April 2011
90 posts
SFGate: New Facebook Ad Unit Will Prompt You To... →
‘Ads in the new unit will ask users a question and then post their answers in their friends’ Facebook News Feed.
McDonald’s is trying out the unit, for example, by asking Facebook users: “Who has your back?”’
Deadspin: Yankees Accidentally Leak Personal Info... →
“The spreadsheet contains account numbers, names, addresses, phone numbers, and email addresses, and was mistakenly sent to thousands of current clients.”
The Globe and Mail: Out of office e-mail: There's... →
‘The irritating auto-reply messages have caught the attention of ad executives in Sweden, who plan to sell them to the highest bidder. The idea is to connect companies with the “niche market” of contacts in employee inboxes.’
The Tech Herald: Zeus Trojan now offering... →
“The Zeus configuration…embeds banners into high-traffic sites, such as AOL, Amazon, Apple, CNN, Citibank, Forbes, ESPN, and others, directing victims to a professional looking investment domain.
It’s important to note that the domains targeted are not compromised, the user’s system itself is compromised, and the ads are from the Malware infection.”
Techdirt: Sony Admits That Playstation Hacker Got... →
“We had avoided discussing what was going on with the PlayStation Network hack and subsequent downtime until more details were known, and now Sony is finally revealing what many people feared: a ton of personal info was leaked.”
Messaging News: The Bad Behavior of Behavioral... →
“The data is logged, sent to any company that pays for that information (and there are hundreds), they store your data, and then that data is sold to advertisers and you are specifically targeted. To me, that’s a lot more unnerving than the small possibility that someone is going to take James Bond maneuvers to pinpoint where I am at night. “
Krebs on Security: Where Did That Scammer Get Your... →
‘Some of the more prolific spammers rely on bots that crawl millions of Web sites and “scrape” addresses from pages. Others turn to sellers on underground cybercrime forums. Additionally, there are a handful of open-air markets where lists of emails are sold by the millions. If you buy in bulk, you can expect to pay about a penny per 1,000 addresses.’
Softpedia: Police Intentionally Spread False... →
“Recent conflicting reports about the kidnapping of Ivan Kaspersky, the 20-year-old son of Eugene Kaspersky, were the result of authorities intentionally spreading false information to journalists.”
Clients from Hell: "Legal has informed us that our... →
“Legal has informed us that our bacon bits don’t have enough real bacon to comply with the FDA standards, so we can’t say the product has ‘bacon.’”
Crooked Timber: Against studying the Internet →
“Instead of wanting to study ‘the Internet’ or ‘Facebook’ or whatever, we should investigate the possible existence or relative strength of various posited mechanisms which causally connect certain explanatory factors with certain kinds of interesting outcomes.”
Richard D. Thaler in the New York Times: Getting... →
“If a business collects data on consumers electronically, it should provide them with a version of that data that is easy to download and export to another Web site. Think of it this way: you have lent the company your data, and you’d like a copy for your own use.”
Gizmodo: The Proper Way to Talk with an Internet... →
“This f-ing robot must be programmed to answer questions in Pig Latin, not English, because you are getting a lot of annoyingly polite requests to rephrase your query.”
Boing Boing: Alfred Kahn's brave 1977 bid for... →
‘He implored them to abandon phrases like “we deem it inappropriate” and to try out other such pomposities on their children to see if they passed the giggle test. He also railed against “data” as singular, the overuse of the passive voice, and the use “herein,” “hereunder,” “heretofore” and other archaic flourishes.’
VentureBeat: Sony confirms external attack brought... →
“The network has 70 million registered users and is Sony’s gateway to online entertainment on the PlayStation 3 and the PlayStation Portable. Frustrated users have been without service since Wednesday. Sony’s Qriocity music service was also attacked and brought down. Sony has kept the services off while it conducts an investigation into what happened.”
Dynamoo's Blog: ygnetwork-ltd.com domain scam →
“This scam has been around for years - basically, you get an unsolicited email from a company claiming to be a domain registrar in China (it is usually China) that says that someone is trying to register a domain similar to one that you already own. The idea is that the recipient will panic and buy an overpriced and basically worthless domain from them.”
Rob Pegoraro: The privacy-scare story arc →
‘Please don’t stop me, but you have read this before: A widely-used tech product is found to have a privacy flaw, spurring consternation among users and calls for action in Congress–as well as panicked “we need something on this” story-assignment e-mails from editors. And then we learn that the situation isn’t as horrific as first portrayed.’
