July 2011
60 posts
Shady Characters: The @-symbol, part 1 of 2 →
“…the ‘@’ symbol is not strictly a mark of punctuation; rather, it is a logogram or grammalogue, a shorthand for the word ‘at’. Even so, it is as much a staple of modern communication as the semicolon or exclamation mark, punctuating email addresses and announcing Twitter usernames. Unlike the ampersand, though, whose journey to the top took two millennia of steady perseverance, the at...
Enterprise Efficiency: Phishers Are Casting Nets... →
“We all know how traditional phishing works, where email is sent to users in an attempt to steal login or credit card information. But there is another, less known attack that is becoming more common: striking at the domain name level.”
Fast Company: When Hacks Attack: The Computer... →
“A crusader from Attrition.org has found that an alarmingly high number of books written by computer security experts are nearly 100% copied from other sources. What does that say about the industry?”
Gizmodo: Software Can Detect Fake Reviews With 90%... →
“…Cornell researchers…developed an algorithm that can detect phony reviews with 90% accuracy. This is better than human judges who struggle to pick out bogus reviews and would do better if they just randomly guessed.”
threatpost: How I Taught the Senate To Hack →
“What happens when 20-something Beltway wonks put down their Blackberries and start getting real about hacking? Chris Wysopal can tell you.”
The Tech Herald: Log management and network... →
“AT&T’s internal investigation into the data breach discovered an IP address on their network visited FileApe.com at the same time the confidential information was accessed without authorization. Drilling down into network logs, the IP address itself was assigned to a pool of IPs allocated to Convergys contractors. At the time of the breach there were 19 contractors connected to the...
The Atlantic: SEO Shop Puts 50 Google 1s on Sale... →
‘You knew it had to happen, right? As soon as Google opened up its search engine to “social signals,” the search engine optimization shops had to find ways to game the system.’
Slacktory: I’m a Social Media Rockstar →
“When I interviewed for the position, I wore jeans and a t-shirt. That’s why I got the job”
Peter Blair: Email is an Open System →
“People love discussing email’s relevance in the world of teenagers, facebook, twitter, SMS, etc. The majority of people discussing this relevance happens to be online marketers who utilise email lists to sell their products, but I believe that email is very relevant for a number of other reasons.”
Inc: Facebook Is the Most Hated Social Media... →
‘The company is so ubiquitous it has no incentive to “delight” users. Wikipedia topped the social media sites for customer satisfaction.’
Ideate: Is there an answer to the rising levels of... →
“The National Consumer Commission (NCC) gazetted a notice this month, stating that they are going to name the Direct Marketing Association (DMASA) as the national opt-out registry operator, unless we submit comments and objections before 29 July.
You don’t have to be a rocket scientist to figure out that putting the direct marketers in charge of our national anti-spam protection may not be...
Freakonomics: Why Has There Been So Much Hacking... →
“There is a lot of information below, some of it contradictory, much of it provocative.”
Word to the Wise: Authentication Cheat Sheet →
‘…here’s some short prescriptive advice in no particular order for “how to do email authentication at an ESP well” without the long discussions of alternative approaches and justification of each piece of advice.’
Techdirt: Shouldn't Users Have Been At The Table... →
“We see this way too often with government officials these days. They think the only stakeholders are the businesses, and leave out the citizens they’re supposed to represent. Copyright law is supposed to benefit the public, but the public wasn’t at the table negotiating this agreement.”
Richi Jennings in Computerworld: Could spam sink... →
“The situation with LinkedIn spam is getting out of hand. It’s seriously damaging the LinkedIn brand and the site’s effectiveness. If the company doesn’t get this problem under control soon, you can add LinkedIn to the sorry list inhabited by MySpace and Friendster.”
PCWorld: Businesses More Concerned With Reputation... →
“…businesses are not intimidated by legislation, or concerned about financial penalties associated with compliance mandates and regulations. What businesses are concerned with is their own reputation and the integrity of their brand.”
Wired: Feds Charge Activist as Hacker for... →
“Well-known coder and activist Aaron Swartz was arrested Tuesday, charged with violating federal hacking laws for downloading millions of academic articles from a subscription database service that MIT had given him access to.”
CNET: FBI arrests members of Anonymous hacking... →
“Authorities have arrested more than a dozen people today in the United States in connection with hacking attacks by the Anonymous group of online activists, sources said.”
threatpost: Outdated Assumptions →
‘…despite having some vague awareness of the commoditization and sophistication of online criminal services, most organizations persist in thinking that attacks directed at them are “targeted”. It’s as if there’s something personal going on – an “attacker” attacked my organization and soiled my chastity.
The reality of the situation is very different.’
Inside Windows Life: Hey! My friend’s account was... →
“Our compromise detection system is always working in the background to detect unusual behavior. When we detect bad behavior from an account (like an account that suddenly starts sending spam), we mark that account as compromised. It’s a bit like your credit card company putting a hold on your account when they detect suspicious activity.”
Kalzumeus Software: Falsehoods Programmers Believe... →
“…as a public service, I’m going to list assumptions your systems probably make about names. All of these assumptions are wrong. Try to make less of them next time you write a system which touches names.”
Seebach Exhibit 7: I believe in ESPs →
‘Over time, the “we send spam for you” industry has been infiltrated by people who have an interesting theory; it’s that being more confident of successful delivery is more important than number of messages sent. These companies like to call themselves “email service providers”, or ESPs. Now, not all of them are legit, but… A lot are.’
Prospect Magazine: Two decades of the web: a... →
‘Some fundamental questions about the communal aspects of the internet were sidestepped. Who would take out the trash—that is, deal with spamming and scamming? Who would be in charge of preserving historical memorabilia: the ephemeral tweets and blog posts that tend to disappear into the digital void? Who would deal with the problem of pollution—insidious practices such as “search...
