Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more
Security expert and malware analyst, Lenny Zeltser has examined a creative malware distribution method in the real world where fliers placed on windshield of cars scare drivers into visiting a malicious website. Zeltser writes: "Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated: 'PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted' ... If you went to the website, you'd see several photos of cars on parking lots in that specific town..." more
This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more
As recently reported, spam volumes indicate spam has nearly jumped back up to its pre-McColo shutdown levels. However, Symantec's The State of Spam report has also observed that in recent days spammers are increasingly piggybacking on legitimate newsletters and using the reputation of major social networking sites to try and deliver spam messages into recipients' inboxes... In its special URL investigation the report also indicates that on average approximately 90 percent of all spam messages today contain some kind of a URL. Additionally, analysis of data from past recent days, according to Symantec, have shown that 68% of all URLs in spam messages had a '.com' Top-Level Domain (TLD), 18% had a China's '.cn' ccTLD and 5% had a '.net'. more
Eugene Kaspersky, co-founder of Internet security software Kaspersky Lab, was recently interviewed PC World where he talked about his views regarding cybersecurity and the evolution of malware. In response to fixing the problems with malware on the Internet, Kapersky says: "The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of Internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. ... There is no such thing as anonymity on the Internet, for the average user." more
ICANN has sent EstDomains a termination notice: "BBe advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc. (customer No. 919, IANA No. 943) is terminated..." more
U.S. intelligence officials are increasingly worried that hackers could wreak havoc on the financial system. Read the story here in National Journal. Not that we need it, but here's yet another reason to worry about havoc in financial markets: U.S. intelligence officials increasingly fear that computer hackers could wreck banks and large financial institutions, or send stock markets into one more panicked frenzy, by covertly manipulating data and spreading false information. more
Regular readers of this site would be familiar with the ongoing legal battles involving the practice of typosquatting; the registration of misspelled domain names of well know brands with the intention of making a profit. Taking advantage of the fact that millions of online users mistype addresses of websites they intend to visit, typosquatters register common misspelled versions of popular sites and make money by displaying ads. Google's AdSense for Domains (AFD) program, often used for displaying such ads, has been particularly targeted by trademark owners which according to McAfee's SiteAdvisor, serves ads on more than 80% of typosquatting sites recently uncovered. more
Atrivo (aka Intercage), a Concord, California-based Internet hosting service, disappeared from the Internet for around two days recently. They didn't go bankrupt or suffer a physical catastrophe. Their providers simply shut them down by refusing their traffic. This might very well be the first time in history that the Internet community, a cooperative association of networks with no governing body, has collectively put someone out of business, if only briefly. more
The Estonians have a public version of their cyber security strategy translated into English (currently available offline only). The concept of a national strategy for cyber security is one which I am particularly fond of... The following is the Summary section from the document which might be of interest... more
During ISOI 4 (hosted by Yahoo! in Sunnyvale, California) whenever someone made mention of RBN (the notoriously malicious and illegal bulletproof hosting operation, the Russian Business Network) folks would immediately point out that an operation just as bad was just "next door" (40 miles down the road?), working undisturbed for years. They spoke of Atrivo (also known as Intercage). The American RBN, if you like... more
The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more
There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers -- regardless of who else gets hurt along the way. In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites... This week, a company called SpamZa was hurriedly making a similar mistake... more
It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more
A World-Renowned Source for Internet Developments. Serving Since 2002.