Phishing: Spam that can’t be ignored:
"If you haven’t already heard about phishing, then get ready. Like a lot spam, phishing is a form of unsolicited commercial email. Whereas all spam is not a scam, all attempts at phishing are scams, and the potential losses to corporations and consumers alike is stunning"
Phishing: Spam that can’t be ignored
By David Berlind, Tech Update
January 7, 2004
If you haven’t already heard about phishing, then get ready. Like a lot spam, phishing is a form of unsolicited commercial email. Whereas all spam is not a scam, all attempts at phishing are scams, and the potential losses to corporations and consumers alike is stunning.
Phishing, as the name implies, is when spam is used as means to “fish” for the credentials that are necessary to access and manipulate financial accounts. Invariably, the e-mail will ask the recipient for an account number and the related password using an explanation that their records need updating or a security procedure is being changed that requires confirming an account. Unsuspecting e-mail recipients that supply the information don’t know it, but within hours or even minutes, unauthorized transactions will begin to appear on whatever account was compromised.
By now, most people know that giving this information away on the Internet is a no-no. With phishing, however, it’s almost impossible to tell that the e-mail is a fraud. Like spam, e-mail from phishers usually contains spoofed FROM or REPLY TO addresses to make the e-mail look as though it came from a legitimate company.
In addition to the spoofed credentials, the e-mail is usually HTML-based. To an undiscerning eye, the e-mail bears the authentic trademarks, logos, graphics, and URLs of the spoofed company. In many cases, the HTML page is coded to retrieve and use the actual graphics of the site being spoofed. Most of the phishing I’ve received pretends to come from PayPal and contains plainly visible URLs that make it look as though clicking on them will take me to PayPal’s domain. Upon quick examination of the HTML tags behind the authentic looking link, the actual URL turns out to be an unrecognizable and cryptic looking IP address rather than an actual page within PayPal’s domain.
PayPal, the payment subsidiary of EBay, is a common target of phishing. If you get one and you’ve never joined PayPal, then you obviously know it’s a fraud. But if you are a PayPal member, as I am, the phisher has at that point broken through the unofficial security-by-obscurity layer that once protected you. It not difficult to see how PayPal members could be victimized by this technique.
According to Antiphishing Working Group Chairman David Jevans, PayPal isn’t the only target of phishers. “In about 35 percent of all reported phishing attacks, Ebay’s PayPal service is the biggest victim. But just about any financial institution, credit card issuer, retailer, or other business can be targeted. UK-based NatWest was phished badly in October 2003 and then even worse in December. The December attack was so bad that NatWest had to take down its site. Visa was another organization that was targeted over the holidays.”
At first blush, phishing appears to be sort of buyer-beware consumer issue since the e-mails themselves are prospecting for potential account holders to the spoofed institutions. Indeed, depending on the spoofed institution’s policies, a consumer could end up eating a loss. “So far,” said Jevans, “most of the transgressions against individuals have been in the hundreds of dollars because smaller transactions will sometimes go unnoticed for a while. But they go higher. The largest one on record so far is for $16,000. If the credentials obtained by a phisher are for a credit card account, then the risk is usually absorbed by either card issuer or a merchant.” This is when the hard dollar cost of phishing, which Jevans considers a form of identity theft, begins to be recognized by corporations and businesses instead of individuals.…
http://techupdate.zdnet.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html
Friday, January 09, 2004
Novell's Linux Makeover:
"Ximian Desktop Boosts SuSE Linux Support
Ximian, now part of Novell, enhances its desktop offering to run with SuSE Linux's latest versions as Novell's SuSE purchase nears completion."
http://www.eweek.com/article2/0,4149,1428558,00.asp
http://www.eweek.com/category2/0,4148,1375052,00.asp
"Ximian Desktop Boosts SuSE Linux Support
Ximian, now part of Novell, enhances its desktop offering to run with SuSE Linux's latest versions as Novell's SuSE purchase nears completion."
http://www.eweek.com/article2/0,4149,1428558,00.asp
http://www.eweek.com/category2/0,4148,1375052,00.asp
Thursday, January 08, 2004
Tenacious W32/Sober.c-mm Attacks:
"Top Virus: W32/Sober.C-mm …
W32/Sober.C-mm is a variation of Sober.A, which hit in late October, 2003. Like its cousin, Sober.C spreads as an email attachment, and uses its own SMTP engine to propagate. The worm harvests email addresses from various files on the victim's system, and can spoof the 'from' field as well, when sending copies of itself. The attachment name is randomly chosen from over two dozen different English or German names, and can have a .bat, .pif, .cmd, .scr, .exe, or .com extension. The message and subject line varies, and can be in either German or English. TrendMicro's analysis of Sober.C has a comprehensive list of the subject, attachment name, and message possibilities. The virus infects when the recipient opens the attachment, making it fairly preventable. "
When Sober.C executes, it creates two copies of itself in the %system% folder (by default is C:\windows\system for Windows 9x, C:\Winnt\system32 for Windows 2000/NT or C:\windows\system32 for Windows XP.) The file names are randomly generated, and the files themselves may be appended with random garbage data to inhibit antivirus detection. It then adds the these names to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
These entries allow the virus to automatically start when they victim's machine is booted.
