June 2010
67 posts
Trevor Fitzgerald: Why do companies use noreply... →
‘We all get them. When you sign up for a new account somewhere, you’re sent a welcome email. After you order something, you’re sent a receipt. Company newsletters are sent to advertise new services or products. But why do they all get sent from “noreply@company.com”?’
Pogo Was Right: Twitter Settles Charges that it... →
“Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers.”
Why isn’t that...
Gideon J. Lenkey in Internet Evolution: Let's Get... →
“Confusion over definition and terminology are turning the cloud into a fog. This fellow in particular had motion and action confused; he was going to pause his company’s security program to see how cloud computing played out. I hope he has a good plan B, because it’s tough finding jobs out there right now.”
ZDNet: Make zombie code mandatory: govt report →
“This code of practice would make ISPs force their customers to install antivirus and firewall software. They would also need to educate those customers on how to protect themselves from hackers and malware when they first sign up to the ISP. In the event that a customer’s computer is infected, the code would see ISPs forced to restrict that user’s access and ultimately...
DarkReading: Researcher 'Fingerprints' The Bad... →
“Malware writers actually leave behind a telling trail of clues that can help identify their native tongue, their geographic location, their ties to other attacks — and, in some cases, lead law enforcement to their true identities. A researcher at Black Hat USA next month plans to give away a homemade tool that helps organizations glean this type of intelligence about the actual...
ZDNet: CNET retracts article on Android app... →
“When a company writes a white paper they send out a press release to get as many news sites as possible to mention the report in their own stories. This strategy worked all too well on Tuesday when security firm SMobile Systems published a scary sounding report about Android apps. …It turns out the only holes were in the report and in its coverage by the media.”
Cisco: Key Lengths for DKIM Signatures →
“This information shows that there are some substantial senders of email that are using 512-bit keys, and relatively fewer are using large keys.”
Brad Feld: The Magic of Email Conversations →
‘Within a year, a UI construct that has been bouncing around for 15 years but never really crossed over into the mainstream took hold. And it makes email much better to deal with, especially if you are part of an organization (or group of people) that have a heavy “reply-all” culture.’
Wired: Targeted Ads Will Let You Spy on Them for a... →
“The industry did not decide to do this on its own, but because the Federal Trade Commission called on advertisers to regulate their own targeted advertising early last year. Advertisers formed a cross-industry coalition to figure out how to serve ads that are customized to consumers’ recent and past behavior, without scaring users or drawing more government scrutiny.”
Seth's Blog: Don't snowglobe me, bro →
‘Every time you interrupt your prospect or consumer, you better ask, “is it important enough…” Most of the time, it’s not. Most of the time, the interruption is a selfish, misguided effort by a committee that doesn’t get it.’
Graham Cluley: Cybercrime forum suspects arrested... →
“The police clearly believe that they have arrested two men who are major players in the operation of cybercrime forums. What may surprise some is that the men arrested aren’t hardened conventional criminals, but young men still in their teens.”
The Tech Herald: InfoSec community launches... →
“Since April, Ligatt Security has been in the crosshairs of the Information Security community. In the last week, the war on both sides has heated up, with charges of racism from Ligatt’s CEO, and self proclaimed World’s No. 1 Hacker, Gregory Evans. Here’s the story so far.”
CNET News: FTC says current privacy laws aren't... →
‘The existing constellation of privacy laws, which relies heavily on disclosure of data collection and use practices and on informed consumer choice, “in some very basic sense isn’t working,” said Kathryn Ratte, a senior attorney in the FTC’s consumer protection bureau.’
Maureen Johnson on BlogHer: Manifesto: I Am Not a... →
“I think the divide is pretty basic. I think there are people out there who see the Internet as a way of employing the same old techniques of SHILL, SHILL, SHILL. A hundred years ago, they would have rolled up to you in a wagon, shouting about their tonic. Fifty years ago, they would have rolled their vacuum cleaners up to your door. The other side, the side I am on, is the one that sees an...
