Friday, April 20, 2007

Brushfire in George... smoke in Tampa?

This is truly remarkable.  We’re in the Tampa Bay area, about 250 miles from Waycross, GA.

Now, there’s a huge fire up in Waycross.  And through an odd quirk in the wind patterns, we’re getting the smoke.  I just stepped outside and it was pretty rough — just a carpet of smoke throughout the area.  The picture below doesn’t do the situation justice, but here’s an example:

Smokecw1988

Alex Eckelberry

Monday, April 16, 2007

alex eckelberry resides at the Sunbeltblog

I’m no longer posting actively here.  Go to www.sunbeltblog.com  instead.

Thursday, April 12, 2007

Insuring data breaches

Tech//404, a new venture by insurance company Darwin, sells insurance for losses due to technology and security failures.  And they now publish a “Data Loss Archive”, a sort of repository of horrible acts of corporate data theft (it has potential, but should it only has a number of recent events and really should have an RSS feed). 

They also have a “Data Loss Calculator”, a rather grim calculator that lays out the cost of data breaches  — but it has zippy sounds (insurance company folks are such wild and crazy people.)

Corpdatlos12312388888
Datalkwe123123

The real costs of data breaches — ruined credit, stolen identify, etc. — are far harder to calculate. 

Alex Eckelberry

Fortune 500 companies that spam

Logl12398888888Well, they’re not spamming per se, but they have infected systems that are spambots.  And Rick Wesson’s Support Intelligence is tracking them. 

Rick has a blog worth reading.  Link here via Gadi.

Alex Eckelberry

Thursday, March 29, 2007

Beware fake IE 7 downloads

There is spam out there that tries to get you to download IE 7.  It’s fake, of course.  When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here).  Antivirus coverage is mediocre.


Fakeie123123123123


And just for fun, check out the source code of this spam.


Alex Eckelberry

Brilliant!

I’m going to give you a sneak peek of a very cool skunkworks project going on over at Mayhemic Labs

One thing that a lot of people have commented on (and particularly the good folks over at F-Secure) is that phishers register domains using words like “Chase”, “ebay”, etc.  This makes it easier to foil their victims (such as having a URL like “chase-banking-center.com). 

Of course, a great idea is to have the domain registrars simply refuse to register domains with these names (or at least trigger a review of a suspicious domain before allowing it to register).  However, that’s not always easy to get done. 

But what if new suspicious domain registrations were automatically tracked in a format that allows everyone to see what’s going on?


That’s just what Ben Jackson did over at Mayhemic Labs: He developed a “Domain Tracker System” to track domain registrations by using DomainTools' Domain Mark reports


Called the Crow's Nest,  it aggregates submissions of domain mark reports containing keywords that would be likely used in a phishing domain. The system processes these reports and adds them into a database. The submitter (or other volunteers) can then flag domains that look suspicious. These domains are then monitored for activity. Every 6 hours registration and DNS records are checked to see if the domain is hosted and or still registered. If the site is hosted, the user can then check the site and see if something phishy is going on, and if so, notify the parties affected.


Phishtrack_2131231231


Phishtrack_2131231232


For now, this site is only being used by security researchers. There’s also lots of people who helped him in this, and when it goes public, I’m sure he’ll thank those that don’t mind being publlicly acknowledged.  

Expect this site to be public in a few weeks.  And then those Phishers will feel a whole lot of hurt.  


Alex Eckelberry 

Tuesday, March 27, 2007

Best. Spam. Ever.

Bestspamever00099123


 


Alex Eckelberry