The virus scans the victim's hard disk for email addresses within database or text based files, and stores them in the %system% folder under the name savesyss.dll. As an indicator of infection, when Sober.C runs for the first time, it displays a fake error message box with the message:
"First" as caused an unknown error. Stop: 00000010x08.
Sober.C guards its position greedily by running two memory processes that watch out for each other. Terminating a virus process is a standard procedure to do before removing the virus. However, if a user terminates only one of the processes, the other process of Sober.C recognizes its mate is gone, and restarts it, making removal difficult.…
http://www.pcmag.com/print_article/0,3048,a=115641,00.asp
"Top Virus: W32/Sober.C-mm …
W32/Sober.C-mm is a variation of Sober.A, which hit in late October, 2003. Like its cousin, Sober.C spreads as an email attachment, and uses its own SMTP engine to propagate. The worm harvests email addresses from various files on the victim's system, and can spoof the 'from' field as well, when sending copies of itself. The attachment name is randomly chosen from over two dozen different English or German names, and can have a .bat, .pif, .cmd, .scr, .exe, or .com extension. The message and subject line varies, and can be in either German or English. TrendMicro's analysis of Sober.C has a comprehensive list of the subject, attachment name, and message possibilities. The virus infects when the recipient opens the attachment, making it fairly preventable. "
When Sober.C executes, it creates two copies of itself in the %system% folder (by default is C:\windows\system for Windows 9x, C:\Winnt\system32 for Windows 2000/NT or C:\windows\system32 for Windows XP.) The file names are randomly generated, and the files themselves may be appended with random garbage data to inhibit antivirus detection. It then adds the these names to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
These entries allow the virus to automatically start when they victim's machine is booted.
The virus scans the victim's hard disk for email addresses within database or text based files, and stores them in the %system% folder under the name savesyss.dll. As an indicator of infection, when Sober.C runs for the first time, it displays a fake error message box with the message:
"First" as caused an unknown error. Stop: 00000010x08.
Sober.C guards its position greedily by running two memory processes that watch out for each other. Terminating a virus process is a standard procedure to do before removing the virus. However, if a user terminates only one of the processes, the other process of Sober.C recognizes its mate is gone, and restarts it, making removal difficult.…
http://www.pcmag.com/print_article/0,3048,a=115641,00.asp
News: Microsoft publishes program to blast MSBlast:
"Microsoft released a removal tool for the MSBlast worm on Monday after Internet service providers complained that home users' PCs infected with the malicious program are still causing network congestion.
The MSBlast worm, also commonly called the Blaster worm, started spreading last August and is believed to have spread to hundreds of thousands of systems. While most corporations have cleaned up the worm, Microsoft has found that a large number of home users are still unknowingly infected, the software giant said in a statement. "
"For many users in this situation, there is little indication that they are infected other than possible performance degradation," Microsoft said. "And those infected are still actively transmitting the worm, causing Internet congestion in the process."
Microsoft's aim in releasing the latest tool is to reduce the amount of traffic being borne by ISPs by cleaning up a significant number of home computers.
The tool can be found on Microsoft's download site.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en
http://zdnet.com.com/2100-1104_2-5136260.html
"Microsoft released a removal tool for the MSBlast worm on Monday after Internet service providers complained that home users' PCs infected with the malicious program are still causing network congestion.
The MSBlast worm, also commonly called the Blaster worm, started spreading last August and is believed to have spread to hundreds of thousands of systems. While most corporations have cleaned up the worm, Microsoft has found that a large number of home users are still unknowingly infected, the software giant said in a statement. "
"For many users in this situation, there is little indication that they are infected other than possible performance degradation," Microsoft said. "And those infected are still actively transmitting the worm, causing Internet congestion in the process."
Microsoft's aim in releasing the latest tool is to reduce the amount of traffic being borne by ISPs by cleaning up a significant number of home computers.
The tool can be found on Microsoft's download site.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en
http://zdnet.com.com/2100-1104_2-5136260.html
Wednesday, January 07, 2004
The Search Engine Report - Number 86:
"The Search Engine Report - Number 86"
+ Search Engine Watch News
+ SES Returns To The Big Apple!
