Categories
Archives
- May 2008
- April 2008
- March 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
A recent survey by security appliance vendor (take with a grain of salt, they are the ones that provide the solution to the problem they have reported) indicates that 40% of the DNS servers run software that is outdated and very likely insecure and vulnerable to pharming attacks.
The Boulder, Colo.-based Measurement Factory, in querying some 17 percent of the roughly 7.5 million globally known authoritative DNS servers on the Internet, also found that in more than 40 percent of DNS servers, the software used to complete domain name resolution is out of date and likely insecure.
Many online businesses are increasingly employing covert tactics to defend their rights online. Whether it is phishing, fraud-clicking, affiliate marketing, or commissions, the opportunities for abuse are abundant. One of the recent examples, Commission Junction, has contracted with Cyveillance to spider the web in search of affiliates that generate commissions without legitimately earning them - for example, cookie stuffing (send several cookies to user’s browser so that many retailers can "recognize" the affiliate referral, instead of only one), forced clicks (showing a pop-up as if the user had clicked on a link), among others.
Cyveillance’s strategies, however, have been decried as violating many Internet "good-faith" behavior protocols. For example, the company is alleged to abuse huge amounts of bandwidth of the spidered website, to ignore the "robots.txt" file, and (3) consort with the recording industry to prosecute individuals who share copyrighted music.
In response, Eric Olson, the VP of solution assurance at Cyveillance, says, "We try to maintain a light footprint, and we try not to overburden a server" during searches. He acknowledges that the company’s spider does look at pages that a site’s Robots.txt file labels as excluded. But, he adds, "We couldn’t do our jobs if we listened to every Web site saying, don’t look at these pages."
Eric Olson’s robots.txt claims have merit - they are 1) not required to "obey" robots.txt information and 2) they would be very ineffective if "bad guys" could protect themselves as easily as editing their robots.txt file. However, if the claims about Cyveillance being bandwidth-intensive, there may be claim against them for "trespass to chattels," a common law tort theory based on the premise that Cyveillance, by their heavy use of a server, prevent the rightful owner from full enjoyment of the server.
[Via InternetNews.com -]
Recent Posts
- No download? Maybe no infringement in another Federal District Court
- CAN-SPAM Rules Modified
- CFAA Damages Calculation Includes Cost of Tracking Hacker
- Courts split on whether making a copyrighted song available for download violates copyright law.
- How to Respond to Data Breach
- Border Agents Can Search Laptops
- What is your return address?
- Proposed FRE 502 is good for electronic discovery, but it is not going to drastically reduce the cost of litigation as the authors are hoping.
- British Authorities: Insult to Injury
- Introduction to James Paulick
- TXJ Costs Continue Increasing
- Proposed Amendments to Section 1030
- Securing the Endpoints
- Measurement of Spam Damages For Federal Sentencing Purposes
- Email Attack Targets Executives