August 2010
82 posts
Krebs on Security: White House Calls Meeting on... →
“The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.”
Security Labs: 419 scams go phishing →
‘The scam we describe in this blog is quite interesting because it is combines a typical 419 scam with a phishing attack. After the initial communication with the scammer, the victim receives a phishing email claiming to be from PayPal indicating that the scammer “PayPaled” the money to the victim. Here is the long story.’
Terry Zink: Russian cybercrime is organized /... →
“…the more I read, the more I see conflicting views on the state of the criminal cybercrime world. On the one hand, the Russian criminal cybercrime underworld is a scary, organized place where people are actively trying to do the rest of us harm. On the other hand, there is the position that that position is an exaggeration of what it is actually like and that it’s a bunch of...
Terry Zink: A bit more on Rustock →
“Rustock is, of course, the largest botnet out there but it depends on how you count it, as I have iterated in the past. If you count by number of unique IPs, then it is the largest botnet by a large margin. If you count by the number of email envelopes, it is still the largest by a large margin. However, each email envelope can have multiple recipients (receivers on the RCPT TO). ...
Spam Wars: Repeat After Me: "The From Field is... →
“Spammers and crooks know it: Lots of email recipients treat the From: field as if it must be telling the truth. If an email message that makes it to your inbox says it’s from Joe Blow, well, by God, it’s from Joe Blow.
This blind faith about unsolicited email messages is what gets so many computer users into trouble.”
threatpost: Anti-Phishing Group Targeting... →
“The heyday of faxing may have passed twenty years ago, but scam artists haven’t given up on the old technology, especially when it comes to wheedling personally identifiable information out of unsuspecting office workers. Now a leading anti-phishing group is tackling the problem of fax based phishing scams.”
threatpost: DLL Hijacking: Facts and Fiction →
“The reality is anyone who can stumble through the DLL project wizard in Visual Studio can write an ‘exploit’ for this vulnerability, and when the dust settles the lists will look a bit silly — virtually every Windows application will be found to be vulnerable in one way or another.
Does it matter? Yes. Is it cause for concern? Probably. Should we all panic about this new ‘glut of...
DarkReading: Careful With That Third-Party Web... →
“As more businesses continue to use third-party code in their websites and import content from other sites, the security of their visitors increasingly relies on others.”
SophosLabs: It’s that time again… →
“It’s back to school time! I thought I might use this as a reminder to talk to your kids about computer security. We drill it regularly to our employees and readers, but honestly, kids need to be taught about this as well.”
Sell Sell: The Centre For Common Fucking Sense In... →
“You know the scenario. You’re in a meeting, you know full-well that something is going to work/isn’t going to work/is true/isn’t true, but someone will turn up with a deck of charts to prove themselves right and you wrong. And there you have it. The people with charts always win. The end.
…So in an attempt to help redress the balance, we are fighting fire with ...
Techdirt: Attorneys General Continue Grandstanding... →
“These 17 attorneys general are effectively demanding that Craigslist stop making it so easy for them to find people involved in child trafficking. Here’s a great way for these AGs to actually do their job and to use the tools readily available to track down, capture and stop human traffickers, and their response is to grandstand and blame the company that helps them do that. ...
All Spammed Up: Five Ways to Train Your Users to... →
“Teaching employees how to identify spam is a good idea on a few fronts, such as allowing spam administrators to better refine or tweak existing spam filters. In addition, savvy users dramatically reduce the possibility of malware being introduced through spam.”
Privacy Law Blog: Never Make a Promise You Can't... →
“In a handful of cases, including two which were recently decided, companies have been thwarted in various, unexpected ways by the commitments made in their online privacy policies.”
CyberCrime & Doing Time: Major Fraud Ring Busted... →
“548 Taiwanese police officers and 2,720 Chinese police officers took part in the operation which resulted in 450 fraudsters being arrested throughout Taiwan and in the Chinese provinces of Fujian, Huanan, Hubei, Anhui, Guangdong and Guangxi. After a joint operations agreement was signed between Chinese and Taiwanese authorities, more than 16 joint raids have been conducted leading to...
ZDNet: Hackers accidentally give Microsoft their... →
“When the hacker’s system crashes in Windows, as with all typical Windows crashes, Heckman said the user would be prompted to send the error details — including the malicious code — to Microsoft. The funny thing is that many say yes…”
Washington Post: Defense official discloses... →
“…Deputy Defense Secretary William J. Lynn III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command.”