Steven Bellovin in CircleID: A Closer Look at... →
“There’s been a lot of media attention to a report that iPhones track your movements. It’s even reached the U.S. Senate. I’m underwhelmed. I think that the threat is overhyped.”
Lenny Zeltser: Choice Fatigue Might Affect... →
“Mental exhaustion from making repeated decisions can lead humans to avoid choices that require additional thinking, which often involves maintaining the status quo. This tendency may result in security and risk choices being influenced by extraneous variables that should be irrelevant to the decision.”
Ryan Deutsch in MediaPost: Combating Pandora's... →
“Email marketing is now out of the shadows, and you should use the occasion to make sure your email programs can stand up to the scrutiny. Don’t assume your IT department or email service provider has the proper systems in place to protect your data.”
Consumerist: FTC Cracks Down On Fake News Sites... →
‘According to the FTC, the defendants’ deceptive online practices involve creating “news” that seem to be from legitimate organizations such as ABC, CBS, Consumer Reports, CNN and others. And although the fake online news sites may contain headlines (“Acai Berry Diet Exposed: Miracle Diet or Scam?”) and logos from major news organizations, they really are...
PCmag Security Watch: Latest Hacked ESP:... →
“The recent hack of e-mail service provider Epsilon may be the most famous such attack, but it’s not the only one. The latest ESP attack…is of CheetahMail.”
The Atlantic Wire: Amazon Server Crash Takes Down... →
“Many, if not most, companies rely on third parties to run their servers. But the proliferation of companies relying on Amazon’s hosting service shows how a hiccup can turn into a storm. “
WatchRushmyrs on Myspace: Kill Your Spam
Stencil graffiti reading “KILL YOUR SPAM” has been seen on the streets and walls of Berlin — possibly an attempt at guerrilla marketing by this band.
(We think they should get rid of the electrocheese keyboard solo, but what does a Box of Meat know about music?)
The Week: Is Obama too friendly with Facebook? →
“Facebook might look partisan, and Obama…will be even more closely associated with a sometimes-controversial company.”
Cloudmark: The value of domain names and email →
“DKIM is a prime candidate for use as a basis for a new generation of email security mechanisms. The most promising of these appears to be domain reputation, which is the assignment of value to a domain name based on accumulated evidence. This could change the behaviour of email: since bad reputations can be easily shed by switching to a new domain name, the interesting data will be...
Courier Mail: Web king behind FBI raids →
“[Daniel] Tzvetkoff was arrested in April last year and charged with money laundering, bank fraud and conspiracy for processing $543m in illegal internet gambling earnings through his British Virgin Islands corporation, Intabill, the trading arm of his now liquidated Brisbane company, BT Projects.
He was mysteriously bailed last August, and US authorities are using his inside...
ZDNet: It’s official: Asia’s just run out of IPv4... →
“APNIC Director General Paul Wilson explained the Asia Pacific region is the first to reach the point of being unable to meet IPv4 demand. This is due to the unprecedented fixed and mobile network growth the region is experiencing.”
Fast Company: Captchas Now 100% More Annoying With... →
“By now we’re grudgingly accustomed to those Captcha code boxes popping up online to verify we’re humans and not bots. Thanks to moves by a firm called NuCaptcha, those boxes you see may soon contain unavoidable video ads.”
The Tech Herald: Epsilon-based scams used to... →
“The scam attempts to convince users to download the Epsilon Secure Connect tool in order for them to check and see if their personal information was compromised during the breach.”
Los Angeles Times: Three largest online poker... →
“Eleven executives at PokerStars, Full Tilt Poker and Absolute Poker were charged with bank fraud and money laundering in an indictment unsealed in a Manhattan court. Two of the executives were arrested on Friday morning in Utah and Nevada. Federal agents are searching for the others.”
bit-tech: FTP is 40 years old →
“Even though young upstarts such as P2P networks are now available, it’s FTP that forms the link to many cloud-based services and applications. It’s also deemed more secure than P2P, which is an essential trait for online banking or other sensitive traffic.”
Wired: Artifical Dumbness Will Trigger Spam... →
“There are lots of ways that various idiot-toting would-be tyrants could destroy civilization, but here’s the one that comes most readily to mind: spam.”
Seth's Blog: Why you might be choose to be in... →
“…when consumers get used to transparency, they’re also more interested in the quality of what you sell, and are more likely to willingly pay extra. They’ll certainly cross the street to buy from an ethical provider. And once people start moving in that direction, the cost of being an unethical provider gets so high that you either change your ways or fade away.”
netsekure rng: Results after 30 days of (almost)... →
“Today marks the 30th day since I removed all the root certificates for trusted certificate authorities. It was an interesting one month and I’ve learned a bunch. The main takeaway from this experiment is that I don’t need 3 digit number of trusted CAs in my browser.”
