Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case. more
One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more
A secret weapon is falling into dangerous hands. Organized cybercriminals are building up portfolios of cybersquatting domain names. A smart operator with such a portfolio can go beyond simple stealing and competing full out for traffic and revenues. Rightful brand owners, feeling the squeeze, will find out too late that the bandits have the money to fight legal action. The time to act is now, before pieces of the playing field have been bought up by the enemy. more
Solutions to cybersquatting and phishing must target brand customers instead of the trademark infringers, who are in effect liars. This post outlines why online-based traditional solutions fail, and it offers solutions to two types of lying (cybersquatting and phishing). more
I have to tell you -- I'm not really happy about the fact that the majority of serious cyber crime on the Internet happens without any legal prosecution. I spend an enormous amount of time -- far beyond my "day job" and exceeding what some might consider my professional capacity -- tracking cyber crime. I also work closely with law enforcement (both in the U.S. and abroad) to assist in the intelligence gathering process, putting the pieces of the puzzles together, connecting the dots, and so forth. And most of the major criminal organizations are still operating (pretty much) in the open, with fear of retribution or criminal prosecution, for a number of reasons. more
On Wednesday, Project Honey Pot filed an unusual lawsuit against "John Does stealing money from US businesses through unauthorized electronic transfers made possible by computer viruses transmitted in spam." Their attorney is Jon Praed of the Internet Law Group, who is one of the most experienced anti-spam lawyers around, with whom I have worked in the past. more
A few weeks ago, I posted a piece on where individuals spammers were located in terms of sending IP. The United States was number 1, followed by China. This is in terms of total volume of spam that they send. However, a second piece of data that I did not take a look at was where all of the individual spam sites contained within the spam was located. For example, does a lot of spam sent from the United States point to spammy URLs hosted in China? more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
Apple's Wordwide Developers Conference may have just ended, but already, the conference release of Mac's OS X 10.6 — a beta build previewed for developers — has been leaked onto torrent sites. It borders on irony: for years, Mac lovers have touted the superior security of the Mac operating system over Windows, but earlier this year, it was torrent sites — the very sites where OS X 10.6 is now being freely copied — that caused more than 25,000 Mac users to fall victim to the iServices Trojan. Some Macs never learn. more
A World-Renowned Source for Internet Developments. Serving Since 2002.