Friday, April 20, 2007
Brushfire in George... smoke in Tampa?
Now, there’s a huge fire up in Waycross. And through an odd quirk in the wind patterns, we’re getting the smoke. I just stepped outside and it was pretty rough — just a carpet of smoke throughout the area. The picture below doesn’t do the situation justice, but here’s an example:
Alex Eckelberry
Monday, April 16, 2007
alex eckelberry resides at the Sunbeltblog
I’m no longer posting actively here. Go to www.sunbeltblog.com instead.
Thursday, April 12, 2007
Insuring data breaches
Tech//404, a new venture by insurance company Darwin, sells insurance for losses due to technology and security failures. And they now publish a “Data Loss Archive”, a sort of repository of horrible acts of corporate data theft (it has potential, but should it only has a number of recent events and really should have an RSS feed).
They also have a “Data Loss Calculator”, a rather grim calculator that lays out the cost of data breaches — but it has zippy sounds (insurance company folks are such wild and crazy people.)
The real costs of data breaches — ruined credit, stolen identify, etc. — are far harder to calculate.
Alex Eckelberry
Fortune 500 companies that spam
Well, they’re not spamming per se, but they have infected systems that are spambots. And Rick Wesson’s Support Intelligence is tracking them.
Rick has a blog worth reading. Link here via Gadi.
Alex Eckelberry
Thursday, March 29, 2007
Beware fake IE 7 downloads
There is spam out there that tries to get you to download IE 7. It’s fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre.
And just for fun, check out the source code of this spam.
Alex Eckelberry
Brilliant!
I’m going to give you a sneak peek of a very cool skunkworks project going on over at Mayhemic Labs.
One thing that a lot of people have commented on (and particularly the good folks over at F-Secure) is that phishers register domains using words like “Chase”, “ebay”, etc. This makes it easier to foil their victims (such as having a URL like “chase-banking-center.com).
Of course, a great idea is to have the domain registrars simply refuse to register domains with these names (or at least trigger a review of a suspicious domain before allowing it to register). However, that’s not always easy to get done.
But what if new suspicious domain registrations were automatically tracked in a format that allows everyone to see what’s going on?
That’s just what Ben Jackson did over at Mayhemic Labs: He developed a “Domain Tracker System” to track domain registrations by using DomainTools' Domain Mark reports.
Called the Crow's Nest, it aggregates submissions of domain mark reports containing keywords that would be likely used in a phishing domain. The system processes these reports and adds them into a database. The submitter (or other volunteers) can then flag domains that look suspicious. These domains are then monitored for activity. Every 6 hours registration and DNS records are checked to see if the domain is hosted and or still registered. If the site is hosted, the user can then check the site and see if something phishy is going on, and if so, notify the parties affected.
For now, this site is only being used by security researchers. There’s also lots of people who helped him in this, and when it goes public, I’m sure he’ll thank those that don’t mind being publlicly acknowledged.
Expect this site to be public in a few weeks. And then those Phishers will feel a whole lot of hurt.
Alex Eckelberry