July 2010
50 posts
threatpost: How Mass SQL Injection Attacks Became... →
“…very few Web developers have had any kind of training on writing secure code or deploying Web applications safely, so they end up worrying mainly about functionality and performance, with security an afterthought at best.
So the end result is millions of Web applications with simple, easy-to-exploit vulnerabilities that have become a virtual shooting gallery for...
New York Times: Concern for Those Who Screen the... →
“The surge in Internet screening services has brought a growing awareness that the jobs can have mental health consequences for the reviewers, some of whom are drawn to the low-paying work by the simple prospect of making money while looking at pornography.”
Techdirt: There Is No 'Internet Kill Switch'... →
‘…it appears that the meme of an “internet kill switch” — which apparently was first put forth by Declan McCullough — has pretty much taken over the debate on the bill. And some are noting that this is problematic, as there are lots of real issues to be discussed around the bill…’
St. Petersburg Times: SOCom says no military... →
“The heist occurred at the iGov facility at 9211 Palm River Road and was captured on surveillance camera, according to a search warrant filed by a Hillsborough County sheriff’s detective. Up to seven people spent nine hours loading thousands of Panasonic Toughbook laptops and other equipment onto two semitrailer trucks.”
InformationWeek: NIST Proposes Tracking Cyber... →
“The service would record transactions — whenever they are invoked — between pairs of services, and piece them together into pictures of the complex transactional scenarios that occurred during specific time periods, such as during an attack.”
View From The Bunker: Is today really Black... →
“The implementation of DNSSEC has been a long time in coming and each milestone passed is a very necessary step in the right direction. The signing of responses from the 13 root zone server clusters today should be seen in that context—it’s a start and a very big start. However, any expectation that this milestone marks the date that the Internet suddenly becomes safe is...
spamnation: The Facebook connection? →
“…the Chinese fake-storefront scammers who have been using other people’s Hotmail accounts to send spam have also been hijacking Gmail accounts. Talking to people who have had their Gmail accounts hijacked has revealed one interesting fact: everyone we spoke to had used the same password for both Gmail and Facebook.”
MSNBC: See an online job scammer at work →
“There’s nothing new about Internet-based money mule scams — they’ve been around for at least 10 years. What’s new is a persistent national unemployment rate that’s been hovering near double-digits for the past year. …the scams grow more sophisticated and the cover stories more believable, even as the ranks of the unemployed grow more...
Sucuri: Understanding and cleaning the Pharma hack... →
“This attack is very interesting because it is not visible to the normal user and the spam (generally about Viagra, Nexium, Cialis, etc) only shows up if the user agent is from Google’s crawler (googlebot). Also, the infection is a bit tricky to remove and if not done properly will keep reappearing.”
Herald.ie: Tesco fined for sending junk e-mail →
“The supermarket giant was fined €2,000 at Dublin District Court after it pleaded guilty to four counts of sending mails to customers who had indicated that they did not wish to receive them.”
HP: "We Haven't Been Hacked" ...is not a metric →
“…most companies that are getting attacked right now will never know. Unless you have very sophisticated, self-defending, well-written code then your web applications are sitting ducks. What’s worse - you will probably never know until someone finds your customer’s data posted on a blog, and IRC channel, or fraudulent charges start showing up on people’s...
Return Path Blog: Spam Complaints Fuelled By Poor... →
‘…legitimate senders of commercial email are encouraging spam complaints by simple poor email marketing practice. Just under “I suspect them of phishing attack” - the primary reason people reported emails as spam were examples of poor email marketing practice - “Too many (frequency)” and “Don’t remember signing up”.’
Optimal Security: Time to Ditch WinXP SP2! →
“Basically, there will no more WinXP SP2 updates or patches, including any critical security updates. In fact, Microsoft will not even be testing any new or unresolved vulnerabilities against SP2 to see if it is impacted, nor will they be developing any more patches or updates for it.
…But, perhaps more importantly, there will be no further security updates for Internet Explorer...
Redmondmag.com: What Does Microsoft Know About... →
“From Windows Activation Technologies (WAT) to Bing, Microsoft stockpiles information on you even when you don’t sign up for services such as Hotmail.”
Diomidis Spinellis in The Risks Digest: Bank... →
“After they verified my credentials the customer representative asked me: Did you respond to that email we sent you asking for your username and password?”