Return Path: IPv6 and Email: What’s the Hurry? →
“…the consensus is that everyone must have a strategy for migrating email to IPv6. …I’m going to throw one out here that may run contrary to popular thinking: perhaps there’s no need for you to migrate your public facing email streams to IPv6 in the next few years. Instead, I propose that you slow down, focus on some other things first, and then worry about migrating.”
danah boyd: Social Steganography: Learning to Hide... →
“Social steganography is one privacy tactic teens take when engaging in semi-public forums like Facebook. While adults have worked diligently to exclude people through privacy settings, many teenagers have been unable to exclude certain classes of adults – namely their parents – for quite some time. For this reason, they’ve had to develop new techniques to speak to their friends fully...
GCN: The pros and cons of government cybersecurity... →
“Cybersecurity is a growth industry, with rapidly increasing demand for qualified professionals in government and industry and a growing number of schools offering courses and degrees. But a couple of security bloggers warn that cybersecurity jobs in large enterprises, especially government, are likely to be frustrating.”
Techworld: Rustock botnet ditches encryption to... →
“TLS adds a small but cumulative overhead to server email processing, which ties up mail servers but also affects the rate at which spam is sent. Why Rustock’s controllers adopted the technique at all was never clear but might have been connected to a misplaced belief that it would make it harder for servers to filters its activity or detect the command and control system used to direct...
Wired: Ad Firm Sued for Allegedly Re-Creating... →
“At issue is the use of Adobe Flash to keep copies of a user’s browser cookies in order to re-spawn cookies after users clear them. The lawsuits allege that the companies did not explain to users how they were using Flash and that using the storage capabilities of Flash for this purpose violates federal privacy and computer security laws.”
New York Times: Hacker’s Arrest Offers Peek Into... →
“Law enforcement groups in Russia have been reluctant to pursue these talented authors of Internet fraud, for reasons, security experts say, of incompetence, corruption or national pride.”
AllThingsD: Phishing Likely Behind Reports of... →
“There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam–a variation on the one that’s been around for years now.”
Gizmodo: Happy 15th Birthday to Windows 95, the... →
“For hundreds of millions of people, Windows 95 was personal computing, spanning the inscrutable crudeness of the Windows 3.1 era and the soothing balm of Windows 98. It was inescapable. It was, possibly, the first operating system you used at home. It might not have been your favorite—we’ll stop there out of respect for our elders—but it helped an entire generation make...
Ars Technica: Why Intel bought McAfee →
“…it’s pretty much what Intel’s press release says it is: Intel wants to be (and feels that it needs to be) in the security business, period.”
Spamhaus: Spamhaus Blocks Gmail? Report Was Not... →
“Recently some IT websites, including Softpedia and Sucuri, erroneously issued reports of Spamhaus’ SBL blocking Gmail. These reports are not true. Google’s Gmail service has never been listed in, or affected by, any Spamhaus DNSBL, nor ever would be. Spamhaus quite simply will not list outbound mail servers of Google/Gmail or any giant freemail provider.”
All Spammed Up: UK University Service Infuriates... →
“The message, which led students to believe it was an acceptance notice from a university, was actually a spam message advertising discounted HP laptops. This infuriated students, as this is the time of year when they are awaiting their A-level results and scrambling to apply to the limited amount of university openings available.”
eWeek: Inside the Russian Cyber-Underground →
“Two security researchers examining the Russian hacker underground found the world of cyber-crime is often less organized than portrayed.”
Computerworld: ICANN asks Demand Media for answers... →
“HostExploit says that some eNom resellers are violating ICANN rules by allowing customers to provide false Whois database information, not following ICANN deletion policy and generally not complying with their obligations as resellers.”
The Last Watchdog: Spanair crash shows deadly... →
“A malicious program precipitated failures in a fail safe monitoring system at the airline’s headquarters in Palma de Mallorca. The system was slow in sending out alerts that might have led to delaying or canceling the departure.”
Charles Stross: Where we went wrong →
“…it’s like the combined revenue (not profits; gross turnover) of Intel, Microsoft, Apple, and IBM — and probably a few left-overs like HP and Dell — being lost due to deliberate criminal activity.
Where does this parasitic drag come from? Where did we go wrong?
I’m compiling a little list…”
Asahi Shimbun: Hacker arrested for octopus virus →
“A hardened computer hacker has been arrested on suspicion of writing a computer virus that systematically destroys all the files on victims’ PCs and replaces them with homemade manga images of squid, octopuses and sea urchins.”
threatpost: This Week in Security: Phantom Firefox... →
threatpost: iPhones, BlackBerrys, Droids Becoming... →
“The evolution of attacks and malware targeting mobile devices is paralleling the history of attacks on PCs, but the attackers are moving at a much faster pace than the rate at which they developed new tactics for compromising desktop machines. The innovation that’s occurring in mobile attacks is outpacing the state of the art in mobile defenses by a wide margin right now, and...
