March 2011
126 posts
Bloomberg: Hackers in China hit 6 energy companies →
“Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP PLC, according to one of the companies and investigators who declined to be identified.”
Krebs on Security: Pharma Wars →
“How do you chronicle the struggle for control of an underground empire when neither combatant wants to admit that he is fighting or even that that a war is underway? That’s the nature of a business-feud turned turf-war that is playing out right now between the bosses of two of the Internet’s largest illicit pharmacy operations.”
The Globe and Mail: Gmail bug resets accounts;... →
“Initially pegged at approximately 500,000 affected users and then 150,000, the number was recalculated to 0.02 per cent of total users as of Monday afternoon.”
February 2011
109 posts
Techdirt: Craigslist A 'Cesspool Of Crime'? Or Are... →
‘The “research” basically scoured news reports and found a grand total of 330 “crimes” in the past year that have some sort of loose connection to Craigslist. …That’s a very small number, especially considering the hundreds of millions of posts and transactions that take place via Craigslist. This seems like a massive cheap shot by both Oodle and AIM ...
Naked Security: FLAMING RETORT – Whither... →
“Are you really a hacktivist if you anonymously follow the bidding of a bunch of unknowns (literally, if not figuratively) into online activities which you might later regret? If you get caught, will it actually have been worth it?
At the risk of sounding like an Angry Young Man whose anger is now a thing of the past, let me offer today’s web-savvy youngsters some advice.”
Darkreading: U.S., China Team To Fight Spam →
“In a historic alliance, groups in the U.S. and China are now working together on fighting cybercrime — initially on reducing spam between the two countries, but that could be just the beginning, according to an official who helped broker the initiative.”
The Consumerist: Via Email, HP Apologizes For... →
“HP apparently sent some customers too many emails recently by accident. So they sent out an apology to them, via email. No doubt they will realize this additional email was an unwanted further intrusion and send out another email to apologize for it.”
PCWorld: Belarus Man Pleads Guilty to Running... →
“Until he was arrested in April 2010, Dmitry Naskovetz had been the mastermind behind CallService.biz, a website that helped more than 2,000 identity thieves commit fraud. CallService employed a network of English and German speakers who would call up banks, pretending to be ID theft victims, and confirm fraudulent transactions rung up by the criminals.
This business neatly skirted...
The Next Web: Whenever you hit Facebook’s “Like”... →
“For example, if you Liked a story on a website by pressing the Like button you’re not only sharing the content on your wall but you’re also automatically subscribing and giving permission for future newsfeed updates to site owners. This happens every time and anywhere you Like something.”
InformationWeek: Rogue Facebook Apps Can Disable... →
“Facebook may be adding HTTPS to its pages, enabling people to use SSL to encrypt their social networking sessions. But rogue applications apparently have the ability to turn it off.”
Slate: Tech Revolutionaries →
“American technology companies have often faced tricky issues about how they operate in relation to authoritarian regimes in China, Russia, and elsewhere. But as revolution sweeps through the Middle East, three companies have found themselves central to the action in an unprecedented way. Google, Facebook, and Twitter are all confronting the kind of moral and political dilemmas that...
The Internet Wishlist →
“This is a collection of ideas for apps and websites people are wishing for. Think of it like a suggestion box for the future of technology.”
Wall Street Journal: Google Penalizes Overstock... →
‘Overstock’s pages had recently ranked near the top of results for dozens of common searches, including “vacuum cleaners” and “laptop computers.” But links to Overstock on Tuesday dropped to the fifth or sixth pages of Google results for many of those categories, greatly reducing the chances that a user would click on its links.’
Things Real People Don't Say About Your App →
Infosec Island: Magenta: HBGary Federal's... →
‘Crowdleaks recently posted some interesting leaked messages from the HBGary ordeal which documents and details the “possibility” that HBGary was involved with creating an undetectable, full command and control, rootkit labeled Magenta.
This news definitely piques my interest as Greg Hoglund is a well known security expert, published author of “Rootkits - Subverting the ...
The Raw Story: Air Force ordered software to... →
‘Though many questions remain about how the military would apply such technology, the reasonable fear should be perfectly clear. “Persona management software” can be used to manipulate public opinion on key information, such as news reports. An unlimited number of virtual “people” could be marshaled by only a few real individuals, empowering them to create the...
