Ned Batchelder: Stopping spambots with hashes and honeypots
“Rather than stopping bots by having people identify themselves, we can stop the bots by making it difficult for them to make a successful post, or by having them inadvertently identify themselves as bots. This removes the burden from people, and leaves the comment form free of visible anti-spam measures.”
Errata Security: October is Cybersecurity Awareness Month -- or is it?
‘Last year, the president declared October to be “Cybersecurity Awareness Month”. But, October has already been Breast Cancer Awareness Month for the pat 25 years.
So which is it? Cybersecurity or Breast Cancer?’
Wired: How Two Scammers Built an Empire Hawking Sketchy Software
“…thanks to a series of lawsuits and criminal complaints filed over the past several years, combined with interviews with former company insiders, it’s possible to reconstruct a picture of how scareware gets made—and how it made multimillionaires out of two misanthropic hucksters.”
threatpost: The Inside Story of the Kelihos Botnet Takedown
“Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks.
Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure. We worked closely with Microsoft’s Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system.”
The Last Watchdog: Trust in the Internet falters after DigiNotar, Comodo hacked
“Digital certificates enable consumers to submit information that travels through an encrypted connection between the user’s web browser and a website server. The certificate assures the web page can be trusted as authentic. But the unprecedented attacks against CAs shows how fragile that trust can be.”
Word to the Wise: Are you ready for the next attack?
“It’s been months since the first attacks. This is more than enough time to have implemented some response to reports of attacks. Yet, many people I talked to last week had no idea what they should or could be doing to protect themselves and their customers.”
Microsoft Research: Sex, Lies and Cyber-crime Surveys
“Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population. A single individual who claims $50,000 losses, in an N=1000 person survey, is all it takes to generate a $10 billion loss over the population. One unverified claim of $7,500 in phishing losses translates into $1.5 billion.”
Christopher Soghoian in Ars Technica: Not an option: time for companies to embrace security by default
“Major social networks, e-mail providers, and communications companies offer products with insecure default settings, needlessly exposing their customers to hacking, identity theft, and government surveillance. Some firms offer security options that can be used to protect against common attacks; however, they are frequently so hidden in obscure configuration menus as to be invisible to the average user. Consequently, most consumers don’t know about these options, and so they neither seek them out nor enable them.”
Consumerist: Amazon Dumping Copycat "Private-Label" Ebooks
‘Amazon has begun notifying publishers that books that are “either undifferentiated or barely differentiated from an existing title” will be removed from the Kindle store.’
threatpost: How Spammy Facebook Scams Still Manage to Claim Millions of Victims
“As Facebook scams continue to loom and infiltrate news feeds, web security firm Websense has conducted a study to tabulate just how far these campaigns stretch. The news isn’t encouraging, with scams on Facebook estimated to reach more than a million users in a matter of days.”
The Telegraph: Fraudster used Facebook to hack bank accounts
“Iain Wood spent up to 18 hours per day online, working out passwords from personal information posted on social networking sites by his acquiantances.”
Securelist: Flying phishers: cybercriminals targeting frequent flyer miles
“Customers of Brazilian airline companies are being targeted by a flood of phishing messages whose goal is to steal customer’s accounts and their miles in the frequent flyer programs maintained by local airlines. The miles stolen from customers are becoming a new kind of currency among Brazilian cybercriminals and phishers, who can use them to issue tickets for themselves, sell tickets to other criminals or use them in barter schemes.”
The Globe and Mail: Free sucks. I want my privacy back
“I have always been understanding that these tech giants need to make money. Supporting tens of millions of users takes time and a whole lot of resources. While it’s in Google, Facebook, and LinkedIn’s interests to attract as many users as possible – and clearly free is the way – there are obvious consequences: Users get to play without paying, but every few months we get kicked in the face when our digital profiles get abused.”
Consumerist: The Bandit Sign Vigilante
‘One man has had enough and won’t take it anymore. He’s going to take cleaning up Philly into his own hands, one “We buy houses!” and “Get paid daily from home!” sign at a time.’
Kaila Colbin in MediaPost: An Open Letter To The British Prime Minister About Social Media
“What do you think will happen if you take away one of the few communication platforms for people who are unheard?”