Network World: Banking's big dilemma: How to stop... →
“…customers’ PCs have become the Achilles’ heel of the financial industry as cyber-crooks remotely take control of the computers to make unauthorized funds transfers, often to faraway places.”
Immutable Security: On Acceptance of Risk →
‘Acceptance means, “I know that this might happen, and if it does, I am prepared to accept the consequences of my decision.” The problem with acceptance is that it is rarely tied to consequences.’
Terry Zink: Origins of the word spam →
TechLaw: E-Mail Headers Designed to Elude Spam... →
“…an e-mail marketer’s act of sending commercial e-mail messages from multiple, random and nonsensically named domain names is not unlawful under California’s anti-spam statute….
The court was also concerned that, had it embraced the plaintiff’s expansive theory of liability, the state’s anti-spam so interpreted would reach into business practices...
Seth's Blog: Gifts, misunderstood →
“I think when it’s sent by a corporation and chosen by a secretary, it’s not a gift. It’s a present. Or a favor…”
(The original box of meat was not a gift. It was a request.)
The Observer: Everything you need to know about... →
“A funny thing happened to us on the way to the future. The internet went from being something exotic to being boring utility, like mains electricity or running water – and we never really noticed. So we wound up being totally dependent on a system about which we are terminally incurious.”
Cracked: The 6 Most Insanely Misguided Attempts at... →
‘The goal for marketing types in the Internet age is a “viral” ad campaign. You pull off some publicity stunt, there’s tons of coverage on the internet, you wind up with millions of eyeballs for virtually no cost.
But viral campaigns are all about pushing the envelope. You have to shock people to get their attention, and this is where the potential for disaster...
InfoReck: Compliance Leads to Security Breaches →
“The most high profile hacks in recent history were performed against PCI compliant systems. The Heartland fiasco was performed against a company who could put their check in the correct box on a PCI checklist. That didn’t prevent the breach. Nor the countless others before and since. So what were these companies doing wrong?”
The Next Web: Why Foursquare Is At Risk Of A Spam... →
“A handful of cases doesn’t make an epidemic, but if it’s happening in the places we found, it’s probably happening elsewhere too. Indeed, the company’s support forum shows complaints of spam going back several months.”
Lisa M. Jones at the Publius Project: The Future... →
“Changes in Internet and new technology occur daily. Youth, hungry for new experiences, adapt quickly to such changes in ways that are hard for adults to predict. This adds to the impression by parents, educators and law enforcement that they are in entirely new territory in trying to protect youth. But the truth is that helping youth stay safe and make healthy choices is something...
MediaPost: Microsoft Sues Alleged Spammer For... →
‘The complaint details how [Boris] Mizhen and his affiliates allegedly manipulated the statistics that Microsoft’s anti-spam system relies on by creating millions of new email accounts and then moving up to 200,000 of their own messages a day from “junk” files into inboxes.’
NPR Planet Money: 23 Things Not To Write In An... →
“Every e-mail you write could wind up in court. Everybody knows this, but people still act like it will never happen to them.
If you can’t help yourself — if you just have to write that incriminating e-mail — you can at least avoid a few obvious red flags.”
Computerworld: HP partners with Yahoo for targeted... →
“…a pilot program that will deliver targeted advertisements for content printed with its latest line of Web-connected printers.”
dirtbags: Summer Hacking School →
“Before you can design secure systems, you need to understand how attacks happen; and before you can understand how attacks happen, you have to know how to attack. In summer hacking school, you’ll learn about all aspects of computer security, from the obvious: math and programming; to the subtle: sociology and law.”
techPresident: Clay Johnson at PdF '10: Obsess... →
‘…called on those toiling in the trenches of online politics to quit obsessing over the size of their email lists, open rates, and messaging strategies…folks need to refocus their energies on how technology can be called into service in the pursuit of “actually solving problems.”’
The Consumerist: What's The Most Annoying Type Of... →
“As more and more web surfers become inured to standard banner and box ads, the designers and developers of online advertisements continue to find new ways to engage consumers. Unfortunately for advertisers, many consumers tend to find each new evolution in ad tech to be more aggravating than the last.”