DarkReading: University Databases In the Bull's... →
“While the database breaches hitting higher education institutions this summer are a fresh reminder of why data security is so important, the fact is these latest incidents are just a few isolated beads in a string of incidents that date back far beyond this year. According to Rich Mogull, analyst with Securosis, these types of breaches have been going on so long he’d hardly class them...
RevK's rants: What a moron... →
“We have set up some numbers to go to a honey pot to trap junk callers, and only when we don’t get a calling number. In 8 hours on Friday we recorded 66 calls to our offices. Thursday, before the honey pot was set up, in 8 hours we had 331 call attempts from withheld or unavailable to unused office numbers. It shows how much of a problem these junk calls are.”
SFGate: FTC's role as watchdog expanding →
“If you think you get too much spam, try visiting the second floor of the Federal Trade Commission building in Washington.
That’s where a computer server holds the world’s largest collection of spam e-mail - 314 million messages, with 200,000 more arriving every day. The machine sits in the agency’s Internet lab, a bunker crammed with electronic devices that help ...
BBC News: Google Street View accused of Congress... →
“…Congresswoman Jane Harman, who heads the intelligence sub committee for the House’s Homeland Security Committee, has an open home network that could have leaked out vital information that could have been picked up by Street View vehicles.”
Huh? It’s not Google’s fault that members of Congress have not been adequately advised on computer security. -BoM
Doc Searls: Context is King →
“I’m tired of having companies guess at what my context is. I know what my contexts are. I know how they change. I want my own ways of changing contexts, and of informing services of what those contexts are. In some cases I don’t mind their guessing. In a few I even appreciate it. But in too many cases their guesses only get in the way.”
Computerworld: Cisco database hacked; warns Live!... →
The Consumerist: No, The Right To Call And Sell... →
‘…if a company cold-calls you to sell you things when you’re part of the federal Do Not Call registry, and insists that the call is totally legal because they’ve “partnered with” a company that you do business with, does that make it okay? No. No, it does not.’
Peter Blair: DKIM Verification step through →
“Learning to use DKIM usually involves a lot of trust in a process that may not be fully understood by the operators. I hope to lift the veil by implementing a step by step application to demonstrate what is being done and why.”
Enterprise Digital Rights Management: Is It Good... →
“Not being paranoid about information security can be a downward spiral for your business, as customers may begin to suspect that you are selling their data to other organisations, especially when they get calls from competing businesses with data that has only divulged to your business. Apart from this other employees will begin to get into the habit of helping themselves to corporate...
John Graham-Cumming: What's wrong with Flash... →
“Unlike ordinary cookies, Flash Cookies are largely unknown to the surfing public and very hard to control. Here’s a list of bad things about Flash Cookies.”
CarnalNation: TLD Carpetbaggers Give New Meaning... →
‘What do you get when you combine a former real estate developer, an ex-employee from a scandal-ridden domain bidding business, and an ex-fax machine salesman? Your first answer probably isn’t “internet pornography and child safety consultants.” But that’s exactly who’s behind creating and curating an adults-only gated trailer park on the Internet: three...
Schneier on Security: The Threat of Cyberwar Has... →
‘We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There’s a power struggle going on for control of our nation’s cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military’s expansive cyberspace definition of “war,” we feed our fears.
We reinforce the...
The Star: Start enforcing telemarketing rules,... →
“Figures released by the [Canadian] government suggest it is failing to enforce the national do-not-call list, despite the fact more than 300,000 complaints have been filed against unwanted telemarketers.”
The Day Before Zero: It’s Safer to Write Your... →
“Common wisdom over the last couple of decades has been to never write down the passwords you use for accessing networked services. But is now the time to begin writing them down? Threats are constantly evolving and perhaps it’s time to revisit one of the longest standing idioms of security….”
Risky Business: Big W infecting photo printing... →
“On its own, an isolated incident of a photo kiosk infecting a USB device might not be newsworthy. But what makes this item stick out is Big W’s reply to Morgan after he notified the company of the issue….”
Seth's Blog: The non-optimized life →
“…a never-ending cycle of optimization can become a crutch, a place to hide when you really should be confronting the endless unknown, not the banal stair step of incremental optimization.”
DarkReading: Six Messy Database Breaches So Far In... →
“The list of disturbing database breaches so far this year mostly could have been avoided. The affected organizations had to learn the hard way, through public embarrassment and expensive incident response procedures. But the missteps that led to them provide a cautionary tale for other organizations.”
