Michael Gracie

Viral attacks in the UK dropped slightly in the latest month, but no matter. Phishing attacks continue to soar, along with spam volumes. Furthermore, the time between virus releases and patch availability is still narrow, making it difficult to defend against viruses without additional upfront mail filters checking things out as well.

I have to wonder if John Mitchell and Dan Boneh’s password hash mechanism (and its potential offshoots) will be able to protect against nasty plugins such as this.

Safersurf announced that the EliteBar (another in a long line of spyware-based browser toolbars) not only tracks your surfing habits, but can also send your credit card information to faraway places. The “autofill” option in the toolbar seems to be the major culprit, although I say having some third party browser toolbar installed on your system makes lack of common sense the major culprit.

A couple of faculty members from Stanford University have developed a new tool in the war against phishing that could become very sticky. Instead of sending passwords input into web pages across the net in plain sight, John Mitchell and Dan Boneh have developed a hashing methodology which scrambles the passwords in line with the valid website address for which it is intended.

The process has purportedly been implemented on several popular web browsers, although I don’t know which. And while the program, entitled simply PwdHash, requires the user to re-enter passwords for all their valid site acccounts and use some special characters ahead of the password each time they enter it thereafter, this seems like a pretty straightforward approach to protecting everyday folk.

New Zealand has a bill on the platter that would hit local spammers with extremely stiff fines. If busted while sending spam from the homeland, spamming companies would face fines up to $500,000, and individuals could get hit for up to $200,000.

Unfortunately, New Zealand can’t do much to stop spam emanating from other countries. But if Dade, Broward, and Palm Beach counties in Florida could band together for similar action, maybe we might see some spam relief.

Techdirt just noted that one of the AOL subscribers to its Techdirt Wireless newsletter has been reporting the email as spam, and that AOL is now giving them a hard time.

Techdirt is being forced to remove all AOL subscribers to the email, in order to keep AOL off their backs, and despite having a compliant double opt-in policy for subscriptions.

Will the joker that keeps reporting the Techdirt Wireless newletters as spam please use the unsubscribe link at the bottom of the newsletter, rather than punishing the rest of the subscribers through their “actions” and inaction.

Despite the fact that Pew says internet users are approaching the web with a bit more caution, I’ll reiterate that I view most surveys with some skepticism.

Case in point - spyware reporting activity is soaring. The flip side of this coin could be that monitoring of spyware “calling home” activity is a nascent observation, or that spyware is getting worse at hiding its process. But I doubt it.

It takes a long time to change human behaviour - my guess is folks may be “thinking” more cautiously, but still “doing” the same old same old.

The Federal Deposit Insurance Corporation is now warning banks to beware of spyware. Of course, Reuters just had to reach by comparing spyware data theft to the CardSystems data theft, which just keeps getting bigger.

Lets first set the record straight by saying that a data intermediary storing information in reckless disregard of its customers retention policies, and then having that data swiped, has absolutely nothing to do with spyware.

Yes - spyware can be a menace to banking transactions, and the warning is justified. But banks can do little to stem the tide when it is consumers that are downloading spyware-laden software. Having banks provide specific warnings directly to consumers (and maybe even give away some solid anti-spyware software to their online banking customers), would be a good logical next step.

I would say it is pretty tough to speculate on the whys regarding a big Russian spammer being found murdered in his apartment, and frankly, I don’t want to bother speculating. That is left up to the news.

But Vardan Kushnir, head of the Center for American English, the New York English Centre and the Centre for Spoken English, was spamming for business. And spamming is not considered illegal in Russia. Which makes Mr. Kushnir’s untimely death, if done in retaliation for his work, all the more a shame.
Read more »

The FTC has many some small headway in the fight against pornographic spam by imposing some hefty fines on a group of website operators and their affiliates. Unfortunately, I have to call it “small headway” because the group was limited to four payees, and they coughed up roughly $1.2 million.

Included were BangBros.com Inc. of Miami at $650,000, MD Media of Bingham Farms, Michigan with $239,000, APC Entertainment Inc. of Davie, Florida at $220,000, and Pure Marketing Solutions LLC of Miami and Internet Matrix Technology of New Orleans together for $50,000. Just have to say that Florida is living up to its reputation as a spam haven; I wonder how long it will be until South Florida upends Southern California as the porn capital as well.

Spyware, adware, and malware sneak onto your Windows computer and pump some faraway server full of information about what you are doing online. These programs bury themselves in your registries, and now Zone Labs thinks it’s cracked the problem. The next release of the software is supposed to include kernel level firewalling which monitors any weird program, file and OS behavior and disable those programs that are the cause. The software will monitors registry keys and start up processes and supposedly will protect against malware embedded in downloads as well.

With parent Check Point rocking and rolling in the midst of so many internet security issues, it would not surprise me if they are right on target with this next ZoneAlarm release.