May 2011
81 posts
TechNewsWorld: Sniffing Out a Scam: Real-Time... →
“Allowing compromised accounts to run rampant in your infrastructure fundamentally damages your business and the trust your clients put in you. Because content and reputation can change in real time, the only truly effective way to monitor a live system is by monitoring both behavior heuristics and the live stream of mail that you’re deploying in real time.”
Techdirt: Can We Kill Off This Myth That The... →
‘…some of these laws aren’t “difficult” to enforce, they’re impossible to enforce. And it’s not because the internet is some “wild west,” but because it’s a very different platform of communication — a many to many platform, which the world has not had before.’
Techdirt: Can We Just Admit That The Idea Of A... →
“At this point, it’s commonly accepted that very, very few people ever read a privacy policy. Furthermore, there’s this bizarre belief that a privacy policy actually means a company will respect your privacy.”
flyingpenguin: Restitution for Hacks →
“The U.S. Computer Security Act of 1987 casts new urgency on computer security in all business segments. It stipulates that if financial loss occurs due to computer fraud or abuse, the company, not the perpetrator, is liable for damages. Thus, ultimate responsibility for safeguarding information lies with individual businesses themselves.”
Krebs on Security: ChronoPay Fueling Mac Scareware... →
“Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business.”
threatpost: Vendor's List Of Backdoor Accounts... →
“An internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company’s products was found to be publicly accessible.”
Consumerist: Help The FTC Update Its Guidance For... →
‘The Federal Trade Commission has announced plans to update its “Dot Com Disclosures,” the guidelines it uses to tell businesses how federal advertising laws apply to the internet. The document was originally published in 2000, and the FTC admits that the “online world has changed dramatically” since then.’
Infosec Island: Researcher Nabs Details from 35... →
“The database, created by University of Amsterdam Ph.D. student Matthijs R. Koot, now contains the names, educational backgrounds, work histories, Twitter conversations, links to Picasa photo albums, and other details of over thirty-five million people.”
SANS ISC: Fake Epsilon Breach Warning Phishes for... →
“The website, pictured below, reminds the visitor of the relatively recent Epsilon data breach. The goal is to persuade the person into proceeding to another site that is being promoted. This looks like a technique to make money through affiliate marketing.”
Alexa Raad in CircleID: The User Experience with... →
“With the release of potentially hundreds of new TLDs, my challenge to the industry is this: What is the most efficient way to communicate the changes and their timing to the application developers soon enough so that the first registrants of the new TLDs and their associated end-users have the same experience as they have now using a well established TLDs? More pointedly, what is the...
CircleID: Experts Urge Congress to Reject DNS... →
“A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate….”
MediaPost: Say What?! Bad Advice From Email... →
“The email marketing industry is blessed with an active community that shares advice and tips freely and is very welcoming to new practitioners. You can find tons of free information on blogs and social media sites — but not all that information is up-to-date and completely accurate. Sometimes it’s completely wrong.”
Terry Zink: Has anyone stepped in to fill... →
“Cutwail, grum, lethic and maazben are all spamming up a storm, but they always have been. They are the most prevalent with Rustock’s demise, but they have not filled in the gaps that Rustock left.”
SANS ISC: Microsoft Support Scam (again) →
“The new iteration of the scam goes one step further. Rather than get the victim to look, they get you to install teamviewer (although no doubt other similar tools are likely used). They take control of your machine and start moving the files across.”
Jitbit: What If Drivers Were Hired Like... →
“Job requirements: professional skills in driving normal- and heavy-freight cars, buses and trucks, trolley buses, trams, subways, tractors, shovel diggers, contemporary light and heavy tanks currently in use by NATO countries…”
Securosis Blog: Defining Failure →
“There is very little incentive for small cogs in big wheels to stick their necks out and declare failure before they are forced to. Best case, you draw down your credibility. Worst case, you cost yourself a job before you needed to. Do you really wonder why most folks just sit on failure until the rotten fish stench becomes un-ignorable? Or why it usually takes a regime change to address...
