I can't believe that came from your mouth!
Cyber
All-things related to Cyber Security
Veterans Administration Screws 26 Million Vets
May 22nd
This is huge. An idiot Veterans Administration employee took data to their home in Maryland. The data in question was the socials and dates of birth of all of the veterans still alive today. The data was stolen in a burglary.
From Homeland Stupidity Here:
The Department of Veterans Affairs reported Monday that a laptop computer containing the names, dates of birth and Social Security numbers of over 26,000,000 veterans was stolen from the home of an employee who had taken the data home without authorization.
In response, the VA is sending the following letter (PDF) to veterans whose names were on the list. It has also published a list of Frequently Asked Questions (PDF) about the data breach, as if they already know what questions will be frequently asked.
I smell a rat in this incident. It is common knowledge that data of this type is extremely valuable on the cyber underground. I would not be surprised to learn that this whole “burglary” was staged. While home invasions and burglaries are a bit more common in parts of Maryland than my home in Virginia, it is still much more rare than, say, breaking into a car to steal a laptop. Im glad they got the top cops on this one and I hope the catch the criminal soon.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!)
Loading ...Symantec Sues to Block Microsoft Vista Release
May 19th
Im a little weary already about Microsoft delaying the release of its next operating system, Vista. But now, Symantec is suing Microsoft over the incorporation of data manipulation software that is going to be built into Vista. It seems that Microsoft and Veritas had made a deal to include the software in Vista.
Then, Symantec, in a move that may end up killing the company, acquired Veritas. Now Symantec has realized that Vista is going to have some of its data manipulation software built into the next OS, which will essentially kill off another line of software for Symantec. The Veritas acquisition continues to be highlighted as one of the worst business decisions EVER.
From Reuters Here:
Symantec sues Microsoft in contract dispute Thu May 18, 11:57 PM ET
SAN FRANCISCO (Reuters) – Symantec Corp. sued software rival Microsoft Corp. on Thursday, accusing it of misappropriating trade secrets to develop its own competing features and products, including the next version of Windows.
The lawsuit filed in federal court in Seattle charges the world’s biggest software maker with misappropriating intellectual property and breach of contract related to a licensing deal with Veritas, which Symantec acquired last year.
It also seeks an injunction that would block the further development, sale or distribution of Vista — the already- delayed next version of Windows — and other products until all Symantec intellectual property is removed.
“Microsoft’s pervasive and continuing disregard of Symantec’s intellectual property and contract rights has irreparably harmed Symantec and constitutes trade secret misappropriation,” the complaint said.
Microsoft said in statement it worked hard to try to resolve the dispute and that it acted within its rights in the contract.
“We are confident that our actions are wholly consistent with the legal agreements between Veritas and Microsoft and that these claims will be shown to be without merit,” Microsoft said.
The dispute pits two of the biggest consumer software makers against each other and centers on a Symantec product called Volume Manager, which allows operating systems to store and manipulate large amounts of data.
Symantec only bought Veritas because it wanted another line of business that was outside of its AV products, which it fears will dry up when Vista comes out with AV built in. No wonder Symantec’s distraught when they find out that Vista is also taking away its Volume Manager software.
Lotsa Luck, SYMC. If your luck runs true since the acquisition of this turd of a company, you will lose your lawsuit and your stocks will continue to plummet. CEO John Thompson should have been fired over this debacle.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Blue Frog Quits
May 17th
Bluesecurity throws in the towel. They are surrendering to a Russian Spammer. This is a sad day for BlueSecurity, and I suspect that their troubles will not cease with the cessation of their anti-spam business. Perhaps they are facing liability issues connected with the cyber war?
From BlueSecurity.com-
Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world’s spam to comply with our users’ opt-out list. We were making real progress in eliminating spam from the lives of our users.
However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.
After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.
As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.
Read my previous articles here, which document the entire cyber war between Bluesecurity and Pharmamaster the spammer.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Bank of America to the BoyScouts: Goodbye and Goodluck
May 13th
Bank of America has withdrawn their financial support for local and national Boy Scouts programs because the Boy Scouts do not admit homosexuals as scout masters. This is a practice by the Boy Scouts that was upheld by the United States Supreme Court, just like abortion. Like it or not, its the law of the land.
According to the letter here, Bank of America has some new corporate guidelines that discriminates against organizations that do not include gays. So, no money for you, Boy Scouts. If you are a community center in upscale San Francisco that caters to gays and lesbians ONLY, you get 150,000 dollars, however.
If this outrages you as a Bank of America customer, you should switch banks, and tell your bankers why you are going with another bank.
If this doesnt outrage you as a Bank of America customer, you should switch banks anyways because, despite the money Bank of America saves on refusing to donate to the Boy Scouts, they do not spend that money on Internet and ATM security. The bank is RIFE with hackers and vulnerabilities.
Quite simply, your money is not safe with Bank of America, and neither is your identity.
From CNET Here:
Bank of America’s security compromised
Greg Sandoval
CNET News.com
February 10, 2006, 09:20 BSTAn undisclosed number of debit cards have been reissued by the largest bank in the US following a security breach
A security breach involving an undisclosed company has prompted Bank of America to cancel the debit cards of numerous customers, a spokesman for America’s largest bank said on Tuesday.