+ Search Engine Articles By Danny Sullivan
+ SearchDay Articles
+ Search Engine Articles
+ Search Engine Resources
+ SES Coverage
http://searchenginewatch.com/sereport/article.php/3296121
"The Search Engine Report - Number 86"
+ Search Engine Watch News
+ SES Returns To The Big Apple!
+ Search Engine Articles By Danny Sullivan
+ SearchDay Articles
+ Search Engine Articles
+ Search Engine Resources
+ SES Coverage
http://searchenginewatch.com/sereport/article.php/3296121
Security Highlights and Lowlights of 2003:
"The consensus among security professionals is solid: 2003 was a lousy year for computer security. And the news won't be much better in the year ahead; things are trending for the worse.… "
http://www.eweek.com/print_article/0,3048,a=114506,00.asp
"The consensus among security professionals is solid: 2003 was a lousy year for computer security. And the news won't be much better in the year ahead; things are trending for the worse.… "
http://www.eweek.com/print_article/0,3048,a=114506,00.asp
News: Security flaws force Linux kernel upgrade:
"Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws.
The 2.4.24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws.
The release is intended to prompt users to upgrade quickly, said Marcelo Tosatti, the maintainer of the 2.4 kernel series and a Linux developer for data center management company Cyclades.… "
The most serious flaw, which occurs in a function used by virtual memory, resembles a vulnerability fixed in late November that had been exploited by unknown attackers to control several key Linux servers open-source developers use. Both flaws allow an intruder to increase the privileges of a normal user account to the same level as the system's owner.
Tosatti said that once it became clear that the latest flaw could be used to circumvent security on Linux systems, he and other developers decided to immediately release the fixes. The move follows decisions by the kernel developers to curtail new features in the 2.4 kernel series in order to get developers and users to move to the next generation of core Linux software, the 2.6 kernel. The final set of features that had been intended for this release of the kernel have been postponed until the next version, he said.…
http://zdnet.com.com/2100-1105_2-5135129.html?tag=zdfd.newsfeed
"Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws.
The 2.4.24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws.
The release is intended to prompt users to upgrade quickly, said Marcelo Tosatti, the maintainer of the 2.4 kernel series and a Linux developer for data center management company Cyclades.… "
The most serious flaw, which occurs in a function used by virtual memory, resembles a vulnerability fixed in late November that had been exploited by unknown attackers to control several key Linux servers open-source developers use. Both flaws allow an intruder to increase the privileges of a normal user account to the same level as the system's owner.
Tosatti said that once it became clear that the latest flaw could be used to circumvent security on Linux systems, he and other developers decided to immediately release the fixes. The move follows decisions by the kernel developers to curtail new features in the 2.4 kernel series in order to get developers and users to move to the next generation of core Linux software, the 2.6 kernel. The final set of features that had been intended for this release of the kernel have been postponed until the next version, he said.…
http://zdnet.com.com/2100-1105_2-5135129.html?tag=zdfd.newsfeed
Tuesday, January 06, 2004
Symantec Security Response - W32.Jitux.Worm:
"W32.Jitux.Worm is a worm that attempts to spread through MSN Messenger.
This threat is written in the Visual Basic (VB) programming language. The VB runtime libraries are required for it to be executed."
http://securityresponse.symantec.com/avcenter/venc/data/w32.jitux.worm.html
"W32.Jitux.Worm is a worm that attempts to spread through MSN Messenger.
This threat is written in the Visual Basic (VB) programming language. The VB runtime libraries are required for it to be executed."
http://securityresponse.symantec.com/avcenter/venc/data/w32.jitux.worm.html
Ten Steps for Cleaning Up Information Pollution (Jakob Nielsen's Alertbox):
"Our knowledge environment is getting ever more contaminated by information pollution. Things we need to know are drowning in irrelevant information. Symptoms include:
What Individuals Can Do
All time-management courses boil down to one basic piece of advice: set priorities and allocate the bulk of your time to tasks that are crucial to meeting your goals. Minimize interruptions and spend big chunks of your time in productive and creative activity.
Unfortunately, current information systems encourage the opposite approach, leading to an interrupt-driven workday and reduced productivity. Here are six steps to regaining control of your day…
http://www.useit.com/alertbox/20040105.html
"Our knowledge environment is getting ever more contaminated by information pollution. Things we need to know are drowning in irrelevant information. Symptoms include:
- In most companies, employees squander an hour or more each day simply 'doing email.'
- Employees fritter away 48 hours each year trying to unearth job-related information on bad intranets compared to the time they would need on an intranet with usability in the top 25%. The resulting productivity loss amounts to millions of dollars for mid-sized companies.
- Many websites alienate users by burying answers to basic questions in useless corporatese.
- Email messages that customers actually want, such as useful newsletters or customer-service confirmations, don't survive overflowing inboxes -- often because senders ignore the principles of good email design.