Reuters: Police arrest 178 in global credit card... →
“Police in fourteen countries participated a two-year investigation, initiated in Spain where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, arrested 76 people and dismantled six cloning labs.”
Word to the Wise: Basic email delivery using... →
‘Whenever we’re working with someone to diagnose some obscure delivery issue one of the things we usually have them try is to “run a transaction by hand”. Being able to do that is a trick that everyone working with email should be able to do.’
anti-virus rants: privacy NOT versus security →
“often when people talk about privacy vs security they’re not talking about the purely person perspective, though. they’re talking about other organizations that are expected to help protect an individual’s privacy. here there can be a conflict, but not because of some tension between privacy and security, rather because the organization’s interests are not...
Techdirt: Blaming Users When You Screw Up →
“We’re always amazed when we see companies blame their users for their own screwups. The latest company to do this…is Zynga, who gave out some codes to certain users for $120 worth of in-game currency in one of its games if those users moved off of one social networking platform to another. However, Zynga didn’t take the most basic technical precautions….”
Clients From Hell: That’s way too much money to... →
“OK. We made that email campaign, but I can’t figure out why all of the links take me to the unsubscribe page.”
Venkat Balasubramani in CircleID: Judge Kocoras... →
“I’m not sure what it is about spam that spawns wasteful litigation, but this is yet another example of a lengthy spam dispute which consumed a lot of resources but which ultimately ended with a whimper.”
BigPond: New fines for direct marketers →
“From late August, product spruikers will be fined $2200 every time they fax advertisements to consumers who have sought privacy.”
TaoSecurity: "Untrained" or Uncertified IT Workers... →
‘There’s a widespread myth damaging digital security policy making. As with most security myths it certainly seems “true,” until you spend some time outside the policy making world and think at the level where real IT gets done. The myth is this: “If we just had a better trained and more professional IT corps, digital security would improve.”’
Amrit Williams: Rolling Stone “The Biggest Cyber... →
“It is disappointing that the article paints Gonzalez as almost a Robin Hood meets Hunter S. Thompson character or simply as boys being boys. The crimes are made to seem largely victimless and perpetrated against faceless corporations with little impact on most of us, but that isn’t the reality.”
Consumerist: Get Off Junk Mail Lists With Blitz... →
“Most junk mail, to comply with regulation, will have a phone number for the company sending it out on it. Phillip calls the number and politely and cheerily ask them where they bought his address from and can they please remove him from their mailing list. Most of the time they say they can’t give out that information and hang up.
So he calls back. Every hour. On the hour. For an...
Springwise: Butcher shop installs vending machine... →
“With three stores in Northern Spain, Izarzugaza has been operating for four generations in more or less the traditional way. Not long ago the store…installed a vending machine outside its Mundaka shop that sells a variety of meats, sausages, sandwiches and other goods around the clock. Products sold within the machine vary with the season, so that summer offerings might include...
Valleywag: Apple's Worst Security Breach: 114,000... →
“The breach…exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s...
Computerworld: After Google hack, warnings pop up... →
“Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.”
Xinhuanet: China faces increasing computer crimes →
“According to the paper, public security departments dealt with 142 computer crime cases in 1998, 29,000 in 2007, 35,000 in 2008 and 48,000 in 2009.”
“We got a call at home at 11 pm from a client whose website had been...”
– Clients From Hell
threatpost: The Economics of Targeted Attacks →
“Researchers and security vendors have been telling us for years now that attackers have developed sophisticated, targeted attacks designed to separate victims from their money as quickly and cleanly as possible. If that’s so, why aren’t all of us being compromised on a regular basis?”
The Last Watchdog: Scareware plague continues... →
“Online promotions for scareware has actually increased 10 fold in the first three months of this year as compared to mid-2008 when U.S. regulators dismantled the firm….”
Errata Security: Cyberwar is fiction →
‘Putting “cyber” in front a something is just way for people to grasp technical concepts, the analogies quickly break down, and are useless when taken too far (such as a “cyber disarmament treaty”). Unfortunately, it’s the clueless people who believe in these analogies that are driving national policy.’