Rather than inform all customers that there was a hacker on their internal network that was compromising card account holders, they replaced only those cards that they had proof that were compromised.
Also, remember that Bank of America had, for YEARS, run their ATM network using Windows 2000 machines that were vulnerable to a SQL server vulnerability that would give hackers full remote control over the PC, and that control could have been used to steal swiped ATM information, and compromise customer accounts.
How is this possible? Is this the first time you have heard of this? Take a look at this article here, which talks about how SQL slammer took down their ATM network-
On Saturday, the spread of the worm was so severe that the majority of Bank of America’s 13,000 automatic teller machines “were unable to process customer transactions”, the Washington Post reports. The paper quotes the bank saying it was able to restore services on Saturday evening but a Seattle-based Reg reader tells us he was “unable to make a deposit to my Bank of America Account on Sunday at about noon Pacific time”.
The SQL slammer worm took advantage of a hole in MS SQL server that had been published MONTHS before the worm hit. Hackers had been exploiting that vulnerability to perform sql injections for quite some time before the worm was unleashed. And because Bank of America’s ATM’s were affected by Slammer, it means that their ATM network was connected to the Internet through Bank of America’s corporate network. This means that for MONTHS, Bank of America refused to patch their systems and had likely allowed hackers to exploit vulnerabilities on their network, including their ATM hosts.
Many banks have developed fraud monitoring that will prevent customer accounts from being drained by suspicious transactions. Bank of America is still playing catch up in that department too. See this article here in which an unsuspecting customer had 90,000 dollars transferred to Latvia without Bank of America performing any safeguard checks.
The important thing to note about all of this is that Bank of America does not discriminate in how it fails to protect its customers. You can be gay, straight, black or white, and Bank of America will still fail to protect your identity and money from hackers. But if you are in the Boy Scouts, you are on your own.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Idiot Hacker Will be Extradited
May 10th
Gary McKinnon, a dimwitted, bumbling hacker wannabe, who damaged computers belonging to a Naval Weapons Station, lost his bid to avoid extradition by failing to prove that he will be sent to Club Gitmo and tried as a terrorist.
The judge laughed and dismissed his claims. From the Silicon here:
UK Nasa hacker loses extradition fight
Judge paves way for Gary McKinnon to be tried in the US…By Will Sturgeon
Published: Wednesday 10 May 2006
A court has ruled that UK computer expert Gary McKinnon can be extradited to the US on charges of hacking US defence systems and causing $700,000 worth of damage.
McKinnon was arrested in the UK in June last year and the US authorities want to extradite him and try him on charges of illegally accessing 97 government computers during a 12-month period starting in February 2001.
Now McKinnon, 40, is one step closer to extradition after a judge at Bow Street Magistrates Court in London dismissed his legal objections to such a measure being imposed.
McKinnon must now await the decision of the Home Secretary after his objections were thrown out and in one instance branded “feeble”.
Judge Nicholas Evans said there is no reason why McKinnon should not face trial in the US for a series of computer hacks which caused damage to US military computers.
“My view is, unquestionably, if the defendant is to face prosecution, it should be in the US,” he said. “I readily accept, if convicted in the US the probable sentence is likely to be appreciably harsher… than it would be in the UK… but so be it.”
See the rest of the articles on McKinnon here. Note that this idiot has no skills. He stumbled upon weak passwords in programs like PCAnywhere and Remotely Anywhere on government systems, and then used his access to delete files.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Stiff Fines for Cyber Crimes
May 9th
Back in January, I wrote about a botherder, Jeanson Ancheta, who pleaded guilty to selling botnets to other cyber criminals for use in DDoS attacks. He was sentenced the other day to almost 5 years in prison. That is historically rather harsh for a cyber-based crime, and it also seems stiff for something that was plea-bargained down from the prosecutor. I guess if he hadnt taken the plea deal he would be facing decades behind bars.
Its about time that the justice system began to take cyber crime this seriously.
From the AFP here:
US ‘botmaster’ jailed for nearly 5 years for computer hacking
LOS ANGELES (AFP) – A US computer hacker was jailed for nearly five years for hijacking around 400,000 computers, including military servers, and infecting them with malicious software.
Sealing the first prosecution of its kind, US federal Judge Gary Klausner in Los Angeles sentenced “botmaster” Jeanson Ancheta, 20, to 57 months in jail for taking control of an array of computers he had corralled into his “Botnet.”
Ancheta had pleaded guilty in January to infecting the computers with software that caused them to send spam, show ads and launch crippling attacks on Internet sites.
The crime was “extensive, serious and sophisticated,” the judge told the court as he handed down the longest-known sentence for someone accused of spreading computer viruses.
“Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this,” the judge told Ancheta.
In more than 30 separate transactions, he sold networks of up to 10,000 infected “bots” each, his plea agreement stated.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Internet Anarchists Try to Crack Chinese Firewall?
May 8th
There is a gushing story about how wonderful a few “hacktivists” at the University of Toronto are going to put together a program that will defeat all of the oppressive Internet censors on the planet. Yes, these rough, raga-muffins, who feel that information should be free, are out to subvert the will of the Chinese government who is censoring its people.
