It is not like all the US-based spammers are out of business, but Microsoft is diversifying its spam litigation by bringing lawsuit against a German spammer. Because the German laws do not have the equivalent of the CAN-SPAM, the lawsuit is brought under the German competition laws.

The man has allegedly been running spam-for-sale sites and a business
renting servers, labeled "bulk mailers," to spam companies. For just
$625 per month, a customer could buy enough server space to send 74
million e-mails a month, Microsoft said.

[Via CNET News.com -]

Aren’t browsers supposed to be getting more secure? ZDNet Australia reports that browser attacks have increased dramatically over the past year.

On Tuesday the Computing Technology Industry Association, or CompTIA,
released its third annual report on IT security and the work force. The
survey of nearly 500 organisations found that 56.6 percent had been the
victim of a browser-based attack, up from 36.8 percent a year ago and
25 percent two years ago, CompTIA said.

Viruses and trojans remain the #1 threat, although the number of attacks has remained constant.

[Via ZDNet.com.au, Australia -]

Another one,

Citigroup, the world’s largest bank, on Monday said account and payment history data on 3.9 million of its customers were lost in transit by United Parcel Service.

[Via ZDNet -]

Pharming against IP telephony is now only possible, it is probable. ZDNet describes how pharming (or "poisoning" a DNS server to reroute traffic to a different destination) may be used to redirect IP phone traffic from the intended recipient to another location. Imagine you dialing your bank’s number, entering your SSN and password at the voice prompts, and then a month later, having your identity stolen.

Pharming exploits vulnerabilities in a piece of network equipment
responsible for translating e-mail and Web addresses into IP addresses.
Security experts speaking at Supercomm this week said that, by
hijacking a domain-name system (DNS) server–a computer that stores and
organizes IP addresses–pharmers get control of VoIP calls.

Without
their knowledge, VoIP users’ calls could then be redirected to IP
addresses completely different from the ones the users dialed, warns
Paul Mockapetris, the inventor of the domain name system.

[Via ZDNet -]

Here’s what Gartner considers data breach legislation,

"What will be the next Sarbanes-Oxley? It’s going to be some type of identity theft or data security legislation," said John Pescatore, a vice president and analyst at Gartner. "That’s such a politician-friendly issue, it’s the next big one coming."

[Via InternetNews.com -]

An interesting piece in Internetnews.com by Roy Mark about how the new anti-spyware legislation may end up allowing tons of activity that the legislation should ban.

Last month, the U.S. House of Representatives passed two anti-spyware measures. One bill (I-SPY Act) imposes tougher criminal penalties for spyware-related activities.

The other bill (SPY Act) also increases penalties but includes an opt-in, notice and consent regime for legal software — adware — that collects personally identifiable information from consumers.

Both bills contain a long list of exemptions, including pre-purchase installations, cookies and software and network security upgrades.

Mark points out that companies such as Claria have launched massive PR campaigns to distance themselves from what people commonly label as "adware" and thus position itself to distinguish then upcoming legislation as inapplicable to their activities. If a legislation has obvious loopholes even before it is signed, should it even reach the President’s desk?

[Via InternetNews.com -]

There is something wrong in the computer security industry if a security company has to sue to obtain the right to block a piece of software as being malicious. This is what Symantec has to do - sue an Internet company for the right to detect its toolbar (Hotbar) as adware.

The suit, which does not seek any monetary
damages, was filed against Hotbar.com late on Tuesday in the U.S.
District Court for the Northern District of California, San Jose
Division, said Cris Paden, a Symantec spokesman.

The move is a preemptive strike. Last October, Hotbar contacted
Symantec to complain about its enterprise antivirus products, which
flag the Hotbar programs as adware, Paden said.

In times of increased frequency and sophistication of the malware and adware programs, do we need this additional hurdle to having a clean and secure PCs?

[Via ZDNet UK, UK -]

According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe.
Of the European zombies, 2/3 were either in Germany, France, or
Britain. The results were released with the announcement of
CipherTrust’s new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world.

Here’s an example of a sophisticated virus that effectively hijacks PCs to be used as zombies by hackers or spammers. News.com reports how the Bagle worm’s recent version works.

First, the worm, named Win32.Glieder, spreads through mass-mailing worm methods - send yourself to all on an infected machine’s addressbook - with the goal of infecting as many machines as possible in short period of time before anti-virus and spam filters start to catch the variant. Next, the worm downloads a trojan on the infected machine which blocks antivirus and Windows updates - this effectively prevents infected machines from protecting themselves by getting updates from AntiVirus providers. Finally, a second trojan is downloaded which disables firewalls and antivirus software, further lowering the shields of a machine, and then hijacks the infected PC as a part of a botnet.

Being part of a botnet may not do any harm, at least initially. According to a CA security architect, there is an underground commodity market for zombies.

"There is a commodities market for victimized PCs," Thomas said.
"Recently we’ve seen spammers and criminals engaged in fraud, paying
approximately five cents per machine for compromised PCs."

[Via CNET News.com -]

Should you be writing down your passwords? Conventional IT training says - "No, forget about the yellow sticky next to your monitor!" However, new research shows that if people are not writing down their passwords, they are more likely to use the same password over and over for different accounts, and also are more likely to use a simple, easy to remember password.

The solution - come up with different and complex passwords, and write them down. And of course, not on the yellow sticky note next to your computer monitor.

“How many have (a) password policy that says under penalty of death you
shall not write down your password?” asked Johansson, to which the
majority of attendees raised their hands in agreement. “I claim that is
absolutely wrong. I claim that password policy should say you should
write down your password. I have 68 different passwords. If I am not
allowed to write any of them down, guess what I am going to do? I am
going to use the same password on every one of them.”

[Via InTech, NC -]

« Previous entries