Andrew Hintz: How not to design a CAPTCHA →
“Unfortunately Sony missed the entire point of a CAPTCHA. Instead of using an obfuscated image which is difficult for computers to recognize the characters, they include the CAPTCHA’s unobfuscated characters in HTML and use CSS and JavaScript to make the characters appear slightly distorted.”
Jim M. Goldstein: How I Evaluate Terms of Service... →
“Using a social media web site (Ex. Twitter, Facebook and now Google+) is a common place activity for many, but every time a new social media site comes online the same discussions surfaces and the same comments are made about rights grabs, privacy concerns and the need to lock your personal information & photos offline to preserve your ability to protect your work/business. This...
140,000 children could be identity fraud victim →
For most people, the thought of their children being victims of identity fraud is even more chilling than being a victim themselves.
While children are less at risk for identity fraud than adults, when it happens it can be much more devastating because the fraudulent activity can go undetected for years, making it all that much harder to restore the victim’s good name.
A study from ID...
Digitizing Books One Word at a Time →
reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.
Consumerist: Those "1 Tip For A Tiny Belly" Ads... →
‘Probably the most shocking part of this story is that it took so long to reveal what seems to be kind of a given: Those ubiquitous “1 Tip for a Tiny Belly” ads are a scam, says the Federal Trade Commission.’
Stanford Center for Internet and Society: Tracking... →
“NAI member companies pledge only to allow opting out of behavioral ad targeting, not tracking. Of the 64 companies we studied, 33 left tracking cookies in place after opting out.”
Der Spiegel: Anti-Virus Pioneer Evgeny Kaspersky:... →
“…this war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.”
Dark Reading: Simple Isn't Simple →
“It’s time to admit security is hard, and to stop blaming the victims for being human.”
MSNBC: U.S. official says pre-infected computer... →
“Confirming years of warnings from government and private security experts, a top Homeland Security official has acknowledged that computer hardware and software is already being imported to the United States preloaded with spyware and security-sabotaging components.”
Branded Clever: Five Steps to Configuring Privacy... →
“As with any social networking service, it’s important to understand the potential risks and be wary of what you share and with whom. In this post, I’ll provide some recommendations for how you can take advantage of privacy settings offered by Google to help you better protect your information.”
The New New Internet: Microsoft Researchers: Cyber... →
“Reports of losses from cyber crimes gathered from surveys are greatly exaggerated and often based on unverified, self-reported numbers and skewed results, according to two Microsoft researchers.”
Naked Security: How phone hacking worked and how... →
“A lot of mobile customers are bewildered by the events going on in the world press at the moment with all this talk of ‘phone hacking’. Many of my friends have asked me what they can do to protect their phones and what the whole thing is about. The truth is, there is no actual phone hacking involved and it is also wrong to call what went on hacking.
What’s really...
anti-virus rants: maybe we should blame the victim →
“the principle and practice of not blaming the users basically sends them the message that they’re OK, they didn’t do anything wrong, and they can keep doing things the way they have been. this is a marked departure from many of the other messages we send users trying to get them to be more aware of security and to make better decisions in security contexts.”
John Hawthorn: Introducing the dkim gem →
“…I found no good way to DKIM sign email from ruby. There was a rubydkim gem, but it didn’t work correctly in my testing, and required an external C library.
This prompted me to create the dkim gem: a simple ruby library for DKIM signing email messages. dkim depends only on ruby built with openssl support (or jruby-openssl if you’re using jruby).”
Wired: ISPs to Disrupt Internet Access of... →
‘On the first offense, internet subscribers will receive an e-mail “alert” from their ISP saying the account “may have been” misused for online content theft. On the second offense, the alert might contain an “educational message” about the legalities of online file sharing.
On the third and fourth infractions, the subscriber will likely receive a pop-up notice “asking the subscriber to...
threatpost: Google Removes All .CO.CC Subdomains... →
“The .co.cc domain is well-known in security and anti-spam circles for being a favorite spot for phishing and spam domains, but there also are legitimate domains hosted there. The .cc country-code TLD belongs to an Australian territory called the Cocos Islands, but the .co.cc subdomain is also used as a freehost that allows anyone to register a domain. There’s a South Korean...
Word to the Wise: Who leaked my address, and when? →
“Providing tagged email addresses to vendors is fascinating, and at the same time disturbing. It lets me track what a particular email address is used for, but also to see where and when they’ve leaked to spammers.”
Good Math, Bad Math: Things Everyone Should Do:... →
“The biggest advantage of code review is purely social. If you’re programming and you know that your coworkers are going to look at your code, you program differently. You’ll write code that’s neater, better documented, and better organized — because you’ll know that people who’s opinions you care about will be looking at your code. Without review, you...
ZDNet: Interpol blacklist goes live in Canberra →
‘Canberra-based internet service provider (ISP) CyberOne is believed to be the first in Australia to implement voluntary internet filtering against Interpol’s “worst-of-the-worst” blacklist of child exploitation material.’
Symantec: Large scale malware attack using URL... →
“The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to...
The Next Web: French company fined 25,000 euros... →
“A court decision issued last week fined French company Hi-Media €25,000 (US$36,000) for damages and interest after it was proven that the company removed the mention of competitor Rentabiliweb from a list of vendors in the French Wikipedia’s article on micropayment.”
LawClanger: Dropbox Terms of Service not actually... →
“The caveats in the terms make it clear that Dropbox are invoking this licence only for the purposes of providing the service to users. In that respect it’s narrower than, say, Facebook’s corresponding term…which sets no limits on the use Facebook may make of data that you share online.”