I smell a rat.
Hacktivists have never contributed to the greater good of the Internet. They often destroy things, expose secrets, both governmental and corporate, and gorge themselves on stolen and priated software. But somehow, this article says that these guys are the “good guys.”
From the Star here:
Revenge of the nerds
Three computer geeks at the U of T are renowned developers of anti-censorship software, including a program out this month that could allow people to outwit the world’s most repressive regimesANDREW CHUNG
STAFF REPORTERLooking at them you might not guess it. But deep in a basement room on the University of Toronto campus, three unassuming computer hackers with messy hair and wrinkled T-shirts are working to tear down China’s “Great Firewall,” the most sophisticated Internet censorship system in the world.
They are self-confessed computer “geeks.” They don’t go to the gym much, or see much sunlight. They talk about “routers” and “nodes” and “secure socket layers” like they were saying, “Hello,” or “How are you?”
But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught.
Their innovation is called Psiphon, and it’s being launched at the end of this month.
What does Villeneuve, 31, who spawned the idea of Psiphon, think about challenging the likes of China? He puts down his Che Guevara mug and thinks for a moment. He shrugs his shoulders and smirks: “It just seems like the right thing to do.”
While working at a print shop, he started reading Karl Marx and Noam Chomsky, and when his roommate got a computer, he started roaming around hacker chat rooms. He found out how to extend the hours of their dial-up Internet for free.
He became a fervent anti-globalization activist, and got his first taste of tear gas in 1999 at the Seattle protests against the World Trade Organization. He started writing about the growing world of hacktivism.
While it won’t be a silver bullet, Qiang says, Psiphon will be a key tool for the relatively small but highly influential group of outspoken journalists, bloggers and activists inside China who dare to access information from the outside in the hope of creating a more open society.
The program effectively turns anyone’s personal computer into a proxy server. Once the software is installed on a computer in, say, Canada, that person creates a contact list of trusted friends or family members in censored countries and sends his or her IP address to them. No advertising needed.
But Psiphon doesn’t stop there. Unlike most Internet traffic, Psiphon data is encrypted and shoots around the world on a network reserved for secure financial transactions, so a censor cannot see what the person is accessing. And a censor wouldn’t be able to tell a Psiphon request from a MasterCard purchase.
“We’re making the Internet run the way it’s supposed to,” says Villeneuve with his trademark little-boy smile. “Because people have broken it.”
Notice this is not freedom for all Chinese citizens? Just the elite, ararchists and activists. If this worked so well, why not bring it to everyone?
These are admitted criminals. And somehow, they have tapped into the protected financial network of a major credit card company, and they are going to use a P2P proxy network to channel traffic over that protected network?
Sorry, but I think this is a smokescreen so Internet Anarchists can tap a protected financial network and try to get away with it. I would believe that it is more likely that they will spread a trojan horse program designed to take down credit card companies by flooding that network with bogus packets. These guys don’t give a damn about the Chinese citizens, only their own delusions of grandeur in finding ways to use the Internet to bring down capitalism.
I have more comments on this over at Hot Air.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Blue is Back
May 5th
Blue Security is back online today after switching to an Anti-DDoS solution provider, Prolexic.
Blue also revealed that the Spammer known as “PharmaMaster” was behind the attack, and was quoted as saying: “If I can’t send Spam, there will be no Internet.” This spammer has exhibited power over huge botnets to launch DDoS attacks and he uses his cash and influences to bribe tier 1 ISP’s to illegally blackhole companies.
From Blue Security’s Website here:
Internet under Attack by Renegade Spammer; Blue Security Responds; Blue Security Identifies “PharmaMaster” as the Illegal Spammer Who is Threatening the Internet to Keep His Spam Business Running
MENLO PARK, Calif.–(BUSINESS WIRE)–May 4, 2006–Blue Security, Inc., developers of the Do Not Intrude Registry(TM) solution to eliminate unsolicited e-mail spam, responded today to the latest attempts from a renegade spammer who is trying to stop Internet users from opting out of receiving his spam. “PharmaMaster”, one of the world’s leading spammers, is the culprit who is holding the entire Internet hostage to stop the Blue Community and keep his spam business running.
Eran Reshef, CEO of Blue Security, said, “Six out of the top 10 spammers worldwide have stopped sending spam to the Blue community recently; as such, PharmaMaster is determined to prevent this change in the spam economy. After a barrage of threatening letters this week that only made the Blue community stronger, PharmaMaster resorted to sophisticated attacks on Blue Security.”
Reshef continued, “The attacks started with a strike on the Internet backbone itself, causing the Blue Web site to become inaccessible to visitors outside Israel, while remaining available for Israeli visitors. How exactly this attack was carried out is still unresolved, but what is clear is that PharmaMaster boasted that it was he who was able to make a top-tier ISP’s staff member to block Blue Security’s former IP address (194.90.8.20) at the backbone routers.”
In PharmaMaster’s words (taken from ICQ sessions where PharmaMaster contacted Blue Security): ‘Support (top-tier ISP’s name withheld) says: Yes wont be a problem, I’ll make sure to block all traffic to this domain very soon just get me reports, mate.’
