August 2011
29 posts
Christopher Soghoian in Ars Technica: Not an... →
“Major social networks, e-mail providers, and communications companies offer products with insecure default settings, needlessly exposing their customers to hacking, identity theft, and government surveillance. Some firms offer security options that can be used to protect against common attacks; however, they are frequently so hidden in obscure configuration menus as to be invisible to...
Consumerist: Amazon Dumping Copycat... →
‘Amazon has begun notifying publishers that books that are “either undifferentiated or barely differentiated from an existing title” will be removed from the Kindle store.’
threatpost: How Spammy Facebook Scams Still Manage... →
“As Facebook scams continue to loom and infiltrate news feeds, web security firm Websense has conducted a study to tabulate just how far these campaigns stretch. The news isn’t encouraging, with scams on Facebook estimated to reach more than a million users in a matter of days.”
The Telegraph: Fraudster used Facebook to hack... →
“Iain Wood spent up to 18 hours per day online, working out passwords from personal information posted on social networking sites by his acquiantances.”
Securelist: Flying phishers: cybercriminals... →
“Customers of Brazilian airline companies are being targeted by a flood of phishing messages whose goal is to steal customer’s accounts and their miles in the frequent flyer programs maintained by local airlines. The miles stolen from customers are becoming a new kind of currency among Brazilian cybercriminals and phishers, who can use them to issue tickets for themselves, sell tickets to...
The Globe and Mail: Free sucks. I want my privacy... →
“I have always been understanding that these tech giants need to make money. Supporting tens of millions of users takes time and a whole lot of resources. While it’s in Google, Facebook, and LinkedIn’s interests to attract as many users as possible – and clearly free is the way – there are obvious consequences: Users get to play without paying, but every few months we get kicked in the...
Consumerist: The Bandit Sign Vigilante →
‘One man has had enough and won’t take it anymore. He’s going to take cleaning up Philly into his own hands, one “We buy houses!” and “Get paid daily from home!” sign at a time.’
Kaila Colbin in MediaPost: An Open Letter To The... →
“What do you think will happen if you take away one of the few communication platforms for people who are unheard?”
Sonic.net CEO Blog: The Five Levels of ISP Evil →
‘I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on….’
Matt's Hacking Blog: Addressing the latest... →
“First, to combat some FUD: Facebook is not sharing this information from you with your friends. Your buddies aren’t going to be able to call up your Grandma.
But what Facebook have entirely ignored, and why this is again an issue, is the question of permission.”
Techdirt: How One Unverified Claim Of A $7,500... →
‘…for anything in which someone puts a prefix of “cyber-” before a word, we can assume that reports of the “impact” are going to be massively inflated.’
Light Blue Touchpaper: Measuring... →
“In particular, we find that around one-third of the collected search results were one of 7,000 infected hosts triggered to redirect to a few hundred pharmacy websites. In the pervasive search-redirection attacks, miscreants compromise high-ranking websites and dynamically redirect traffic different pharmacies based on the particular search terms issued by the consumer.”
New York Times: The Facebook Scare That Wasn't →
“…this is where Facebook often gets into trouble — not because they necessarily did a bad thing, but because they didn’t explain themselves well enough.”
Techdirt: Court Says Sending Too Many Emails To... →
“…the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions.”
Sophos: Hacktivism, hacking and hackers – what do... →
“In a world under clear and ongoing economic erosion by cybercriminals - not by hacking, or by hacktivists, or by hackers, but by cybercriminals - the overuse of the H-words in the media actually works against computer security in general.”
Word to the Wise: A Disturbing Trend →
“Over the last year or so we’ve been hearing some concerns about some of the blacklisting policies and decisions at Trend Micro / MAPS.
One common thread is that the ESP customers being listed aren’t the sort of sender who you’d expect to be a significant source of abuse.”
Unmask Parasites: Hacked WordPress Blogs Poison... →
“I found 4,358 self-hosted WordPress blogs that contained many (usually more than 100) doorway pages that redirected visitors coming from Google Image search to fake AV sites.
Those doorway pages can be easily identified….”
Scott Hanselman: Hackers can kill Diabetics with... →
‘One has to read these articles and blog posts very carefully. It’s easy Link Bait to say “A hacker can kill diabetics wirelessly without them knowing it!” …While Jerome Radcliffee, the gentleman who did the proof of concept, is no doubt very clever, the folks who are blogging this fear mongering should do their homework and read the details.’
New Scientist: US internet providers hijacking... →
“Searches made by millions of internet users are being hijacked and redirected by some internet service providers in the US. Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.”
(The article includes a list of the ISPs which...
Sophos: Internet Explorer users have low IQ? Media... →
“…fascinatingly, it wasn’t just the research that was utterly bogus - it was the company behind the research too. Because AptiQuant didn’t really exist.”
Vanity Fair: Exclusive: Operation Shady... →
“For at least five years, a high-level hacking campaign—dubbed Operation Shady RAT—has infiltrated the computer systems of national governments, global corporations, nonprofits, and other organizations, with more than 70 victims in 14 countries. Lifted from these highly secure servers, among other sensitive property: countless government secrets, e-mail archives, legal contracts, and design...
Tina Dam in CircleID: ICANN, the New gTLD Program,... →
“What concerns me is that if we do not get the first round of introductions of new gTLDs right next year we might cause a lot of damage to the Internet. The intent with all the new gTLDs is of course consumer choice, and to allow for innovations beyond the traditional domain name space. We cannot afford allowing bad intended (purposely or not) entities to destroy this development.”
Securosis: Words matter: You stop attacks, not... →
“Every so often, the way security marketeers manipulate words to mislead customers makes me cringe. I’m not going into specifics because that isn’t the point. I just want to clear up some terminology that many security companies misuse, which really makes them look silly.”
SecurityWeek: Don't Focus on Headlines: Worry... →
“Although Groups Like LulzSec and Anonymous Have Created Headlines with Very High Profile Attacks, They Represent a Tiny Fraction of the Online Crime that Happens Around the World Each Day”
Journey Into Incident Response: Google the... →
“Search engines are not only great tools for locating information across the Internet but they can alert organizations of potential security incidents. Others have already published methods on how to use search engines to locate information including web pages infected with SPAM links and common vulnerabilities. In addition to this information, search engines can help determine if a...
“There is no bigger sucker than a marketer who’s afraid he’s missing...”
– Bob Hoffman, quoted by Tim Orr in a comment on MediaPost
Cloudmark: Google Groups to require confirmation... →
“This feature allowed Groups to be created and email addresses added without requiring any confirmation from the recipient, and not surprisingly this was heavily abused by spammers.”