PogoWasRight: FTC Asks Court to Shut Down Text... →
‘According to the FTC complaint, the defendant behind the operation, Phillip A. Flora, sent millions of text messages, pitching loan modification assistance, debt relief, and other services. In one 40-day period, Flora sent more than 5.5 million spam text messages, a “mind boggling” rate of about 85 per minute, every minute of every day, according to additional court documents...
Konstantinos Komaitis in CircleID: A Fairness... →
“We, the ICANN Community, negotiated in good faith and at great length to balance the rights of trademark owners with the rights of all in commercial and noncommercial sectors, with the rights of all, now and in the future, to use normal, basic words and common last names, and new combinations thereof.
Here are the problems associated with the existing proposals concerning trademark...
Robert Cannon in CircleID: The Wayward... →
“More often than not, the ACPA has simply become yet another weapon in nefarious trademark owners’ arsenals to use against speakers that the trademark owners generally wish, for one reason or another, would go away.”
Seth Grimes in Internet Evolution: Domain Names... →
“The hallmarks of this new age are touch/gestural interfaces via camera and voice input, search-based applications, synthesized answers, and geo-informed push services that seek to know what we want before we even utter a word. This confluence could kill URLs as Joe Public’s path to Net resources.”
threatpost: The Lesson of Stuxnet and Aurora: Get... →
“But the problem with this evolution is that attacks such as Stuxnet or Operation Aurora or GhostNet are not what most enterprises and organizations need to be worried about. The plain fact is that most organizations are falling far short in protecting against the same threats that they’ve faced for the last 10 years. SQL injection, phishing, malicious attachments, social...
The Magill Report: Email-Expiration Idea Old,... →
“While many in email marketing are apparently warm to the idea of their messages’ headers containing an expiration date, at least one expert says the idea is 20 years old and as useless now as it was two decades ago.”
Errata Security: What's the deal with deleting... →
“…how can you erase your flash and make sure all incriminating evidence is gone? Well, you can’t…the researchers found no method that could guarantee all data would be deleted.”
Securosis: Giving up →
“I joke that security is Bizarro World, where a good day is when nothing happens. You are never thanked for stopping the attack, but instead vilified when some wingnut leaves their laptop in a coffee shop or clicks on some obvious phish. You don’t control much of anything, have limited empowerment, and are still expected to protect everything that needs to be protected. For many folks,...
eWEEK Europe: Google Joins ISP-Level Anti-Phishing... →
“The service, known as Domain Assurance, helps protect companies by blocking fraudulent emails before they reach the consumer’s inbox. Email senders’ domains must be verified using email authentication methods like SPF and DKIM, and they can then add their domains and sub-domains to the Domain Assurance Registry list. This allows ISPs to automatically reject all mail coming from these...
MyBlog™: How to start a spam trap →
“If you want to start researching e-mail spam, and need to start collecting samples, here’s some information to start your own spam trap.”
The Tech Herald: Iranian Cyber Army defaces Voice... →
“The Iranian Cyber Army (ICA), a group known for attacks on Twitter as well as Baidu, replaced the landing page for Voice of America (VOA) on Monday with a message of their own. In addition, they claim to have hit more than 90 other websites in the same attack.”
threatpost: RSA 2011: Winning the War But Losing... →
“The HBGary e-mails, I think, cast the shenanigans on the RSA Expo floor in a new and scarier light. What other companies, facing the kind of short term financial pressure that Barr and HBGary Federal felt might also cross the line - donning the gray hat, or the black one? What threat to all of our liberties does that kind of IT security firepower pose when its put at the behest of...
B2C Marketing Insider: Why Is Opting Out of Online... →
‘We should not place the burden on consumers to “opt-out” of activities they may consider intrusive. We, as marketers, should assume the burden of developing compelling value propositions regarding the many benefits of behavioral tracking and, as a result, engage business and consumer decision makers to opt-in.’
The Guardian: Information overload? Time to relax... →
“Why not take the attitude that if we miss something on Twitter or Facebook then it’s fine as it’ll be re-posted soon if it’s important?”
MediaPost: Let's Make Security A Priority This... →
“Because senders struggle, ISPs and other mailbox providers have been unsure how to handle the flood of unauthenticated and wrongly authenticated email that comes their way. If they block it all, they know that a lot of wanted email is going to go missing. But because they don’t block it, there’s no penalty for not authenticating, so senders continue to put it at the bottom...
Techdirt: ICE Finally Admits It Totally Screwed... →
“While the folks at Homeland Security refused to even admit that they had totally screwed up and seized a domain with 84,000 (mostly legal) websites last week, apparently someone at Homeland Security finally realized that the press wasn’t going to keep accepting them refusing to answer questions about it. So, it’s finally come clean and admitted they seized all of mooo.com,...