Reshef continued, “Thirty minutes after Blue closed its Israeli site and posted a note on its blog site, PharmaMaster ruthlessly ordered a massive, sophisticated DDoS attack against any site associated with Blue. This attack caused five top-tier hosting providers in the U.S. and Canada, a major DNS provider and a popular blog site to go down for several hours.”
PharmaMaster summarized the situation (excerpt from ICQ session): “you know Ii feel sorry for you and all the world 9000 servers (which) are down
”
According to Reshef, PharmaMaster also told Blue Security that if he can’t send spam, there will be no Internet. He also said that he will do whatever it takes to continue his fight but acknowledged the power of the Blue Community.
PharmaMaster (excerpt from ICQ session): “Blue found the right solution to stop spam, and I can’t let this continue.”
Blue Security is working hard to restore its community-based anti-spam service to its members, and has already started contacting the relevant authorities. Blue Security is working closely with its service providers and partners to help resolve the problems and mitigate risk.
For those that do not realize it, the Internet is not controlled by ISP’s. The Internet is controlled by a core group of individuals that have the root passwords to backbone routers. Most of those people work for the ISP’s for an honest salary. Others are shady, sometimes engaged in petty quarrels or pissing contests with other router operators. Some are full blown criminals, who appear on the internet long enough to launch viruses, DDoS attacks, or BGP poisoning to blackhole domains for a fee, fun or vengeance, and then disappear off of the wire.
This is a perfect example why the Department of Homeland Security created a Cyber division to deal with the threats to the Internet. If this spammer could do this to BlueSecurity, he could do it to any American enterprise, and that would be really bad if it were part of the critical infratstructure. The Feds are certainly involved now, given his threats to damage the Internet.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...FTC Fines Spammers
May 5th
So it seems that the Federal Trade Commission is hitting back at spammers. They will be collecting millions in fines. I like that, and hope the fines sting.
From the AP here:
CONCORD, N.H. – A federal court has ordered a man who was at the center of the nation’s first “spyware” case to give up $4 million in ill-gotten gains.
Sanford Wallace was accused by the Federal Trade Commission of running an operation that infected computers with software that caused flurries of pop-up ads. It then tried to sell consumers cures called “Spy Wiper” and “Spy Deleter” for $30.
The order issued Wednesday by U.S. District Court in New Hampshire bars Wallace and his company, SmartBot.net Inc., from spreading spyware.
The FTC first accused Wallace of the spyware operation in a 2004 lawsuit. Last year, under an agreement with the FTC, Wallace agreed to stop infecting computers with the advertising programs.
Wallace headed a company called Cyber Promotions in the 1990s that sent as many as 30 million junk e-mails daily to consumers, earning him the nicknames “Spamford” and “spam king.” He left the company after lawsuits from America Online and CompuServe.
In a related case Thursday, the government reached a settlement with Jared Lansky, an ad broker who disseminated ads containing Wallace’s spyware. He is to give up $227,000 in ill-gotten gains.
In another case, Walter Rines of Stratham and his company, Odysseus Marketing, was also barred from spreading spyware. The FTC plans to ask the court to order them to give up their ill-gotten gains.
This Wallace guy was a creep. He took advantage of flaws in Internet Explorer to install malware on a system that made users think they had been hacked, which would prompt them to install Wallace’s stupid fake spyware programs.
From Tech Web Here:
Wallace, who in 1998 swore off spam, was ordered by a federal court to give back $4,089,500 made by convincing consumers to pay $30 per copy for Spy Wiper and Spy Deleter, two purported anti-spyware programs.
Users were duped into thinking they needed the software because Wallace exploited an Internet Explorer vulnerability to install real spyware to their PCs, including a small program that opened the CD-ROM tray and displayed the message “If your cd-rom drive s open . . .You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Blue Security DNS Change Brings Down Typead & LiveJournal
May 4th
As mentioned on this blog earlier, Blue Security, an email opt-out service company, was under a crushing DDoS from the spammers that are angry that Blue Security’s service is cutting down on spam.
Well, if a DDoS happens in Israel, Americans look at it and say “Sucks to be you.” Blue Security needed law enforcement help to go after the spammers who seem to be controlling one of the world’s largest botnets, and frankly, Israeli law enforcement may not be up to the task. What is a small Israeli company to do?
They redirected their DNS services to their blog site that was hosted at Typead. The result is that the DDoS chased them there, and it crushed Typead’s hosting network, Six Apart. Live Journal is also part of Six Apart, so it went bye-bye too.
Lots of people on the net are figuring out what happened now and many are understandably pissed, but they are directing their anger at the wrong people. They should be mad at the spammers who are criminals and engaged in a criminal act. All that Blue Security did was make a DNS change. Which is legal.
Sure, they probably knew what would happen. And they also knew that if the American critical infrastructure was attacked by the world’s largest spammers with the world’s largest botnets, then the Department of Homeland Security, the FBI and the Secret Service would bring their considerable law enforcement skills into the fray, and help track down these criminals and put them away.
