Michael Gracie

When ever I see an ad for email harvesters, I have to cringe. When one makes it through my newsreader, I almost puke. No surprise - the one I saw today at a site called 3d2f dot com for the super email spider, which leverages search engine technology, only works on Windows. Darn - I guess I won’t be picking that one up.

Still, I wonder when the search engines might take it upon themselves to block use of these things. With all the smarties over at Google, you’d think they could figure out a way to keep scammers from using their technologies against the rest of us.

PS: don’t ask me for the link to that software either - I won’t be providing gratuitous links to scum-ware from here.
Read more »

PNC Bank of Pittsburgh has noticed phishing emails bearing its name floating around, and is warning customers about it.

All I can say is “right on” - it is always good to see financial institutions taking proactive steps to protect their customers (particularly as the bank winds up paying for it in the long run, and passing the costs of fraud onto all customers in the form of higher rates and fees).

I’ve noticed other banks trying to head this problem off; CompassBank puts fraud warnings on their login pages, and Bank of America has gone with a funky multi-step login process, complete with image identification, that would be damn hard for a phisher to duplicate.

Now if my bank would only do the same.
Read more »

Almost forgot - one of Lawrence Livermore Lab’s databases was hacked. At least it was only 250 or so employees that were caught in the mess (although the actual value - security clearances and all - may make each record more interesting to some thief).

I just hope it wasn’t porn surfing that was to blame.

I moved this site to a new host roughly two months ago. When doing so I thought it might be nice to go with a pre-installed MovableType host so I didn’t have to fool around with editing config files. Of course, I used the MT export/import function to move the entries (as the database schemas were slightly different between the two installs), but now it seems that didn’t work very well. I’ve since recieved a few emails stating I have broken links and/or missing pages. Those emails are correct too.

If you find a link via search engine or otherwise, and the page does not come up, try adding a “_1″ to the end of the filename (but before the .php part). And make sure the filename is not more than 15 characters (which means you may have to delete a few characters to stuff the “_1″ in. If that fails, chalk it up to a poor migration. If you email me back, I will try to dig it out of an old backup and upload it for you.

Thanks.

Troubled insurer AIG doesn’t need more problems, but now it has them. One of the company’s offices was burglarized. The take? A computer with 930,000 personal data records.

According to the report, none of the data has been put to use.

Yet.

I don’t care if it is brash, insulting, or politically incorrect - The Last Angry Young Man is absolutely hilarious. Mr. Angry probably doesn’t need any more traffic (as he was up more than 1,500% in the latest Alexa rankings), but I think everyone needs a good laugh.

What Mr. Angry really needs a TV show (or better, TV really needs him).

Yes. Sophos says the virus counts in emails is waning. While this data point is not necessarily indicative of a trend, let’s call it good news and move on.

SEO by the SEA says Google has patented link-based spam filtering.

Certainly seems like an interesting idea, if less than novel. Check links inside spam and phishing emails against an index of content. If the link shows, add points. Of course, most blog spam filters already have this capability (vis-a-vis link blacklists), but I guess this could benefit Gmail (since it’s been rumored that Google has direct access to a lot of linked content).

Nevertheless, I wonder…who is Johnny Chen, and why doesn’t the referenced patent app have a Google assignment? Maybe they [Google] don’t want to look like patent trolls. Or maybe the “university” I bought that “life experience law degree” from isn’t legit.

I am not sure whether this is good news or just great PR.

Microsoft deployed a huge set of patches on Tuesday, and the exploit code was released the following day.

Is that a first, or was this a coordinated effort?

The Okopipi Project, open source predecessor to Blue Security, is already coming under fire.

“I respect the Okopipi group for the effort and time required to launch such a project,” says Alex Eckleberry, CEO of Sunbelt Software, a Clearwater, Florida-based security company. “But I think it’s an awful idea to have this registry.”

I can only imagine a distributed denial of service attack, only instead of being distributed from multiple sources to a single point, it’s distributed from multiple sources to multiple points.

Or at least that’s what I think Mr. Eckleberry might be concerned with.