Sonic.net CEO Blog: The Five Levels of ISP Evil -
‘I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on….’
Matt's Hacking Blog: Addressing the latest Facebook privacy issue -
“First, to combat some FUD: Facebook is not sharing this information from you with your friends. Your buddies aren’t going to be able to call up your Grandma.
But what Facebook have entirely ignored, and why this is again an issue, is the question of permission.”
‘…for anything in which someone puts a prefix of “cyber-” before a word, we can assume that reports of the “impact” are going to be massively inflated.’
“In particular, we find that around one-third of the collected search results were one of 7,000 infected hosts triggered to redirect to a few hundred pharmacy websites. In the pervasive search-redirection attacks, miscreants compromise high-ranking websites and dynamically redirect traffic different pharmacies based on the particular search terms issued by the consumer.”
New York Times: The Facebook Scare That Wasn't -
“…this is where Facebook often gets into trouble — not because they necessarily did a bad thing, but because they didn’t explain themselves well enough.”
Techdirt: Court Says Sending Too Many Emails To Someone Is Computer Hacking -
“…the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions.”
Sophos: Hacktivism, hacking and hackers – what do these words really mean? -
“In a world under clear and ongoing economic erosion by cybercriminals - not by hacking, or by hacktivists, or by hackers, but by cybercriminals - the overuse of the H-words in the media actually works against computer security in general.”
Word to the Wise: A Disturbing Trend -
“Over the last year or so we’ve been hearing some concerns about some of the blacklisting policies and decisions at Trend Micro / MAPS.
One common thread is that the ESP customers being listed aren’t the sort of sender who you’d expect to be a significant source of abuse.”
Unmask Parasites: Hacked WordPress Blogs Poison Google Images -
“I found 4,358 self-hosted WordPress blogs that contained many (usually more than 100) doorway pages that redirected visitors coming from Google Image search to fake AV sites.
Those doorway pages can be easily identified….”
Scott Hanselman: Hackers can kill Diabetics with Insulin Pumps from a half mile away - Um, no. -
‘One has to read these articles and blog posts very carefully. It’s easy Link Bait to say “A hacker can kill diabetics wirelessly without them knowing it!” …While Jerome Radcliffee, the gentleman who did the proof of concept, is no doubt very clever, the folks who are blogging this fear mongering should do their homework and read the details.’
New Scientist: US internet providers hijacking users' search queries -
“Searches made by millions of internet users are being hijacked and redirected by some internet service providers in the US. Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.”
(The article includes a list of the ISPs which are engaging in this practice. -BoM)
Sophos: Internet Explorer users have low IQ? Media hoaxed by bogus research -
“…fascinatingly, it wasn’t just the research that was utterly bogus - it was the company behind the research too. Because AptiQuant didn’t really exist.”
“For at least five years, a high-level hacking campaign—dubbed Operation Shady RAT—has infiltrated the computer systems of national governments, global corporations, nonprofits, and other organizations, with more than 70 victims in 14 countries. Lifted from these highly secure servers, among other sensitive property: countless government secrets, e-mail archives, legal contracts, and design schematics.”
Tina Dam in CircleID: ICANN, the New gTLD Program, and Our Responsibility for the Internet -
“What concerns me is that if we do not get the first round of introductions of new gTLDs right next year we might cause a lot of damage to the Internet. The intent with all the new gTLDs is of course consumer choice, and to allow for innovations beyond the traditional domain name space. We cannot afford allowing bad intended (purposely or not) entities to destroy this development.”
Securosis: Words matter: You stop attacks, not breaches -
“Every so often, the way security marketeers manipulate words to mislead customers makes me cringe. I’m not going into specifics because that isn’t the point. I just want to clear up some terminology that many security companies misuse, which really makes them look silly.”