See more at this post at Q Daily News here:
According to a post on the North American Network Operators Group mailing list, at some point yesterday the people at Blue Security decided that the best way to deal with the attack was to point the hostname www.bluesecurity.com to their TypePad-hosted weblog, bluesecurity.blogs.com. This effectively meant that the target of the attack shifted off of Blue Security s own network and onto that of Six Apart, and did so as the direct result of a decision made by the folks at Blue Security. Soon thereafter, the Six Apart network buckled under that weight and fell off the net, and over four hours passed before packets began to flow again.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...World’s Fattest Hacker
May 3rd
The World’s Fattest hacker is pictured below ordering Papa John’s online for the 15th time today. He uses stolen credit card information to order fuel for his 1200 LB body.
Manuel Uribe, or Monterrey Mexico, tips the scale at a weight normally reserved for zoo animals, but it doesn’t get in the way of his “L33t 5k1llz.” He claims he cannot stand or even get out of bed and must rely on relatives, neighbors and the confused tourist or two to bath him weekly with a garden hose. But he can deface a webserver using the latest PHP vulnerabilities and says that he is the leader of a H4x0r crew that is set on spamming Gringos with phishing information so they will be tricked into giving up vital banking information he uses to order food, fine computer equipment, and strippers.
Uribe hopes that he will be able to steal enough cash and goods from unsuspecting victims so he can finally rent a giant U-Haul so he can cross the American border and try to get in on some of that popular amnesty he hears is going around.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...The Blue Independence War
May 2nd
Blue Security is a company that has taken on the world’s spammers, and it is now in a fight for its existence against the criminals that clog our inboxes.
Blue Security is under a massive DDoS attack from these spammers by a huge botnet in an effort to win the Spam Wars, which has been renamed the “Blue Independence War” by Blue Security.
First, some background on how Blue Security’s Blue Frog software works- They maintain a community of users that have chosen to “opt out” of spam by putting their email addresses on a “Do Not Spam List.” This list is public. The penalty of sending spam to one of these addresses in violation of the community’s wishes, is that the entire community of users, in one accord, sends email to the spammer or the spamming host, telling them to stop.
Essentially, it is an attack right back at the spammer, using Blue Frog community members as agents to “Shout the Spammer Down.” Many computer security officials do not believe that such active response to attacks is justified under any circumstance. Others believe that enough is enough.
Well, it appears that the Blue Frog campaign is working. Because they pissed off some pretty powerful Internet Criminals, who have responded with an enormous flex of muscle and shut down BlueSecurity.Com and four data centers in Israel. In addition, the cyber attackers were able to “null route” BlueSecurity.com off of the Internet by hacking the BGP peering points on the Internet backbone. This activity by this gang represents a serious cyber-threat to the Internet as well as to email security, and the bad guys cannot be allowed to win.
Right now Blue Security Team members are working over the Israeli holiday to get the site back up and maybe content distributed so it can stay up. So when BlueSecurity.Com gets the site back up, be sure to download the free software and take part in the war against spammers.
From BlueSecurity Blog, serving as the temporary Home Page of BlueSecurity.Com:
The Blue Independence War
Today is Israel’s Independence Day. It’s a public holiday in Israel, but all of us in Blue Security are working. But we are glad we’re working. We’re helping the community fight the Blue Independence War. We fight for our freedom from spammers and cyber criminals. This is our big chance to reclaim the Internet. We must not let it slip from our hands.
Some desperate spammers are doing its worst to harm our community. They’d like us to back off, and agree to get their spam silently. Needless to say, that is not going to happen. We’re not here to listen to their vile threats and fraudulent advertisements. We’re here to stand up for our right not to be let alone.
You may wonder what you can do to help win the Blue Independence War. Here are some ideas:
- Run your frog and report your spam
- Tell you friends to join the fight
- Write to your local newspaper about Blue Frog
- Search for news sites, blogs and forums that discuss “blue security” or “blue frog” and post positive comments
- Ask your representative to show support for the Blue Frog
- If you have a blog, write an item about the blue frog
We need to be patient and prepare for more attacks. Some top spammers embrace the change and comply. Other spammers believe they can coerce us into obedience. Let’s show them this is not going to happen.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Blue Security Gets Joe-Jobbed
May 2nd
For those of you that do not know, a “Joe Job” attack is a cyber security attack in which a company’s reputation is attacked by the use of spam. There are no firewalls or IDS systems that can protect against this type of attack, and it can end up costing the victim company quite a bit in lost revenue, status, reputation and market share.
The way it works is like this- If I were a hacker, and I wanted to take down a company’s reputation, I would forge an email to make it look like it originated from the victim company. In this case, let’s use “Johnny’s Urban Furniture” as the victim company. The email would appear to originate from Urban Furniture, and it would be sent to any available spammer list. the body of the email would inform everyone that due to unfortunate circumstances, your personal information, such as your social security number and phone number, and email address had been deliberately sold to a mass marketing company for the sum of 200 dollars. In return, all recipients of the email should be called by telemarketers, receive magazines, be visited by Mormons, etc., etc.
The Joe Jobber could even spice it up more by saying that these things will be charged automatically to the account that Urban Furniture has on record. The email should include a phone number for complaints, which would be really nasty if it was the call center of the company, or worse, if it was the Furniture Shop’s owner’s personal cell phone.