The Hill: Facebook, Tata join anti-spam coalition →
“Facebook and Indian telecom giant Tata Communications have joined the board of directors of an international organization dedicated to curbing spam and online abuse around the globe, according to an announcement Wednesday.”
Calgary Herald: Information commissioner warns... →
“Speaking at a conference held at the University of Ottawa, Ann Cavoukian said Tuesday that information is already flowing freely and technology is advancing at a pace at which legislation pertaining to privacy rights can no longer keep up.
Cavoukian argued now is the time for governments to radically change the way they police the sharing of personal information.”
SFGate: Zynga guerilla marketing ploy gets legal... →
“…San Francisco City Attorney Dennis Herrera…sent a letter Thursday to Znyga Game Network threatening a lawsuit over a guerilla marketing campaign the San Francisco-based gaming company is apparently using to drum up interest in the latest version of its Mafia Wars online game.
It seems that dozens of fake $25,000 bills have been glued to the sidewalk in five locations in...
Paleo-Future: Computer Criminals of the... →
“Instead of mugging people in the streets or robbing houses, tomorrow’s criminal may try to steal money from banks and other organizations using a computer. The computer criminal works from home, using his own computer to gain access to the memories of the computers used by the banks and companies. The criminal tries to interfere with the computers in order to get them to transfer...
Technologizer: The Tragic Death of Practically... →
“For years, once-vibrant technologies, products, and companies have been dropping like teenagers in a Freddy Krueger movie. Thank heavens that tech journalists have done such a good job of documenting the carnage as it happened. Without their diligent reporting, we might not be aware that the industry is pretty much an unrelenting bloodbath.”
SANS Internet Storm Center: Change is Good. Change... →
“In a lot of ways, our job in IT and Information Security is implementing change. But as we all know, every change involves risk, and changes gone bad can be your worst nightmare. I’ve seen the number of business system service interruptions due to changes in infrastructure pegged at anywhere from 50 to 70%, and I’d lean towards the high side of that. If it’s not a hardware failure,...
Steven Pearlstein in the Washington Post: The FCC... →
“As a general rule, whenever you hear special-interest groups using near-hysterical language to warn that some proposal will destroy jobs, snuff out innovation and end free-market capitalism as we know it, you can generally assume that progress is being made.
So it is with the controversies swirling around Internet regulation.”
Krebs on Security: NetworkSolutions Sites Hacked... →
“Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in their pages, a security company warned Saturday.”
Jigsaw opt-out →
Jigsaw (recently bought by Salesforce) is a service which lets people upload your address and share it with other people for purposes of marketing, without you ever having agreed to it.
Turns out they do have an opt-out page, though of course the people sending the spam don’t tell you they got your address from Jigsaw.
Put in all your addresses. I was amazed by what they had.
(Tip of the...
Larry Magid in the Huffington Post: Privacy Panic... →
‘Lately I’ve gotten a sense that lots of Internet users are suffering from “privacy panic,” not unlike the “predator panic” that plagued the Internet a few years ago when lots of people falsely believed that children faced a grave risk of being sexually abused by Internet predators.
The problem with these panics is they tend to be based on extreme and ...
ZDNet: 1.3 million malicious ads viewed daily →
“The attack vector, known as malvertising, has been increasingly trending as a tactic of choice for numerous malicious attackers, due to the wide reach of the campaign once they manage to trick a legitimate publisher into accepting it.”
Ben Laurie: It’s All About Blame →
“The trouble with allowing policy makers, CEOs and journalists define technical solutions is that their ability to do so is constrained by their limited understanding of the available technologies.”
Sell Sell: An Open Letter To All Of Advertising... →
“I was watching the telly the other day, when on came an advert. It was (I think) selling sausages. It turns out that they wanted me to go to the internet after watching their advert, and instead of looking at pornography, go to their microsite (which is kind of like a website that nobody goes to), and then put up a video. A video that I would make.”
Wall Street Journal: From ‘Value-Add’ to... →
‘The problem: Your boss tells you to stop boiling the ocean, and you have no idea what she means.
The solution: Step 1: Look it up on Unsuck-it.com (which will tell you that “boil the ocean” means “waste time”). Step 2: Email her the definition and tell her to stop torturing the English language.’