Tara Hunt in O'Reilly Radar: Personal data is the... →
“…understanding our personal data is important for everyone — not just geeks. People spend an incredible amount of time on Facebook, Google, Amazon, Twitter and other websites, creating content and telling the world how we feel, what we consume, how we think, and what we care about. And none of this belongs to us.”
Cloudmark: Another Botnet Takedown: Coreflood... →
“The government has been granted, by the TRO, the ability to signal infected botnet hosts and essentially deactivate Coreflood without permission from the owner of the infected host.”
Naked Security: WordPress.com suffers hacker... →
‘To its credit, Automattic - the company behind the WordPress.com blogging platform - didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed.”’
Wired Threat Level: With Court Order, FBI Hijacks... →
“In an extraordinary intervention, the Justice Department has sought and won permission from a federal judge to seize control of a massive criminal botnet comprising millions of private computers, and deliver a command to those computers to disable the malicious software.”
Robert Siciliano in Infosec Island: FTC's... →
“Criminals take advantage of increasing unemployment with fake job listings, designed to trick applicants into disclosing their Social Security numbers.
Some scammers who more closely resemble legitimate companies make millions by blanketing classified advertisements across the country, roping people in with false promises.”
threatpost: Analysis of the New Adobe Flash... →
“This is the second serious Flash vulnerability in recent weeks that attackers have targeted through the use of malicious Office files.”
The Tech Herald: Microsoft pushes soul-crushing... →
“April’s patches cover problems within Microsoft Windows, Microsoft Office (PowerPoint, Excel, and WordPad), Internet Explorer, Visual Studio, .NET Framework and GDI+.”
Antony Van Couvering in CircleID: Will Blocking a... →
“Blocking of Internet content is pervasive, and the creation of new TLDs which are offensive to someone, somewhere, will probably increase it. But will it fracture the Internet?”
Naked Security: Commodore 64 viruses – time for a... →
“I’m loathe to suggest that anyone deliberately run a virus on their shiny new computer, but it would be fascinating to know if the emulator being used on the revamped Commodore 64 is capable of running C64/BHP-A.”
threatpost: SSL and the Future of Authenticity →
‘…the general perception of Certification Authorities seems to be shifting from the old vibe of “total ripoff” to a new vibe of “total ripoff and also insecure.” So there has been a growing amount of talk about changing the authenticity piece of SSL. I’d like to take a moment to discuss the problem, though, so that we don’t accidentally make the...
Lenny Zeltzer: The Random Information Security Job... →
‘Do you work in the information security field? How about the data assurance industry? How about the IT risk group?’
Evan Williams: Five Easy Pieces of Online Identity →
“…there are five different things people mean in different contexts when talking about identity and the Internet. (There are probably more, but these are key.) Each of these are offered as features of different services. Sometimes they are combined, sometimes they’re not. And sometimes companies outsource these features to other services. With these pieces in mind, you can...
Light Blue Touchpaper: Resilience of the Internet... →
“Internet interconnectivity is a complex ecosystem with many interdependent layers. Its operation is governed by the collective self-interest of the Internet’s networks, but there is no central Network Operation Centre (NOC), staffed with technicians to leap into action when trouble occurs. The open and decentralised organisation that is the very essence of the ecosystem is essential...
MediaPost: Google Ordered To Disclose 'Parked... →
“The legal battle between the marketers and Google dates back to 2008, when several companies filed lawsuits complaining that Google shouldn’t have placed them in its AdSense for Domains and AdSense for Errors programs. Those programs often serve ads on typo sites that people tend to visit by accident.
The marketers alleged that such pages are low-quality and yield fewer ...
Gizmodo: This Sponsored Gadget is the Beginning of... →
“…I am deeply weirded out by this, but in a meta way. See, this entire ad-sponsored [Amazon Kindle] was ingeniously designed to be just passable; to be just slightly less than offensive on the offense-o-meter. Like a pervert on the subway that stares or even gropes only just long or lightly enough to avoid being slapped or chastised. It is set up just so that the people who are...
The Economist: Legal disclaimers: Spare us the... →
“Many disclaimers are, in effect, seeking to impose a contractual obligation unilaterally, and thus are probably unenforceable. This is clear in Europe, where a directive from the European Commission tells the courts to strike out any unreasonable contractual obligation on a consumer if he has not freely negotiated it. And a footer stating that nothing in the e-mail should be used to...