Most people will get this piece of spam and think that its trash. They had never heard of Urban Furniture and are confident that this is either a prank or a hoax. But some people, who have shopped at Urban Furniture, will be understandably outraged and will flood the call center with complaints. Others will vow to never shop there again, and others will be sure to never shop there the first time. The victim’s cost to recover from a successful Joe Job is quite high.
Blue Security is an Israeli email security company that actively attacks spammers and known spamming hosts to reduce the flood of spam on the Internet. A pissed-off spammer sent this email out in an effort to fool people into thinking that Blue Security suffered a compromise and leaked the entire customer list, which is not true:
Hey, You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com). You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally. How do you make it stop? Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity’s database, if you arent there.. you wont get this again. By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this. Just remember one thing when you read this, we didnt do this to you, BlueSecurity did. If BlueSecurity decides to play fair, we will do the same. Just remove yourself from BlueSecurity, and make it easier on you. Sergio Sheldon
If you are a Blue Security Customer and see this, consider it as just another spam, and be thankful that Blue Security is doing its job to infuriate spammers and make the net a better place. Thanks to ISC and NoticeBored.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Aetna Screws its Customers
May 2nd
Stupid Aetna employee was probably kicking back having Margaritas at the local pub while criminals broke into his car to steal his laptop. So now 38,000 Aetna customers have had their socials, names and addies exposed. Who needs a phishing scam with choice tidbits like this?
From CNET Here:
Aetna says laptop with member data stolen
Health insurer Aetna on Wednesday said a laptop computer containing personal information on about 38,000 of its members was stolen from an employee’s car.
The data includes names, addresses and Social Security numbers, spokeswoman Cynthia Michener said. No personal banking information or health claim data was on the laptop, she added.
The members are employees of two companies that are Aetna customers, the company said in a statement. Michener said the two companies had asked that their names not be disclosed.
“They wanted all of their employees to have received their notifications directly before releasing their name,” Michener said.
Aetna, with about 27.9 million members, is one of the largest health care insurers in the United States.
The company said it is working to notify all affected members by letter. Aetna has offered to pay for credit monitoring services for the affected members to help prevent potential misuse of the information.
In other news:The car was broken into while it was in an outdoor public parking lot, Michener said. The doors were locked, she added.
Aetna said it deeply regrets the incident and has apologized to its members.
Laptops are choice targets for criminals. And if a laptop has personal data on it, it should be carefully guarded, and certainly not left on the passenger seat of a car.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Lo-Jack for Whores
Apr 28th
As the Duke Stripper case clearly demonstrates, hookers, whores and strippers take safety too lightly. They wear next to nothing, are completely unarmed, and are supposed to do their jobs in the dead of night. How will they ever protect themselves?
Why, its Lo-Jack for Whores, From Ronco! Those 5-inch platform shoes have plenty of room for everything the girl-on-the-back needs for personal protection. It has a GPS, an audible alarm, and could provide emergency locator services for the police, the fire department, or maybe even your pimp.
This sounds like a joke, but I’m not so sure. From the pages of the project designer, Aphrodite Project here:
One of the main concerns of contemporary urban sex workers, even in areas where prostitution is legal, is violence. Each sandal will have an audible alarm system, which emits a piercing noise to scare off attackers. The shoes are also outfitted with a built in GPS receiver and an emergency button that relays both the prostitute’s location and a silent alarm signal to public emergency services.
The shoes will transmit their location via APRS (Automatic Position Reporting System) originally developed by Bob Bruninga, US Naval Academy Satellite Lab, in the late 1970s. APRS uses amateur radio to transmit position reports, weather reports, and messages between users. It is free and open to the public, and used by police officers, fire fighters, and other public service workers across the country to track their locations.
Companies like Rave Wireless (www.ravewireless.com) have developed tracking methods that utilize cell phone signals to provide reliable positioning indoors and in urban environments. The shoe design may incorporate this technology and/or Rosum TV-GPS, which uses commercial broadcast TV signals to determine locations.
Okay, I see several problems with this technology. First, Pimps would use this to keep his tabs on Trixie, and if the technology is really good, he would be able to tell everytime Trixie’s feet were in the air too.
Wouldn’t the cops just use this to roundup the whores? Shouldn’t they? Prostitutes are safest when they are off the streets.
And you think its annoying to wake up with the neighbor’s car alarm going off down the block? Now you have to put up with listening to shoes going off when someone smacks around a whore behind a dumpster.
And why stop at hooker shoes? Why not go with the Urban Sex Worker Utility Belt? It has pockets for condoms, a convenient pump for lubrication, moist towellettes, and of course, room for extra gum. It also has holsters for lipstick and pepper spray.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Yahoo Jumps Into DVR Market
Apr 26th
… In a way. They are giving away a free software-based DVR player. So with a hardware upgrade, you can turn your PC into a Media Center. This is certain to poke some Media Player companies in the eye, such as Microsoft, Myth TV and Sage.
From CNET here:
Yahoo has released a beta version of software that turns a PC into a digital video recorder.
