Saturday, May 01, 2004

Spam Report Card 2004 - TechUpdate - ZDNet:
"More than 50 percent of e-mail is spam. Billions of spam attacks are launched each month. Spam costs U.S. companies at least $1 billion per year in security and human resources expenditures, as well as lost productivity. Increasingly, virus-infected machines are used to distribute spam and perpetuate additional fraud, such as phishing. Is combating spam a losing battle?"

http://techupdate.zdnet.com/special_report/Spam_Report_Card_2004.html

Friday, April 30, 2004

Crypto-Gram: April 15, 2004:
"In this issue:

National ID Cards
TSA-Approved Locks
Crypto-Gram Reprints
Stealing an Election
Counterpane News
Security Notes from All Over: Man-in-the-Middle Attack

Bluetooth BeepCard
Privacy Hack
News
Virus Wars "

http://www.schneier.com/crypto-gram-0404.html
Signs Point to Worm Attack on SSL Vulnerability:
"Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol.

During the morning and early afternoon Tuesday, specialists at VeriSign Inc.'s security operations center observed a large-scale exploitation of the vulnerability. While there are a number of software tools available on the Internet to attack the vulnerability, experts said the volume of activity is too great for the attacks to be manual."

http://www.eweek.com/article2/0,1759,1573827,00.asp
Microsoft Confirms Bug In SSL Patch:
"The knowledge base article goes by the unusually long name: 'Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011.'

The problem occurs, according to the article, because Windows tries repeatedly to load drivers that fail to load. Microsoft acknowledges that the problem is a bug in the patch and that the company is investigating solutions."

http://www.eweek.com/article2/0,1759,1578752,00.asp
Scams, Lies, Deceit, and Offshoring:
"Someone has to take the jobs that, as President Bush and others say, 'Americans don't want.' There appear to be a large number of these jobs. In fact, it seems that our fastest-growing business segment is the creation of more and more jobs that Americans don't want. Often, American companies will lay people off, only to train newcomers to replace them."

Here is how the real scam works. You are a programmer at one of the big IT or computer companies. You're 55 and nearing a retirement plateau; in fact, you're a liability. You're making, say, $80,000 as a program designer. You have various responsibilities. The company eliminates your position in the process of downsizing.

To be fair to you, it creates a new position, Associate Program Designer, that pays $35,000 a year. Its responsibilities coincidentally match those of your old job. You can take this job, doing what you did before but at a huge cut in pay, or look elsewhere. If the latter, it's apparent that this new job is one that "Americans don't want." The company can then hire a "body shop" to drop in a foreign H-1B or L1 visa holder, who will not be quite as good but will work for a lot less.


This is a bait-and-switch scheme that is designed to screw older and more experienced workers out of their retirement benefits, plain and simple. This sort of thing, unfortunately, is nothing new to corporate America:

http://www.pcmag.com/article2/0,1759,1573102,00.asp

Wednesday, April 28, 2004

Phishing Scams Increase 1,200% in 6 Months:
"Beware your email.

In the last six months, the number of phishing email scams has increased 1,200 percent, putting end users and major companies at an even greater risk, according to a report from MessageLabs Inc., a managed email security firm based in New York.

MessageLabs reports that last September its analysts had only seen 279 phishing emails. But that number had risen nearly 800-fold to 215,643. Phishing emails peaked in January with 337,050.… "

Phishing is the latest online scam financial scam. It's a con game based on posing.

Spammers send out millions of emails claiming to be from legitimate organizations, such as major U.S. banks or credit card companies. The spammers even fake the senders address so it appears to be from the company they're posing to be. The message in the email often says there is a problem with the recipient's account and it has been shut down. To reinstate the account, or deal with whatever fictional problem the email refers to, the user is instructed to click on a link that then takes them to a phony Web site.

The users are then led to what is often a perfect replica of the Web site that the spammer is pretending to be. At this point, the victim is asked to 'update' his personal security information, passwords, Social Security numbers, addresses and bank account information. The information is then used to siphon money out of the victim's bank account or to make financial transactions with their money.

http://www.esecurityplanet.com/trends/article.php/3344141

Tuesday, April 27, 2004

AntiOnline - Windows XP Security Guide (phase one):
"This guide will take you from a FRESH install of XP, to the high level of security … Note that this is more intended for singular computer use (and possibly work office) and not for mission critical server usage. While yes, … use XP for server usages, because it can handle it with the proper settings, a mission critical server requires a primary focus on the 'Server' portion, rather than being evently distrubuted between server, desktop, and game machine. … when it comes down to mission critical servers, it isn't about bending tools to work, it's about how well they work. Windows XP as a *mission* critical server is not recommended because of latency issues, forced RAM on the GUI, and process handling meant for low latency on the GUI responcivness, instead of packet and server process stability handling."

http://www.antionline.com/showthread.php?s=&threadid=255353