Yes, email reliability is at risk. With phishing and spam at record high levels, many of the legitimate emails get caught in a spam filter, in a "JUNK" inbox, or just get lost among thousand of other messages received for a day in an unfiltered inbox. This poses a great problem for what is still the "killer-app" of the Internet - email. Often people send an email, and then they have to follow-up with a call to make sure that the recipient received it. Doesn’t that beat the purpose of the email as a single and reliable line of communication?

Spam and spam-fighting have “in some cases eroded the reliability of
the mail system,” said Eric Allman, chief technology officer of
leading e-mail software vendor Sendmail Inc. “Now a
lot of mail gets filtered out.”

Even if the spam-filters admit that not all mail gets through, we have a problem on our hands.

[Via Tampa Tribune, FL -]

More fallout from the ChoicePoint’s breach from few weeks ago. This article tells the story of a retired personal banker from California who received a notification letter from ChoicePoint that his information has been stolen and his efforts to try to prevent identity thieves from rerouting his mail, opening new accounts, or committing crimes under his name. The article also talks how creating huge databases of personal information creates huge risks for millions of unsuspecting consumers.

The "databasification" of information — Internet-connected computer
servers that store billions of pieces of information on almost every
American — has made it ever easier for thieves to make purchases using
personal information stolen from the elderly and the deceased — or
even to clone someone else’s identity and live and work under it.

[Via OregonLive.com, OR -]

Nearly a year after its launch, a federal office
created as a conduit for corporate America to provide the government
with sensitive information about critical vulnerabilities has been all
but rejected by the technology industry that helped conceive it.

The Protected Critical Infrastructure Information (PCII) program allows
corporations who run key elements of U.S. infrastructure to submit
details about their physical and cyber vulnerabilities to a special
office within the Department of Homeland Security, with
legally-enforceable assurances that the information will not be used
against them or released to the public. The effort is funded at $5.5
million in the White House’s 2006 budget request.

[Via Security Focus -]

The FBI usually doesn’t send email notifying you that you are being monitored for illegal activity. So, if you see such an email pop-up in your inbox, delete it - it is the latest scam. Here’s the one I personally received:

From:        Officer@fbi.gov
To:             [hidden for privacy]
Subject:    You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
M. John Stellford

++-++ Federal Bureau of Investigation -FBI-
++-++ 935 Pennsylvania Avenue, NW, Room 2130 Washington, DC 20535
++-++ (202) 324-3000

Pretty simple, yet many people will react, open the attachment, and open themselves to secret surveillance - not by the FBI but possibly by some malware author.
 
[More about this threat at  ZDNet UK, UK -]

Is Google and Blogger (owner by Google) helping in the distribution of spyware? A recent analysis by Ben Edelman, a great anti-spyware activist, has shown that Blogger makes it easy to distribute spyware on web visitors’ computers by crafting some Javascript code into a blog’s header.

Dozens of blogs hosted by Google Inc.’s Blogger service can install
programs that are widely considered to be spyware and adware onto
visitors’ computers, warn users and spyware researchers. In many cases,
users are discovering the offending sites as they browse among blogs
through Blogger’s navigation bar.

The offending blogs typically prompt visitors to accept
downloads through misleading pop-up windows, said Ben Edelman, a vocal
spyware critic and Harvard University researcher. While a user
typically must accept the download before the software installs, the
prompts often attempt to trick users by disguising the download as a
necessary Windows or Internet Explorer upgrade.

[Via eWeek - and Ben Edelman]

An interesing article on SC Magazine about the changing face of spam - the techniques that spammers use to avoid filters, why legislation hasn’t solved the problem, and the inability of the courts to apply strong pressure. A great read.

"If we were to cut Boca Raton off from the internet, spam would go down
by 50 per cent," argues Steve Linford, chief executive of Spamhaus, an
organization that monitors spam patterns around the world and works
closely with law enforcement agencies to try to reduce the problem.

So, do we cut off Boca Raton, FL from the Internet?

[Via SC Magazine, UK -]

Internet fraudsters, motivated by money and armed with sophisticated
technology, pose an increased economic threat as they steal private
data from companies and individuals, the director of the U.S. Secret
Service said on Thursday.

"There is no longer any doubt about that threat
… With just a few key strokes, (online fraudsters) can disrupt our
nation’s economy," said Ralph Basham at the RSA Security Conference in
San Francisco.

[Via BizReport -]

A second person, a juvenile, has been sentenced in connection
with the release of a computer worm in August 2003 that attacked the
same vulnerability in computer software as the Blaster worm did. The
worm — often referred to as the RPCSDBOT worm — directed infected
computers to log in on a computer (i.e., an Internet Relay Chat
channel) that the juvenile controlled.

The juvenile pleaded guilty in November 2004, to an act of juvenile
delinquency, under the Federal Juvenile Delinquency Act, Title 18,
United States Code, Section 5032, because he intentionally caused
damage and attempted to cause damage to protected computers, in
violation of Title 18, United States Code, Sections 1030(a)(5)(A)(i),
1030(a)(5)(B)(i), 1030(b), and 1030(c)(4)(A), and Section 2.

Chief Judge Robert S. Lasnik sentenced the juvenile to three years of
probation with a number of restrictions including mental health
counseling, and computer monitoring. The Judge also ordered that the
juvenile perform three hundred hours of community service that involves
work with the homeless or other less fortunate members of the
community. The juvenile told Judge Lasnik, 

"Seventeen months ago, I
made the worst mistake I ever made in my life. I did it out of
curiosity and did not think I would cause any damage. I am sorry I
created problems for people I did not even know."

[Via LinuxElectrons, TX -]

If you were worried that courts have been cracking down too much on
Internet miscreants lately, think again. Sure, virus writers and
spammers have been hit with some tough sentences in recent months. But hilat about this: the U.S. govt. has dropped charges
against a group of four guys known as the DDOS Mafia. Two of the men
admitted to releasing viruses so they could create botnets to launch
DDOS attacks for hire. Their boss is accused of causing $2Mil in damage
to victim sites. Yet prosecutors are dropping charges, so they can get
the criminals to testify against other criminals.

"Charges could still be brought. This just allows us to talk to defense
attorneys and negotiate things before having to bring an indictment
against a particular individual," said Alikhan [head of the Cyber and Intellectual Property Crimes Section for the Central District of California].

The question is, if the prosecution is looking to "catch the big fish," then who is the big fish here? Is there a DDOS cartel similar to the drug cartels that controls half of world’s denial of service attacks?

[Via Slashdot -]

Hopefully they will fix this one quickly.

"I almost got a heart attack when I was going over those papers," said
Margaret Szeliga, an automotive design engineer and single mother.
"What happened? How did this happen? I was in shock when I saw those
court papers."

Looks like Szeliga’s mother, a 70-year old Polish immigrant, who speaks little English, never owned a computer, and certainly didn’t listen to "Armed to the Teeth" and similar songs was named in the latest series of lawsuits against filesharers.

Actually, it turns out that Szeliga’s 17-year old daughter was the culprit - she had file-swapping software and like millions of other teenagers was downloading music freely off the Internet. Because the kid and her mother lived in grandma’s apartment, grandma was the one named in the lawsuit.

[Via The Bay City Times, MI -]

« Previous entries Next entries »