Why phish myspace?
August 4, 2006
Bear with my geek for a moment if you can stomach it, I just found a soapbox and I’m dying to use it.
First they get your username and password for myspace. Then they start spamming all of us with these ridiculous bulletins. We click on them because we are your friends and we trust you. They, the spammers, do that to get our email addresses. To hock their wares. Basically because there probably isn’t much, if anything, in the way of anti-spam on the myspace servers. Because maybe if they get your email address and they know that your friend didn’t notice that the URL didn’t say myspace.com verbatim when it prompted them with, “oops you must be logged in,” you might not notice if they sent you an email claiming to be from your bank or mobile phone provider or who knows what these days. Even if you are really good and the URL seems to be on the right site, someone could being pulling strings with that site and URL to dupe you.
After researching a bit, the flash worm may not be the cause of the recent wave of bulletin spam, only a symptom of bad security measures and clever social engineering schemes. Hard to say. If the propaganda site pull the “oops” trick who knows how many people doofed and figured myspace had hicupped and that was why the login prompt came up unexpectedly.
So please my friends. Be careful and observant. If you get prompted to login right after clicking on a link in the bulletin stop and think about the fact that you had to be logged in to see the bulletin in the first place. If you get an email that you aren’t expecting don’t click on the links. If you do get clicking, look at that address bar very carefully before you ever enter a username and password on any site.
Google phishing…
March 22, 2006
Well it isn’t the Google phish I predicted, but I am seeing a lot of phishers use Google to perform redirects these days. I think the idea is to try and elude detection by content filters that aren’t smart enough to check for redirects in the URLs. Sure, we know that eventually the browser will issue a GET for the actual URL and a web filter could stop it, but isn’t it better if an email filter knows better than to get lulled into a false sense of security upon initially seeing the almighty Google domain.
Shameware, nice!
March 21, 2006
Once again Brian Krebs is blogging about a topic I find very interesting. To make a long story short companies are becoming too disconnected from their advertising channels and I’m guessing the reason why so few responded is because they participate in other nefarious activities like spamming. If you ask me it extends far beyond adware and spyware when typosquatting is taken into account. You really have to wonder just how much revenue big brands lose when someone clicks on one of the Google ads listed at verizonewireless.com instead of correcting their typo and heading to the corporate site? Alas, I am not doing a very good job of taking the day off today. Supposed to be making up for the anti-spam build over the weekend, but I keep getting sucked into my feeds. Evil feeds.
Reputation Filtering Ahoy!
March 11, 2006
Alas, I wish it my company had offered this first. I like the idea that it works by transmitting very little information, but the approach is somewhat limited if you ask me, since it sounds like a basic RBL list, which would ideally be employed at the gateway of a network. Hearing Outlook and Lotus kind of screams corporate to me, and any good mail admin should be using a layered approach that includes connection management, analysis for spammy language, and something that protects against any of the nasty spam URLs that might slip through and into an inbox.
The tool will become a lot more powerful when it is hooked into web based email, since a services such as Hotmail or Gmail have such a large user base and it probably is difficult to justify the use of extensive filtering by IP alone.
This is fantastic
March 1, 2006
Now, I may work for a censorware company, but believe you me, sometimes it gives me the moral heebie-geebies. The only thing that helps me sleep well at night is knowing that our customer base is comprised of privately held companies and educational institutions. Their computers, their internet access, their right to develop and enforce an Acceptable Use Policy. Beyond that our products do protect against malicious threats on the net. Hopefully more emphasis will be placed on protecting from actual threats instead of being ‘net librarians. While I understand that every capitalist should want to push into new markets, I don’t support selling censorware to governments for the purpose of filtering their citizens on the Net.
Looks like Secure Computing has inspired the wrath of Boing-Boing. Never a good idea to tick off the editors over there.
Here’s me doing my part to say censorship sucks:
Community…
February 18, 2006
Somehow I was drawn into a marketing meeting the other day and they seemed to be scoffing a bit at the idea of participating in the security community. At least that was how it came off when they talked about one of our competitors flaunting their participation at RSA. Personally, I think information sharing is the most appealing aspect of the technology industry. Reuse, reinterpret, don’t reinvent. Spend your time innovating instead of doing everything from scratch. If participating in organizations formed around the idea of improving internet security gets you free press, go for it. Seems like a no brainer.
I predict a google phish
February 11, 2006
So, this whole “Search Across Computers” thing. It disturbs me. I’d feel more comfortable with a hole in my home firewall allowing instant access, hello Remote Desktop, than knowing that my favorite search engine is holding on to my files. Eeegad. What if Google started grabbing images off our hard drives? I know the idea is that nothing short of legal action would get them to release our private information, and I know that they are fighting the whole silly, give us search records so we can fight child porn. Uh, yeah, that will work. Little do they know we can all accidentally stumble across child porn on the web. I’m mortified by some of the things that I find on the Internet in the course of research.
Anyways…
The Kaspersky Lab has predicted that hackers will try to gain access to Google accounts to penetrate the wealth of information that this new “feature” will provide access to. I’m going to keep my eye out for more Google phishing.
Lord knows it wouldn’t be the first time someone tried…
I did good…
February 4, 2006
I am fighting the good fight. Or trying to anyways. Doing the best I can do with limited resources and no formal training. I read everything I can get my hands on when it comes to internet security and yet haven’t quite figured out how to safely analyze malware. I want to establish a lab for playing with nasty crap. Fully isolated from any network that people need to use. I suppose my job right now is to help reengineer our business processes, but I feel somewhat stymied and I’d rather just dive into extremely detailed analysis of absolute crap.
I want to take some SANS courses. In fact, the prospect of their masters program has me kind of excited. Still need to figure out if I really want to spend the rest of my life, or one-third of it anyways, in front of a computer. Okay, two-thirds.
Why blog?
February 2, 2006
Sometime around 1998 I started sending emails to myself to keep track of my to-dos and maintain a journal of sorts. I suppose that was before things like livejournal became mainstream. I’m starting this blog today because my friends will probably appreciate it if their lj feeds aren’t full of technical junk they don’t care about. What can I say, I’ve been inspired by the likes of Scoble, Krebs, and the guys at SANS.
I feel sorry for the poor bastards with infections courtesy of MyWife. Hopefully most of ‘em will get cleaned up before the third. Clock is ticking.