John Levine: A politically incorrect guide to... →
“Today we’ll look at the other end of the question, how much v4 address space do people really need?”
The Security Skeptic: Anonymous vs. Westboro... →
Messaging Anti-Abuse Working Group: MAAWG Mary... →
“Through this award, MAAWG seeks to bring attention to the remarkable work that is done far from the public eye — work undertaken by dedicated and driven individuals for the greater good. In doing so, we continue to honor the commitment and legacy of our good friend Mary.”
(MAAWG is accepting nominations until April 18th.)
John Levine: A politically incorrect guide to... →
“The conventional wisdom is that everyone needs to support IPv6, a mostly compatible upgrade to IPv4 with much larger addresses, by the time the v4 space runs out. But I’m not so sure, particularly for e-mail.”
Vint Cerf in CircleID: On the Introduction of new... →
“There are a number of issues arising as new TLDs are considered. Trademark holders worry that they will have to monitor an increasing number of potentially infringing registrations or expend resources to place defensive registrations. ICANN has to contend with the processing of applications and establishment of contractual agreements with the operating parties. The Governmental...
Wall Street Journal: Howard Schmidt, Bruce... →
‘White House cybersecurity coordinator Howard Schmidt said that policymakers and others should stop “conflating… cyberwar with cyber-espionage with cybercrime.”’
The Consumerist: Mike Fights The Identity Thieves →
“Someone stole Mike’s identity and has been using it to pay for gas service and buy cellphones in his name. He’s even got a $163 default judgment against him for something he never paid. Here’s how he unraveled the threads of his identity thieves, and how he may never truly be free from their grasp.”
Jeff Jarvis in the Huffington Post: Privacy, Inc.:... →
“At two privacy conferences — one in New York, the other right now in Victoria, B.C. — I’ve watched the growth of privacy’s regulatory/industrial complex and seen its strategy in action: Scare, then sell.”
Quora: What will happen to http://bit.ly links... →
“For .ly domains to be unresolvable the five .ly root servers that are authoritative *all* have to be offline, or responding with empty responses. Of the five root nameservers for the .ly TLD: two are based in Oregon, one is in the Netherlands and two are in Libya.”
ZDNet: There's no money back if your account is... →
“Unlike consumer accounts that are subject to Federal Reserve Regulations E which require banks to provide reimbursement for certain losses, business accounts are not covered by this statute and therefore not assured repayment for certain losses. So don’t bank on getting your money back.”
V3: RSA: Free market has failed on computer... →
“The free market system has failed to address computer security problems, and incentives are needed to encourage businesses to invest in protection technologies, a panel at the 2011 RSA Conference has concluded.”
threatpost: Spam Botnets Are Declining, But Likely... →
“The size and volume of spam botnets are down over the last year, and much of this can be attributed to the effectiveness of IP-based blacklists. However, this defense method is no panacea as scammers have found new methods like reputation hijacking to circumvent these roadblocks, and bots continue to extend their reach by piggybacking on existing worms and viruses.”
Wired: How a Remote Town in Romania Has Become... →
“Among law enforcement officials around the world, the city of 120,000 has a nickname: Hackerville. It’s something of a misnomer; the town is indeed full of online crooks, but only a small percentage of them are actual hackers. Most specialize in ecommerce scams and malware attacks on businesses. According to authorities, these schemes have brought tens of millions of dollars into the area...
WGCL Atlanta: Cyber Security 'Expert' Is Felon,... →
‘Gregory D. Evans, of Atlanta, has appeared on numerous national and local news programs to speak about Internet security issues. But an investigation has revealed his questionable past, uncertain credentials and allegations of plagiarism.’
OWNI.eu: How a handful of geeks defied the USSR →
“During the two days of the coup the Russian media was shut down, and thus not covering Boris Yeltsin ranting on top of a tank for the crowd, nor the shock of the international community. All channels were blacked-out except for one; Usenet, which is the grandfather of chat-rooms and is capable or surviving without the Internet. For these precious 48 hours, a few dozen individuals...
InfoWorld: Your guide to the seven types of... →
“Whether you’re attacked today or tomorrow, it’s important to understand the motivation and objective of your intruders — doing so can help you devise an appropriate defense. Malicious hackers can, in fact, be broken out under some broad classifications.”