What Individuals Can Do
All time-management courses boil down to one basic piece of advice: set priorities and allocate the bulk of your time to tasks that are crucial to meeting your goals. Minimize interruptions and spend big chunks of your time in productive and creative activity.
Unfortunately, current information systems encourage the opposite approach, leading to an interrupt-driven workday and reduced productivity. Here are six steps to regaining control of your day…
http://www.useit.com/alertbox/20040105.html
Free newsletter - HFI's UI Design Update:
"HFI's December newsletter reviews the findings of the research presented in our Putting Research into Practice course. In preparing this course, recent research from various disciplines (including Human Computer Interaction / Ergonomics, Cognitive & Social Psychology, Computer Science, Marketing, Economics...) that might have implications for usability professionals is systematically reviewed. The most interesting, important, and applicable papers are summarized for presentation in our 3 day seminar – essentially a "Cliff Notes" course for usability research, updated annually.
The list below differs slightly from that of previous years. Rather than presenting design "dos" and "don'ts", this year we present key findings of many of the papers presented in the 2003 PRP course. As such, in addition to providing design guidance, this list provides you recent research references to directly justify your analysis, design, and testing decisions.…"
http://www.humanfactors.com/downloads/dec03.asp#susan
"HFI's December newsletter reviews the findings of the research presented in our Putting Research into Practice course. In preparing this course, recent research from various disciplines (including Human Computer Interaction / Ergonomics, Cognitive & Social Psychology, Computer Science, Marketing, Economics...) that might have implications for usability professionals is systematically reviewed. The most interesting, important, and applicable papers are summarized for presentation in our 3 day seminar – essentially a "Cliff Notes" course for usability research, updated annually.
The list below differs slightly from that of previous years. Rather than presenting design "dos" and "don'ts", this year we present key findings of many of the papers presented in the 2003 PRP course. As such, in addition to providing design guidance, this list provides you recent research references to directly justify your analysis, design, and testing decisions.…"
http://www.humanfactors.com/downloads/dec03.asp#susan
The XML Schema Companion - WebReference.com -:
"Although the XML Schema language has a large number of built-in data types that can be used, restricted, and extended, some requirements demand much finer control over the exact structure of a value. For example, a simple code might need to consist of three lowercase letters:"
Similarly, when an element or attribute contains an ISBN (International Standard Book Number), it should be possible to apply constraints that reflect the nature of ISBN codes. All ISBN codes are composed of three identifiers (location, publisher, and book) and a check digit, separated by hyphens (or spaces). Valid values would include ‘0-201-41999-8’ and ‘963-9131-21-0’. The schema processor should detect any error in an ISBN attribute:
Some programming languages, such as Perl, include a regular expression language, which defines a pattern against which a series of characters can be compared. Typically, this feature is used to search for fragments of a text document, but the XML Schema language has co-opted it for sophisticated validation of element content and attribute values.…
http://www.webreference.com/programming/awxml1/index.html
"Although the XML Schema language has a large number of built-in data types that can be used, restricted, and extended, some requirements demand much finer control over the exact structure of a value. For example, a simple code might need to consist of three lowercase letters:"
abc
ABC
abcd
Similarly, when an element or attribute contains an ISBN (International Standard Book Number), it should be possible to apply constraints that reflect the nature of ISBN codes. All ISBN codes are composed of three identifiers (location, publisher, and book) and a check digit, separated by hyphens (or spaces). Valid values would include ‘0-201-41999-8’ and ‘963-9131-21-0’. The schema processor should detect any error in an ISBN attribute:
Some programming languages, such as Perl, include a regular expression language, which defines a pattern against which a series of characters can be compared. Typically, this feature is used to search for fragments of a text document, but the XML Schema language has co-opted it for sophisticated validation of element content and attribute values.…
http://www.webreference.com/programming/awxml1/index.html
Monday, January 05, 2004
O'Reilly Network: PHP Foundations [Feb. 28, 2001]:
"A programmers guide to learning PHP for people with no PHP experience."
http://www.oreillynet.com/pub/ct/29
"A programmers guide to learning PHP for people with no PHP experience."
http://www.oreillynet.com/pub/ct/29
Can-Spam Law: More Harm than Good? - Tech Update - ZDNet:
"Fans say CAN SPAM--set to become the first federal law against digital junk mail--would serve notice to spammers. But critics say that by overriding stronger state laws, it would actually tell spammers they can."
http://zdnet.com.com/html/z/tu/sr/canspam.html
"Fans say CAN SPAM--set to become the first federal law against digital junk mail--would serve notice to spammers. But critics say that by overriding stronger state laws, it would actually tell spammers they can."
http://zdnet.com.com/html/z/tu/sr/canspam.html
Subscribe to:
Posts (Atom)
Posts
