ASEAN Phishing Expeditions

Mila Parkour, the indefatigable phish researcher from DC, points to some recent spear-phishing attacks which to me help confirm that Southeast Asia, and ASEAN in particular, has become something of a focus for the chaps in China. They also highlight just how vulnerable diplomats in the region are because of poor security. One is a …

Continue reading ‘ASEAN Phishing Expeditions’ »

DigiNotar Breach Notes

Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom. Background web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right …

Continue reading ‘DigiNotar Breach Notes’ »

Did Prolexic Fend Off Anonymous’s Sony Attacks?

Prolexic, a company that defends clients against Distributed Denial of Service (DDoS) attacks, says it has successfully combatted the “Largest Packet-Per-Second DDoS Attack Ever Documented in Asia”: “Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second …

Continue reading ‘Did Prolexic Fend Off Anonymous’s Sony Attacks?’ »

Whaling in Singapore?

Singapore appears to be the source of a virus cleverly designed to hoodwink U.S. executives by appearing to be an emailed subpoena which mentions them by name, as well as their title. The SANS Storm Center said three days ago that We’ve gotten a few reports that some CEOs have received what purports to be …

Continue reading ‘Whaling in Singapore?’ »

Shoot The Messenger

Every time I start to feel warm and fuzzy about Microsoft something jumps up and slaps me back to reality. Here’s my latest slap: For some reason my Trillian messenger wasn’t connecting to MSN because of some weirdness with my ISP so I had to download and install the 9 MB behemoth that is MSN …

Continue reading ‘Shoot The Messenger’ »

Spammers Get Authenticated

Until now, most spammers sent their stuff through open relays — Internet-connected computers that were either unprotected, or else had been compromised by viruses or trojans into sending the spam without the owner being aware. But that is changing, says AppRiver, and it has big implications for how spammers work and may render useless today’s …

Continue reading ‘Spammers Get Authenticated’ »

The Red-faced Blue Frog

What’s intriguing about this Blue Security/Blue Frog episode, where angry spammers attack the anti-spam company with a Distributed Denial of Service (DDoS) attack, which in turn directs traffic (unwittingly or wittingly, it’s not clear yet) and temporarily brings down blog hoster TypePad, is this: The guy behind Blue Security, Eran Reshef, is founder of Skybox, …

Continue reading ‘The Red-faced Blue Frog’ »

Dialer Scams And Heads In The Sand

I can’t help feeling that telephone companies and Internet Service Providers are in real danger of legal action if they don’t tackle the problem of modem dialing. This NBC5 story from Chicago quotes a local woman as complaining about a series of weird calls to her phone company, SBC. The answer: “They didn’t know too …

Continue reading ‘Dialer Scams And Heads In The Sand’ »