are frequently used for other purposes besides directly serving up viruses or redirecting to sites that do. When a hacker gains control of a site, they generally do one of several things….”
Cedric PERNET: Fraudsters e-mail addresses :... →
“Numerous articles have already been published about the case, but I didn’t see any about the specific point of interest for me: the 3726 unique e-mail addresses of the members of the forum.
Seeing all these complete e-mail addresses, I asked myself some questions….”
The Onion: Entire Facebook Staff Laughs As Man... →
“Look, he’s clicking ‘Friends Only’ for his e-mail address. Like that’s going to make a difference!”
SANS Internet Storm Center: Security people... →
“I recently replied to one of the many such SPAMs I received. They were advertising a Security & Risk Management Summit taking place in Washington, DC. I asked how they got my email address and was told they buy their lists from various sources. I explained that by buying those lists they were feeding the spam support system. They didn’t respond to that comment so either they...
SFGate: The privacy Machiavellis →
“Machiavelli taught that individuals lack tools to assess political leaders, thus politicians can manage their perception through public relations alone. This is particularly apt in the technology field, where even expert users cannot effectively assess a company’s privacy practices. Our survey research shows that users falsely believe that privacy policies create strong legal...
threatpost: Why Can't Johnny Have Privacy? →
“One of the more trite and oft-repeated maxims in the software industry goes something like this: We’re not focusing on security because our customers aren’t asking for it. They want features and functionality. When they ask for security, then we’ll worry about it. Not only is this philosophy doomed to failure, it’s now being repeated in the realm of privacy,...
Techworld: IBM red-faced after handing out USB... →
“…users should be suspicious of all USB drives – even those handed out at security conferences.”
Al Iverson's Spam Resource: In Memoriam: Stefan... →
“It is with sadness that I pass along that email marketing expert Stefan Pollard passed away recently. He was a really good guy.”
Box of Meat agrees. We just lost one of the good ones.
PCWorld: Note to Facebook on Privacy: How About... →
“Staring down a storm of criticism around privacy issues on Facebook, CEO Mark Zuckerberg promised today to give users an easy way to opt out of third-party services. Probably, though, most users would be a lot happier if Facebook came up with a simple approach to opting into those services, rather than out of them.”
TIME: Battle for the Soul of the Internet →
“…the Net is being buffeted by forces that threaten to destroy the very qualities that fueled its growth. It’s being pulled from all sides: by commercial interests eager to make money on it, by veteran users who want to protect it, by governments that want to control it, by pornographers who want to exploit its freedoms, by parents and teachers who want to make it a safe and...
SC Magazine: Microsoft files two lawsuits for... →
“Click laundering…is a more advanced form of click fraud designed to outwit fraud detection systems by hiding the origin of fake clicks.”
Ars Technica: Facebook caught sharing secret data... →
“The data shared includes names, user IDs, and other information sufficient to enable ad companies such as the Google-owned DoubleClick to identify distinct user profiles.”
More details & discussion can be found on Hacker News.
ZDNet: 1.3 million malicious ads viewed daily →
“The attack vector, known as malvertising, has been increasingly trending as a tactic of choice for numerous malicious attackers, due to the wide reach of the campaign once they manage to trick a legitimate publisher into accepting it.”
Duke Today: A Piece of Internet History →
“On May 20, Duke will shut down its Usenet server, which provides access to a worldwide electronic discussion network of newsgroups started in 1979 by two Duke graduate students, Tom Truscott and Jim Ellis.
…Many social aspects of online communication – from emoticons and slang acronyms such as LOL to flame wars – originated or were popularized on Usenet.”
(The anti-spam...
Techdirt: Pushing Cyberwar Moral Panic Apparently... →
“One of the folks, who has been given the most attention for playing up this threat, is former director of national intelligence, Michael McConnell, who just happens to have scored a job as a top exec at Booz Allen. So it seems worth noting that Booz Allen has racked up over $400 million in gov’t contracts in just the past few weeks.”
FTC Permanently Shuts Down Notorious Rogue... →
“At the Federal Trade Commission’s request, a district court judge has permanently shut down a rogue Internet Service Provider that recruited, hosted, and actively participated in the distribution of spam, spyware, child pornography, and other malicious and illegal content. The ISP’s computer servers and other assets have been seized and will be sold by a court-appointed receiver, and...
The Atlantic: The Enemy Within →
The complete story of the Conficker worm, including all sorts of fascinating background on the current state of cybercrime—written in a clear, accessible manner.
If you only read one link from Box of Meat this year, read this.
The Last Watchdog: How account stealers pervert... →
“The cybercriminals behind the intensifying phishing scam that has been plaguing Twitter since late last week are proving how easy it is to pervert the trust social networks like Twitter and Facebook along with search giant Google have made a cornerstone of their respective business models.”