The Tech Herald: Email becoming a booming Malware... →
“Several security vendors have singled out a major theme during the second quarter and first half of 2010, and from the looks of things, criminals are starting to focus more on delivery and less on diversity.”
The Next Web: Apple’s app store, filled with “App... →
“…clearly when one developer completely dominates the ranking in a particular category, other app developers suffer but when it happens by means of hacking end users accounts – it’s a serious concern that leaves everyone involved suffering. Developers don’t get the recognition they deserve, users are robbed and left with a poor user experience, while Apple is left with a tarnished...
Feeding Pirates: When Legit Companies Advertise On... →
“The ads were not limited to cheesy online gaming sites, etc. Rather they include a number of legit companies like Sony, Radio Shack, Porsche, AT&T, Chase, Auto-Zone and even Netflix.”
New York Times: Services Monitor Children’s... →
“…it comes as no surprise that, after years of headlines and horror stories about predators, cyberbullies and other dangers to children online, a crop of subscription services has emerged to help parents monitor their child’s activities on social networks. …The services gather data that can be freely collected with a bit of ardent Web searching.”
Alex Bogusky: The first Cannes Lion for not... →
“Advertising to adults is not without controversy. And although I’m concerned about consuming for consumption’s sake, I am able to see the role advertising plays in moving our economy forward and the benefit to society that can be created. However, when it comes to advertising to children, it’s much more difficult to find any redeeming value created by the activity. In fact, to the...
Word to the Wise: ESPs, Non-portable Reputation... →
“Portable reputation is reputation that is tied to you, and mostly independent of your ESP. You can build up a history of sending email that people want to receive through one ESP, then you can move to a different ESP and take all that good history with you, keeping all the delivery advantages. (Or use multiple ESPs for different campaigns and send some mail from in-house and pool your...
Jart Armin in Internet Evolution: DotXXX Is... →
‘However, the bigger issue is technological, as any Internet user can see. For example, how many users now type in http://……… or “www…” on their Web browsers? Many users simply type in, say, “Internet Evolution,” and the browser and/or the search engine does the rest from the user’s browser history or favorites. This will undoubtedly become even more...
MediaPost: ClearSight Launches Targeting Platform... →
“The start-up ClearSight Interactive on Monday launched a new behavioral targeting platform that is already raising eyebrows of privacy advocates.
…ClearSight obtains users’ IP addresses from publishers, who themselves gather it from users when they register. Some of those IP addresses change regularly, or are from work addresses or public places, but others persist and...
Lauren Price in CircleID: DNSSEC Deployment Among... →
“It’s no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they’ve learned and what advice they would give other ISPs considering DNSSEC...
Wired: You Don’t Want ISPs to Innovate →
‘Free-market groups and the industry are banging the table, arguing against the consequences — saying that the FCC is trying to regulate the internet and will kill innovation.
Here’s the simple truth: You don’t want your ISP to innovate.
At least not in the way, they want to “innovate.”’
threatpost: Scareware, Black Hat SEO and You →
“The scareware and rogue AV problem that initially appeared a few years ago and has since found its way onto thousands and thousands of legitimate Web sites, including The New York Times home page, has now reached epidemic levels. The scams are mostly boilerplate and well-understood, but it’s not often that we get to take a peek behind the curtain and see the inner workings of the...
Enterprise Digital Rights Management: How that... →
“Did you ever wonder if your customer lists and other confidential data is walking out the door when people leave the organization? Here is something that I came across when working with a client.”
anti-virus rants: lessons from the past →
“the events described here took place some 21 years ago, back when the mores and traditions of the anti-virus community/industry weren’t quite as strict as they ultimately became. in fact, i’d hazard a guess that the events described here and the lessons learned from them are at least part of the reason those mores and traditions became so strict. read on to find out what can...
Krebs on Security: Anti-virus is a Poor Substitute... →
“A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.”
CSO: Are You an “Online Service Provider”? And, If... →
‘Who can be an “online service provider”? The term is fairly broad and goes well beyond ISPs, Google, Yahoo, etc. Almost anyone who has a presence online that includes interactivity with site visitors may well satisfy the definition.’
Seth's Blog: A bias for scamminess →
“How is that a sleepy, conservative organization like the postal service ends up licensing its brand to a company that can’t resist every honey pot scheme and opt out technique in the book?”