ESET ThreatBlog: Obfuscated JavaScript: Oh What a... →
‘To the human eye, of course, there’s no dramatic difference between legitimate and malicious scripts if they’re obfuscated. An AV program might easily flag an “innocent” program as malicious because a technology normally associated with malware is being used.’
Krebs on Security: Krebs’s 3 Basic Rules for... →
“Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.”
Infosec Island: Obama's Cybersecurity Plan Gets... →
“While several information security and regulatory interest groups have lauded the administration for finally producing the much-touted plan of action, the consensus is that the strategy is lacking in depth and breadth.”
Erika Napoletano: Blinding Audacity →
‘This digital access we enjoy – it makes things way too easy. With a Google search, we can find most anyone and the only way to avoid being found is to stop putting it out there. But we should never forget that relationships are earned. Just as flinging a business card at someone doesn’t mean you’ll get them as a client, seeing someone online doesn’t mean you know them. Relationships...
WA Today: Facebook Closes Down Brocial Website →
‘The Brocial Network, a men-only group on Facebook where members share images of their scantily clad women ”friends”, has reignited calls for tougher privacy laws for social media in Australia. But this is not the first time the voyeuristic dissemination of women’s pictures has resulted in privacy law-reform debates.’
MIT Technology Review: The U.S. Cyber Policy Blitz →
“In recent years, dozens of cybersecurity bills have been introduced. One would have required the White House to generate detailed reports on the extent of cybercrime emanating from each nation. But the international strategy announced Monday took a broader tack, calling, among other things, for federal agencies, including the State and Defense departments, to work with counterparts...
The New New Internet: Online Marketers Accused of... →
‘The FTC complaint alleges Jesse Willms and 10 companies he controls used deceptive tactics in offering “free trials” for a wide array of products and services, including acai berry weight-loss pills, teeth whiteners, work-at-home scheme, free credit reports and penny auctions.’
The Chronicle of Higher Education: Why Privacy... →
“Privacy…involves so many things that it is impossible to reduce them all to one simple idea. And we need not do so.”
Wall Street Journal: MIT Prof: Data Privacy Is... →
“…the simplest and most logical approach would be one that allows consumers to manage their data and receive compensation in exchange for making it available to firms who want to market to them.”
Slate: My Money Is Cooler Than Yours →
“For criminals, libertarians, and privacy freaks, the Bitcoin system allows for complete anonymity and privacy. Once a transaction is completed, there is no central server with information for the government to subpoena.”
New York Times: Study Says Spam Can Be Cut by... →
“…95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies.”
Word to the Wise: Another kind of email breach →
A few years ago, law firm of Bursor and Fisher filed a host of class action lawsuits against various wireless carriers, including AT&T. At one point during the AT&T lawsuit the judge ruled that AT&T turn over their customer list, including email addresses, to Bursor and Fisher. Bursor and Fisher were then to send notices to all the AT&T subscribers notifying them of the...
Sophos: Google rolls out silent fix for Android... →
“The issue had already been fixed in Android 2.3.4 (codenamed Gingerbread), but as we mentioned earlier this week over 99% of Android users are running earlier versions of the operating system.”
A VC: Protect IP (fka COICA) →
“Giving law enforcement officials and rights holders powerful new tools to go after important and innovative new services with little or no due process is unecessary and potentially very dangerous.”
CNET: SCADA hack talk canceled after U.S., Siemens... →
‘The presentation was entitled “Chain Reactions—Hacking SCADA” (supervisory control and data acquisition), which is technology used in manufacturing and critical-infrastructure systems.’
InfoReck: Every Employee a Security Partner →
“The ground-level implementation of security in the organization simply cannot be the work of a few information security employees; it needs to be performed by every employee in their day to day tasks.”
Darkreading: Cybercriminals Target Online Banking... →
“The region, which has traditionally been infamous for housing an inordinate number of infected machines, is now creating more botnets, with Trojans targeting Latin America’s popular online banking culture.”
