Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach. more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
IBM today released the results from its annual X-Force 2010 Trend and Risk Report, identifying more targeted phishing, spam and mobile attacks. The report also finds cloud security continuing to evolve. "From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," says Tom Cross, threat intelligence manager, IBM X-Force. "The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical." more
Neil Schwartzman writes to report: "The company announced the Yahoo! Mail Anti-Phishing Platform (YMAP) yesterday. The technology is predicated upon the use of both DKIM and Sender Policy Framework (SPF) to identify authentic messages. As part of the initiative, Yahoo! has partnered with email authenticators Authentication Metrics, eCert, Return Path, and Truedomain to provide broad-band coverage of well-known brands." more
Over at the site V3.co.uk, they have an article up today alleging that since the Rustock takedown two weeks ago, the bagle botnet has moved to take over as the botnet that is responsible for sending the most spam. They have not replaced Rustock's total spam volume, only that they are now the number one spam sending botnet. more
Neil Schwartzman writes: "There is a lot of press on the profound effect the take-down of the Rustock botnet, affected by Microsoft, some U.S. federal agencies, and countless others working in the background to assist in the effort. CAUCE has aggregated a few of the best stories and data-points. A community congratulations, and thank-you to all those involved!" more
We have just issued a new report detailing abuse of the Domain Name System and Registrar contract compliance issues. The report specifically discusses several items including: Registrars with current legal issues; Illicit Use of Privacy-Proxy WHOIS Registration; A study on the contracted obligation for Bulk WHOIS Access; and more. more
In pursuit of its efforts to improve Google search results, the company on Thursday announced the release of a new feature that enables users to block specific search results based on domain names. more
WHOIS issues are looming large for the ICANN meeting next week, starting with an all-day WHOIS Policy Review on Sunday (background). WHOIS is a subject that has been the recent topic of a number of issues including a debacle over potentially disclosing the identities of compliance reporters to spammers and criminal domainers. more
Neil Schwartzman writes to report: "Ken Magill covers the current rake fight on the IRTF's Anti-Spam Research Group mailing list concerning anti-spam DNS Blacklist, or Blocklist, (DNSBL) operators charging for delistings, that is well worth a read, he has quotes from many experts and leaders in the industry who are decidedly against the practice." more
On 24 and 25 February 2011 the European Commission, DG Home Affairs, organised a meeting on cyber crime in cooperation with the US government, Department of Justice, with representatives of the law enforcement community, registries and registrars. The basis of the discussion was the RAA due diligence recommendations (hence: the recommendations) as presented by LEAs in the past years during ICANN meetings. The meeting was constructive, surprising and fruitful. I give some background, but what I would like to stress here is what, in my opinion, could be a way forward after the meeting. more
The gathering of coherent data on cybercrime is a problem most countries haven't found a solution for. So far. In 2011 it is a well known fact that spam, cybercrime and botnets are all interrelated. The French database Signal Spam may be a significant part of the solution to gather, analyse and distribute data on spam, phishing, cybercrimes and botnets, but also be a forum in which commercial mass e-mail senders and ISPs can work on trust. more
The latest Sophos Threat Report shows an upward trend in spam and identity theft through social networks. One of the examples Sophos gives is Facebook. In general Sophos claims that from 2009 to 2010 the spam, phishing and malware containing messages all doubled. more
In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the Cisco® 2010 Annual Security Report, released today. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in "money muling," and that users continue to fall prey to myriad forms of trust exploitation. more
A couple things related to the intersection of email and law happened recently. The 6th circuit court ruled that the government must have a search warrant before accessing email. The published opinion is interesting reading, not just because of the courts ruling on the law but also because of the defendant. more
A World-Renowned Source for Internet Developments. Serving Since 2002.