Andy Borowitz in the Huffington Post: China to... →
threatpost: The Coming Wave of Mobile Attacks →
“…developing malicious mobile apps is likely to be the most popular and lucrative attack vector for cybercriminals in the coming years. The convergence of powerful mobile computing platforms such as the iPhone, Android and BlackBerry with the growing popularity of app stores and phones as mobile payment systems makes these attacks a layup for skilled attackers.”
FUDSec: SCSOVLF (aka, the Shpantzer Coma Scale Of... →
“Some vendors are consistent and have good products as well as sales/marketing teams. This is a rare vendor indeed. Treasure them if you find them. The majority within the vendor space have either good products or good marketing. Then there are those with neither. Inconsistency breeds hilarity.”
John Levine: The most confused spam suit of the... →
“Having exchanged some mail about the suit with Smith last fall, I think I understand what was going on…Smith fails to understand the way that e-mail works, and he has imagined a vast conspiracy to explain what was really configuration errors, a poor choice of server hosting, and perhaps malware infecting his mail server.”
Threat Level: Thieves Flood Victim’s Phone With... →
“Bank thieves have rolled out a new weapon in their arsenal of tactics — telephony denial-of-service attacks that flood a victim’s phone with diversionary calls while the thieves drain the victim’s account of money.”
ZDNet UK: Facebook privacy tweaks are... →
“European data protection advisers have said it was ‘unacceptable’ for Facebook to make some of its users’ data public without their permission at the end of last year.”
Al Iverson's Spam Resource: How Not to Respond to... →
“…whenever I highlight that I receive spam from a company, invariably, somebody reaches out to me, directly, or indirectly, wanting to tell me a story about it.”
Jucca K. Korpela: Internet message headers - quick... →
“The following table lists Internet message header fields which have been defined in RFCs or actually used or both, in E-mail messages, Usenet messages, or other contexts. For each header, its name, a short description, and some reference is given; the reference tries to point to a document where the meaning of the header is specified or described.”
(via Andrew Barrett on Twitter)
CAUCE: Facebook, Privacy, and the Loss of Trust →
“For a while it seemed as if nearly everything Facebook did was hailed as the future of messaging, perhaps the future of the Internet — or maybe the Internet didn’t matter anymore, except for Facebook. Even obvious scams got VC funding, so long as they were on Facebook. But with just a few missteps — which they appear to believe were nothing more than misunderstandings...
Akismet: State of Web Spam →
“We all know spammers change their methods frequently. But there are also some broader trends that slowly emerge over long periods. …Here’s a quick summary of some of the most important changes in web spam we’ve seen over the last year.”
Computerworld: Spammer tricks: unnatural acts with... →
“I have first-hand intelligence confirming what many spam fighters have long-suspected — smart spammers test their email content against spam filters. …The good news is that filters need not be fooled.”
Scott Westerlaken in Internet Evolution: What I... →
“…a lot of the email marketing products…report back a bunch of stats (which vary from program to program) about who opened, blocked, forwarded (and to whom, where it starts again), how long they spent with the email open, how many times they opened it, the operating system, email program, and more. All without the reader’s acceptance to share any information.”
Securelist: Crimeware: A new round of... →
“This article aims to answer the question – is it possible to effectively stem the tide of malware targeting the financial industry under present day conditions?”
Help Net Security: One crime syndicate responsible... →
“A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 — and was responsible for the overall increase in phishing attacks recorded across the Internet….”
Krebs on Security: Phished Brands Seize on... →
‘Instead of simply dismantling a phishing site and leaving the potential phishing victims with a “Site not found” error, some frequent targets of phishing sites are setting up redirects to phishing education pages.’
“Box of Meat [is] an excellent amalgamation of all sorts of spam, security and...”
– Carlo Catajan, in conversation with Len Shneyder
Unica: Full Metal Email – Confessions of an... →
“…the ISPs are fighting an uphill battle where the end-game hasn’t appeared on the horizon. …As a member of the anti-spam operations team at Yahoo! Carlo has seen it all and now he shares a bit of his knowledge and insight with us….”
Paul Ducklin at Sophos: Khobe “vulnerability” – no... →
A fairer assessment would be that Khobe amounts to little more that saying that malware which can already bypass anti-virus software may be able to bypass it again.
The Last Watchdog: Microsoft to end security... →
“In a move that raises the risk profile of millions of computing devices globally, Microsoft says it will no longer shore up security weaknesses in computers using Windows XP Service Pack 2 and Windows 2000 operating systems. Such desktop PCs and servers are still widely used in corporate networks globally.”
Computerworld: "Kill your Facebook page" backlash... →
“Calls for people to delete their Facebook accounts are gathering momentum. Critics cite privacy concerns and plummeting trust in the company and its leader, Mark Zuckerberg.”
Comradity: How does Open & Caveat Emptor co-exist? →
“In a physical marketplace, the separation between a business setting and a social setting is much more defined than it is online. In other media, the onus on the advertiser to substantiate advertising claims is rigorous. Maybe advertising is intended for a closed environment where the separation between commercial and customer interests is defined and the advertising is...