MA Attorney General, using information obtained by Microsoft, recently filed suit against an Internet spam ring operating near Boston touting everything from miracle drugs to get-rich-quick schemes.

The lawsuits target seven individuals and two companies and sent "hundreds of millions" email messages worldwide through domains registered in Monaco, Australia, and France.

Another lawsuit against spammers, and yet the level of spam worldwide has barely bulged. Are these lawsuits effective, other than for generating favorable publicity for the sponsoring Attorney General and cooperating ISP company?

[Via CNET News.com -]

Put your spyware on my machine and I will seize your BMW. Or at least the FTC will.

U.S. Sen. George Allen (R-Va.) wants the federal government to seize the profits of companies and individuals secretly installing spyware on computers. He’s also seeking significantly higher civil and criminal penalties for those trafficking spyware. Sen. Allen’s bill seeks to reinforce the authority of the FTC to go after spyware providers by giving them broader authority over this type of cyber crime.

"Federal officials believe that they already have adequate authority under existing statutes to prosecute spyware purveyors," Allen said. "Law enforcement is not stymied by the lack of federal jurisdiction, but rather from the lack of overall resources."

According to Allen, the FTC Act and the Computer Fraud and Abuse Act already provide enough legal "bite," what is needed is adequate resources and penalties to allow the FTC to effectively combat the problem.

[Via InternetNews.com -]

IBM backs Firefox for browser.

May 19th, 2005 by dm Vulnerabilities none Comments

Browser wars anyone? With AOL releasing a promising version of Netscape 8, Microsoft getting ready to release IE 7, and Firefox continuing to "eat" from IE’s market share and its IBM endorsement, are we in for another round of the browser wars?

[Via News.com]

New phishing attack uses real ID hooks

May 19th, 2005 by dm Phishing, Scams none Comments

Phishing gets more sophisticated. News.com reports of a new targeted phishing attack which uses stolen personal data to trick users into following the phish trail and enter additional personal information. The mass-targeting approach that phishers used is now target to many security and ISPcompanies’ prevention efforts. On the other hand, a targeted phish attack which provides a piece of a user’s personal information as a lure is likely to have a much higher response rate.

According to Cyota, the phishing e-mails arrive at bank customers’ in-boxes featuring accurate account information, including the customer’s name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

"The attacks take advantage of poor technological defenses and
continued consumer vulnerability, and evidence the work of an organized
group with real research-and-development resources," Orad [Cyota co-founder] said. "So
far, the success rates that we’ve seen are amazing. People are
expecting to see a crude attack that tries to steal their information;
they’re not expecting to see this much real information as part of the
attack."

The war continues. In the meantime, if you see your credit card number in an email in your inbox - think twice before you enter your expiration date on a linked website.

[Via CNET News.com -]

Microsoft Presents a Grand Digital-ID Plan

May 19th, 2005 by dm Authentication none Comments

Can Microsoft pull it this time? Not long after pulling the plug on its Passport digital ID system which promised single ID for all users, Microsoft is in another digital ID project. Although there is not much detail at this point, the new digital ID plan is not about creating an infrastructure to hold separate IDs, similar to Passport, instead it will try to create a single meta directory which will allow interface and compatibility between various other systems.

The resulting improvements in cyberspace would benefit everyone,
making the Internet a safer place with the potential to boost
e-commerce, combat phishing, and solve other digital identity
challenges.

Essentially, Microsoft will try to standardize the interfaces to many
other digital ID systems, thus allowing communication to an
authentication system using standardized protocol. Nice idea, but for
proper implementation Microsoft will need to secure cooperation of the
major ID providers.

[Via eWeek, MA -]

Personal data for the taking

May 19th, 2005 by dm Identity Theft none Comments

US Senator Stevens (R-Alaska) after his staff was asked to steal his identity online.

"I regret to say they were successful," the senator reported at a hearing he held last week on data theft.

His staff, Stevens reported, had come back not just with digital bread crumbs on the
senator, but also with insights on his daughter’s rental property and
some of the comings and goings of his son, a student in California.
"For $65, they were told they could get my Social Security number," he
said.

By tapping into data brokers such as Choicepoint and Lexis, almost anyone can obtain information on anyone. And competition among the data brokers drives the price of a query even lower, making if ever more accessible for criminals to ‘digitize’ their efforts and better target their activities. Senator Stevens may be on the right track, but does it take a Senator’s stolen identity to speed up personal data protection  efforts?

[Via CNET News.com -]

Security Gets a Makeover in Netscape 8.0

May 19th, 2005 by dm Phishing, Vulnerabilities none Comments

It’s been a while since anyone serious about Internet browsing mentioned "Netscape" and "browser" in the same sentence. This may change as Netscape just announced the 8.0 version of their browser. Features such as RSS notification, tabbed browsing, pop-up blocker, and probably most notably the phishing alert.

AOL (owner of Netscape) has implemented the phishing alert function by downloading from AOL servers three times a day a list of Web sites known to be trusted or not-to-be-trusted, as verified by the non-profit TRUSTe organization, VeriSign or ParetoLogic. When a blacklisted site is encountered, Netscape will direct the user to a Web page saying the site isn’t to be trusted and require them to hit the "continue anyway" button before going to the Web page.

Also, in every browser tab is a shield icon that tells users whether the site they are visiting is a trusted site or not. A trusted site gets a green shield, while blacklisted sites get a red shield; sites that haven’t been verified one way or the other are denoted by a gray shield icon. Clicking on the shield takes users to the Site Control feature, allowing surfers to modify the security rating of the page they’re currently visiting as well as enabling Java, cookies, ActiveX controls and other security features.

Another interesting feature is the dual rendering engine - IE and Firefox. By default, it will use the IE engine, but if the user visits a site that is not trusted, Netscape will automatically switch to the Firefox rendering engine, which is better at handling unsafe content.

Nice features and promises by AOL, but time will show whether consumers will be able to put aside the negative memories of Netscape 4.75 and start using the new and improved Netscape 8.

[Via InternetNews.com -]