InforSec Weblog

Brooklyn spammer faces 11 years in prison

admin — Thu, 14 Jun 2007 07:51:54 +0000

A New York man pleaded guilty this week to violating the CAN-SPAM Act by sending junk email to about 1.2 million AOL subscribers in a 2005 run.Brooklyn resident Adam Vitale, 26, pleaded guilty on Monday before U.S. District Judge Denny Chin, according to a statement from Michael J. Garcia, U.S. Attorney for the Southern District of New York.

Vitale faces a maximum sentence of 11 years in prison and a $250,000 fine. He is scheduled to be sentenced on Sept. 13.

Vitale told a confidential informant that he could send spam to nearly 300 million email users, while making it nearly impossible to trace the spam run’s origins. Along with alleged accomplice Todd Moeller, whose trial is pending, Vitale bragged that he was able to outflank around AOL’s anti-spam technology.

The informant offered Vitale and Moeller 50 percent of profits from an undisclosed product the pair was to advertise. The duo allegedly sent the junk email advertisements to 1.2 million AOL customers between Aug. 17 and Aug. 23, 2005, according to the U.S. attorney’s office.

Information security experts today said that Vitale’s conviction won’t have much of an impact in the fight against spam.

the full story on SCMagazine

First Wordpress Spam Caught

admin — Wed, 16 May 2007 14:14:30 +0000

OK. Looks like finally (what is not a surprise unfortunately) I received first SPAM comment in my Wordpress Blog.
This is the content of the message posted beneath my entry:

vwfrw | azox@uriug.com | asiw.netfast.org | IP: 88.169.192.158
image search for tramadol tablet
[url=http://asiw.netfast.org/4a2e3rnh.html] image search for tramadol tablet [/url]
tramadol apap37 [url=http://asiw.netfast.org/tramadol-hcl-acetaminophe.html]
tramadol apap37[/url]
do tramadol and tylenol help chronic pain [url=http://asiw.netfast.org/gmodc8ot.html]
do tramadol and tylenol help chronic pain[/url]

Nothing sophisticated, but it is not a happy news that after 3 weeks since the first entry SPAM bots are playing seek-and-hide on my Blog.
To prevent SPAM comments in the Wordpress blogs you can use Aksimet plugin. It is effective, easy to set up and free tool for non-commercial use.

Intel and PGP will co-operate on encryption

admin — Sat, 12 May 2007 11:37:28 +0000

Intel and PGP have teamed up to sell encryption products on systems with Centrino Pro and vPro processors.

Centrino Pro is Intel’s latest combination of processor, chipset and radio, and was launched on Wednesday.

PGP’s encryption products will be marketed through Intel’s channel of resellers, systems integrators and distributors.

(more…)

Ten laws of Security

admin — Tue, 08 May 2007 18:27:05 +0000

The management of Information Security is not a simple task. The process of ensuring safety and confidentiality of information is time-consuming and requires a lot of resources. The technical, business and people skills are necessary to manage security risk properly and efficiently. Although the process itself is demanding and complicated, even in smaller systems, there are some general laws, which can help you understanding the security of the information systems.
The Microsoft TechNet Program presented comprehensive summary of Ten Immutable Laws of Security as a response for the increasing number of vulnerabilities and leaks in MS products. This is their reasoning for creating such list:

“Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft—or any software vendor—to “fix” them, because they result from the way computers work. But don’t abandon all hope yet—sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems.”
And here are the laws: (more…)

Russian government cracks Estonian Web sites

admin — Fri, 04 May 2007 21:16:48 +0000

The removal of a Soviet war memorial in the centre of the Estonian capital city - Tallinn sparked riots that have even moved over to the internet. Finnish security company F-Secure published the report on the availability of Estonian Governmental Web sites. The analysis of traffic shows that many web sites were not responding for the requests. Others were up, but did not allow any traffic from foreign IP addresses.

Some of them were still down in over the weekend. The average time to access those Web-sites was 2.5 sec, although 50% of the request failed. What is interesting from the political point of view the Estonian Minister of Justice, revealed in Estonian TV news an information that most of these DDoS attacks come from governmental IP addresses in Moscow. Hopefully the attacks will calm down soon.
As you can see DDoS attack is a major threat for the Internet Security. I will soon write something more about Denial of Service attacks. Now only link to Wikipedia [above].

Microsoft Security Intelligence Report

admin — Wed, 02 May 2007 14:35:17 +0000

Every six months Microsoft publishes Security Intelligence Report. The report for the second half of the 2006 was published at RSA conference April 24th in Japan. This Security Intelligence Report focuses on software vulnerabilities, malicious code threats, and potentially unwanted software. The data was collected by compiling, several vulnerabilities databases available on the Internet like Common Vulnerabilities and Exposures website, National Vulnerability Database (NVD) website, and others. The report itself presents pretty interesting figures and charts about the threats in Internet and malware trends comparing to previous statistics. Here comes the most interesting information:

Need for improvement:

The vulnerabilities which were included in the report clearly continue to rise in 2006. A total amount of 6,566 new vulnerabilities
is an increase of 41 percent from the previous year. There is obviously need for improved coding practices by software developers and
for strong vulnerability management practices among IT departments.

Beware of Tuesday!

A figure above shows disclosures by day of the week. As we can see Tuesday was the top day for new vulnerability disclosures in 2006. (more…)

How Secure is Your Password?

admin — Tue, 01 May 2007 10:26:31 +0000

The EASIEST way to discover the FACTS!
Is your partner cheating on you?
Who are your children talking to online?
What’s happening on the computer when you’re not home?
Imagine how much better your relationship could be if you could prove your partner is NOT cheating on you! Or if they are - wouldn’t it be better to know the facts now than wasting more time with them?
What could you find out if you had the password to your partner’s or child’s Hotmail, Yahoo, or AOL email account?
That’s were we come in.

This is an advertisement of services on one of the websites I have found this morning… (more…)

Project Honey Pot

admin — Sat, 28 Apr 2007 13:16:07 +0000

At the very beginning, before actually starting posting, I decided to install the Honey Pot Software on my website.

The idea of the project is to identify spammers and the tools they use to obtain e-mail addresses from websites in the Internet.

“Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.”

In general it increases security of information kept on our website. The mechanism is easy to install and maintain. It needs just couple of minutes to upload the script to the server and to put some links on the website. They should be invisible to normal users that browse website, but visible to the malicious robots.We will get several suggestions for formatting links that will be followed by most malicious bots, but will not be seen by human visitors. Some examples: (more…)

Hello world!

admin — Fri, 27 Apr 2007 15:46:28 +0000

Welcome!

#include main(){printf(”Hello world!\n”);}

My greetings in C - just 59 bytes long.