The software, Yahoo Go for TV, is free to download. After the software is installed, people plug their computer into their television’s video and audio input connections. The computer can then record and play back shows on the TV just like with a standalone DVR. Consumers can also play DVDs, music, photos or other downloaded content.
The cost of a few cables and TV tuner card, in comparison with the hundreds of dollars being shelled out for DVD players or DVRs, could lure consumers away from DVR competitors like TiVo.
The Yahoo software, as of yet, only runs on Windows and requires a computer with 20GB of disk space to store recorded programs, 512MB of RAM and a 1GHz processor.
Yahoo also has a partnership with Tivo, whereby Tivo customers can use Yahoo to schedule recordings and downloads remotely. I’m not sure how happy Tivo will be about this either. I suppose this may be a vehicle for Yahoo to make some ad revenue, but I’m not sure how that will work.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...American Cyber Companies KowTow to Commies
Apr 24th
Google censors Chinese search results. Microsoft has agreed to censor its blogs in exchange for China to quit pirating its software. Yahoo has turned over usernames and other logged information about its users to Chinese authorities that subsequently led to arrests of some dissidents. And Skype has agreed to provide a version of its software that will remove banned words from its text chat feature.
These are distasteful things, and as a freedom-loving society, we Americans view such gross actions on the part of the Chinese government and its censorship campaign as an intolerable act. And to see our own American-based companies working with the Chinese government to suppress the freedoms of its people is equally astonishing.
Michelle Malkin debuted her new website, HotAir, which is an excellent video blog about conservative issues, and her first feature is a video about these issues of Chinese censorship and American corporate kowtowing in order to get a slice of the Chinese market. See the video here.
Don’t get me wrong, I also dislike the activities of the American companies, who, in order to compete in the market, must comply with Chinese national law, of which, censorship is a big part. But I have a different take, and its one in which the ends justify the means.
With the tools that Yahoo, Microsoft, Google and skype are providing (remember, skype also has encrypted voice chat), Chinese citizens for use in their pursuit of freedom, the chinese citizens will be able to better organize and express their feelings about freedom on a scale that they have never been able to achieve as farm peasants or factory workers. Yes, the Chicoms are trying to make some examples of its citizens, and it is sad. The US government should put pressure on the Chicoms about that.
But not necessarily US businesses. They know business, and it is not their job to be diplomats. We have a State Department for that. And a congress that could pass laws against the types of business dealings that these companies are engaged in. Whatever the distaste, they are not breaking any laws of the US.
The Chinese are pursuing their freedom every day. The number one cyber attack detected every day are internet probes from China looking for anonymizing open proxy servers. This represents a nation of people who desperately want free speech and to circumvent government censorship by trying to surf the web as an anonymous person from any other country. And the penalty of scanning the internet, or hacking of any kind, is harsh. Now, with Google, MS, Yahoo and others, they have the necessary tools to help them achieve their goals by expressing themselves, organizing, sharing information and learning more about the rest of the free world.
Free speech is much harder to obtain with gardening tools than it is with the world’s best software.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...Bad Internet Laws Proposed
Apr 21st
Attorney General Gonzales is attempting to ressurect a stupid law from the Bill Clinton administration that would place an unfair burden on free speech by demanding that website operators, like me, place some type of code on webpages that might contain explicit material.
Um.. Isnt that what Internet Filtering Software is for? If this law passes, wouldn’t that put those companies out of business?
From CNET here:
Web site operators posting sexually explicit information must place official government warning labels on their pages or risk being imprisoned for up to five years, the Bush administration proposed Thursday.
A mandatory rating system will “prevent people from inadvertently stumbling across pornographic images on the Internet,” Attorney General Alberto Gonzales said at an event in Alexandria, Va.
Attorney General Alberto Gonzales proposes making government warning labels mandatory on sites containing sexually explicit information.
Site operators face 5 years in prison for violating rating system intended “prevent people from inadvertently stumbling across pornographic images on the Internet.”
The Bush administration’s proposal would require commercial Web sites to place “marks and notices” to be devised by the Federal Trade Commission on each sexually explicit page. The definition of sexually explicit broadly covers depictions of everything from sexual intercourse and masturbation to “sadistic abuse” and close-ups of fully clothed genital regions.
“I hope that Congress will take up this legislation promptly,” said Gonzales, who gave a speech about child exploitation and the Internet to the federally funded National Center for Missing and Exploited Children. The proposed law is called the Child Pornography and Obscenity Prevention Amendments of 2006.
A second new crime would threaten with imprisonment Web site operators who mislead visitors about sex with deceptive “words or digital images” in their source code–for instance, a site that might pop up in searches for Barbie dolls or Teletubbies but actually features sexually explicit photographs.
A third new crime appears to require that commercial Web sites not post sexually explicit material on their home page if it can be seen “absent any further actions by the viewer.”
A critic of the proposal said that its requirements amount to an unreasonable imposition on Americans’ rights to free expression. In particular, a mandatory rating system backed by criminal penalties is “antithetical to the First Amendment,” said Marv Johnson, legislative counsel to the American Civil Liberties Union.
I hate the ACLU for many of their unamerican stances. But I agree with them on this. When has a fully clothed genital region ever been determined to be pornographic? And if I want to post things about stupid whores that do stupid things, would that be sexually explicit? Probably. By displaying a federal logo, I would be limiting my own free speech because search filters will be able to squelch me. This is not cool.