Sydney Morning Herald: Security experts go to war:... →
“…content delivery networks usually see servers placed all around the globe. These have replicated copies of content so that when one goes to look at a photo on Facebook, for example, one gets it from the closest computer server, which requires less time than it would have taken to access it from a server, say, in the United States.
In his presentation shown to audience members,...
TechCrunch: The Chilling Story of Genius in a Land... →
“This is the darkside of what we know in Silicon Valley: That great entrepreneurs can come from anywhere in the world. Sometimes some of the best technical minds fall into a life of crime. And just like corporate giants can’t keep a hot startup from disrupting them; law enforcement can’t keep people like Boakye from accessing your information.”
Montréal Gazette: Bail hearing set for Wednesday... →
“Since the fall of 2009, Massicotte-Lalumière is alleged to have sent massive amounts of emails that appeared to be from financial institutions. The emails asked recipients to update their personal information by going to a website that appeared to be a genuine bank website….”
PCWorld: EU, US Call for ICANN Internet Governance... →
“In particular they stressed the need for the ICANN board to adequately respond to Governmental Advisory Council advice when considering the expansion of generic top level domains and to make a priority of speedily implementing all recommendations made by a transparency review carried out last year.”
The Tech Herald: Inside the Zeus Trojan’s source... →
“Earlier this week, it was revealed that the source code for the infamous Zeus Trojan was leaked to the public. Once sold for thousands of dollars, the code that powers the world’s most infamous family of Malware is now freely available to anyone who wants it, including criminals.
For the curious, here is an overview of the code keeping the security industry awake at night.”
Wired: Facebook’s Stealth Attack on Google Exposes... →
“But here’s what makes the least sense — if there were privacy problems about Facebook information in Google Social Circle (which has now been transformed into a different product called Social Search), they may well have been a result of Facebook’s own practices.”
Salon: Our overblown paranoia about the Internet... →
“It’s understandable that — like television, movies and rock ‘n’ roll before it — the Internet has become a lightning rod for parental anxiety. And as a pediatrician, I can assure you doctors have been pulled into this debate….”
TNW: “Hours on Twitter” spam uncovers a blackhat... →
“If you’re looking to do social media marketing, create virality and perhaps gather some attention, the best idea is to not do it under any sort of false pretense. This is a lesson that one Mate Hegedus (according to a domain name lookup) apparently needs to learn, and Hegedus is in the middle of doing so the hard way.”
Peter Blair: FBL Handling →
“With a few opensource tools on the Internet, I hope to show how easy it is to consume FBL complaints from your network, store them in a rational format, index them, and utilize some simple handler scripts to action the complaints.”
SecurityWeek: PlayStation Network Comes Online,... →
“Sony says it has made considerable enhancements to its data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls. The company also said it also added a variety of other measures to the network infrastructure including an early-warning...
Lenny Zeltser: Information Security Implications... →
“A startup derives its energy from the desire to manifest its founders’ ideas into reality. The culture associated with such activities is about creating the product as quickly as possible. It focuses on features that will drive growth. None of these attributes encourage a proactive approach to information security.”
threatpost: RSA: SecurID Attack Was Phishing Via... →
“The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled ‘2011 Recruitment plan.xls.’”
Wall Street Journal: Google Near DOJ Settlement... →
“The federal investigation has examined whether Google knowingly accepted ads from online pharmacies, based in Canada and elsewhere, that violated U.S. laws, according to the people familiar with the matter.”
Darkreading: Microsoft: Cybercrime Falling Into... →
…unlike the cybercriminals who wage targeted attacks either for espionage, extortion, or big-ticket theft, the broad-brush attacks are all about pilfering a little money here and there from a lot of victims. These attacks are increasingly being run like marketing campaigns…”
Spamassassin Tips: DNSBL Safety Report 5/14/2011 →
“It is vitally important to know how a DNSBL is performing before adding it to your Spamassassin custom rules. Our analysis demonstrates that raw detection numbers alone can be misleading, as ham safety ratings and overlaps with other rules must be taken into consideration before you decide to use a particular add-on rule. Today’s report shows some big changes since our...