I keep my own pages to a PG-13 rating, and the government should not have to open up a new division within the Federal Trade Commission to police the internet. Any proposed laws in this direction will fail in Congress. What a stupid idea.
Like This Post? Rate it and tell your friends! Click the Share button below.
(1 votes, average: 4.00 out of 6) Loading ...Veritas Acquisition was Symantec’s Biggest Mistake
Apr 18th
And it may be one of the worst blunders in business. Ever since Symantec announced that it was going to acquire backup software maker Veritas, its stocks have tumbled, business has fallen off, key leaders have left the company, and their competitors have honed their products to compete and beat big yellow.
Now there is more bad news. Veritas owed the IRS almost a billion dollars in back taxes. Whoops! Is it too late to sell Veritas back?
From CNET here:
The U.S. Internal Revenue Service says that Symantec owes $900 million in back taxes related to its acquisition of Veritas Software, the security company said Monday.
Cupertino, Calif.-based Symantec said it strongly believes that the IRS’s positions are inconsistent with applicable tax law and existing regulations, and that it will petition the tax court to protest the assessment. The security software maker’s shares fell nearly 5 percent on the news.
Symantec said IRS claims the company owes additional taxes, plus interest and penalties, for the 2000 and 2001 tax years based on an audit of recently-acquired Veritas.
The IRS notice marks the latest bad news for Symantec, whose shares have tumbled in recent months on investor concern over a number of high-level executive departures and questions over the Veritas deal.
Its shares have dropped almost 30 percent since it closed its $10.25 billion acquisition of storage software specialist Veritas in July, in a deal aimed at meeting growing demand from customers wanting to buy from fewer vendors.
On Monday, Symantec shares fell 4.6 percent to $15.64 in after-hours trade from a Nasdaq close of $16.39.
I really think that Symantec saw that Microsoft was getting into the AV business, and they panicked. They thought that the only way to remain competitive was to diversify their services. So rather than stay focused on leading the field in security services, they shot themselves in the foot by merging with a lame company that, in retrospect, was plagued with mismanagement.
In the mean time, Computer Associates got big in PKI management and authentication services. McAfee developed superior intrusion detection systems, and better incident management tools than Symantec. And while Symantec struggles with the IRS, its competitors will be surpassing them in quality and service.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...New Tactic in Identity Theft: Strongarm Robbery and Attempted Murder
Apr 16th
I heard this today on Kim Komando’s Show here, and it struck me as such a simple and effective tactic, and one that has little to no defense. People are use strongarm tactics to steal laptops from cyber cafes, and in one case in San Francisco, a man was stabbed and his laptop snatched.
From EE Times Here:
Laptop robbers stake out S.F. cafes
Internet caf s are becoming dangerous places for notebook PC owners, San Francisco police told a city newspaper Saturday. In a San Francisco Chronicle story, city police noted that laptop robberies had jumped from 18 during 2004 to 48 in 2005, and are currently on pace to crack 70 this year.
Caf s offering wireless access are the new hunting ground for robbers, police told the Chronicle.
“To the criminal element, this is a valuable piece of equipment that they can quite easily cash in on,” the paper quoted Inspector Robert Lynch of the San Francisco police robbery detail as saying. “Where else do you have a thousand-dollar item sitting on a table in a coffee shop?”
Robbers sell the stolen computers on the street or on the Internet for as little as $200 or $300, police said.
Last month, a 40-year-old man was stabbed during a robbery in a Mission District coffee shop when two men — one roughly 15, the other about 20 — fled with his $2,500 Apple PowerBook. The man, who asked that his name not be used, recovered.
“You walk by any Starbucks and you see people with a laptop, it’s so tempting for the crooks,” added Inspector Lynch. “They walk in, right on top of the person, and the person has all their attention on the laptop. They snatch it right out from underneath their fingertips.”
So you need to take precautions when using laptops in public. No one in their right mind would sit in an area known to have a high crime rate and count out 2 thousand dollars in hundreds- the same should go for using a laptop in public.
Also, avoid laptop cases that prominently display your company’s logo. Some laptops from companies such as auditing firms may be higher value targets for theft because of the possibility of personal data contained on the hard drive. Maker sure your laptop is engraved with an identifying marker- whether it is an inventory control number, or if its personal, your own name. Make sure you keep a copy of the serial number at home in a safe place, so in case it does get stolen, you can report that information to the police.
While this story does not specifically mention identity theft, it is the next logical step. Laptops can be sold specifically for the purpose of harvesting the personal data on them, which could yield about 200 dollars more than the hardware itself.
Also, practice regular backups of your data, so if it gets stolen, you do not lose anything that is irreplaceable. One victim of a recent laptop mugging lost 2 years of research for his dissertation. A 95-cent CDRom-RW could have been his best friend. Also, regularly scrub your laptops of personal data, and pay attention to your search histories too. Its amazing what someone can figure out about you from your search history.
Like This Post? Rate it and tell your friends! Click the Share button below.
(No Ratings Yet. Rate It!) Loading ...
