Online Scammers Go Spear-Phishing

Ant wrote to mention an examination at C|NET looking into the increasingly more effective techniques employed by phishers. From the article: "More recently, however, a hybrid form of phishing, dubbed "spear-phishing," has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims."

Read more!

Google for Related Stuff:

How Google ranks its Websites

Lorelle on WordPress » Secret Out - How Google Ranks Websites explains what Google uses to rank your website on their search engine, according to their patent made public back in March.

Read more!

Google for Related Stuff:

Trusted Download Program: Certified Non-Invasive Software

The Trusted Download Program is backed by America Online, Yahoo, CNET Networks, Verizon and Computer Associates. The program is set to begin early next year in a trial version, when the Internet partners will get access to a list of applications certified by online privacy watchdog group Truste, according to a statement from the companies. (CNET Networks is the parent company of CNET News.com.)

Spyware and adware have become widely despised for sneaky distribution tactics, unauthorized data gathering, the eating-up of computer processing power and other annoyances. Although adware makers say there are legitimate uses for their programs, an entire anti-spyware market has been spawned to combat the often unwanted software.

The Trusted Download Program won't blacklist adware or spyware. Instead, to be certified, makers of the software have to clearly communicate what their product does. The consumer then has to consent prior to download and again when installing the software.

For example, software that displays advertisements or tracks user behavior must disclose what type of ads will be displayed and what information will be tracked, according to the statement. The disclosure must also include which user settings may be altered, and must obtain consent for the download.

Furthermore, easy instructions to uninstall the software must be provided and displayed ads must be labeled with the name of the ad-serving software.

A "whitelist" of approved applications will be provided to the program sponsors, who can use it to make decisions about advertising, partnering or distributing software, according to the statement. Truste already certifies and monitors Web site privacy and e-mail practices.

Read more!

Google for Related Stuff:

Exploit code targets unpatched Windows flaw

Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, Microsoft warned yesterday. Fortunately the risk of attack is low.

The experimental code shows it's possible to knock over machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions. This vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function. In handling this request, memory consumption on vulnerable Windows boxes increase to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

Attacks on Windows XP SP1 would rely on having user authentication, reducing the scope for mischief by remote hackers. Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by the vulnerability. Win 2000 shops are most at risk but providing systems are properly firewalled then attacks should fail.
Irresponsible disclosure?

Normally the arrival of proof-of-concept illustrates weaknesses that might subsequently by used by hackers for more malign purposes. In this case, however, the attack approach is not especially successful in slowing down systems to a crawl much less as a means to infect vulnerable machines with hostile code. This is a denial of service only risk and the real interest (except to people interested in revisiting the long-running debate about the responsible disclosure of security bugs) is that it is based on an unpatched vulnerability.

Winny Thomas of Nevis Labs in India, the security researcher who developed the proof-of-concept code, readily concedes the Windows RPC memory allocation remote denial of service exploit he highlights is only a moderate risk. Microsoft is yet to develop a security fix. It criticises Thomas of publicising details of the flaw through FrSIRT, a full disclosure web site, instead of submitting it to Microsoft directly first. ®

Read more!

Google for Related Stuff:

Inform offers ' auto-categorizing ' News Search System

Heavy news consumers -- junkies to less sympathetic friends -- have access to thousands of free sources and millions of stories, as Web search, aggregation and syndication tools grow more powerful.

But, despite the sophistication of news reading tools, the search for relevance remains a disjointed, cumbersome affair, lacking in context and often ending in information overload.

On Monday, closely held New York start-up Inform Technologies LLC is set to introduce a context-rich Web news and blog commentary search system that offers automated links to related stories based on the users' reading history.

Inform tags and scores the elements of each article, making them far more searchable than keyword-based news search offered by Google News or the summary searches of a story's first paragraph offered by RSS (Really Simple Syndication) services.

What distinguishes Inform is how it combs through databases to determine key concepts such as topics, industries, people, places and companies mentioned in the story. These key concepts enable it to offer links to closely related articles or ideas.

Inform, located at http://www.inform.com/, aims to provide a publisher-friendly framework that reinforces brands. Inform displays news articles within a central frame lined with links to other sections of the publication, giving the reader the feeling of reading an actual newspaper. Above the story and on the right side, Inform links to related concepts.

The front page is selected by editors. But search beyond the initial page and news is located using computer search algorithms, similar to the way Google News works. Users can use the system anonymously or sign on for deeper personalization.

The system can find relationships between a particular search and related concepts. A search for "Ivory Coast" also returns news on "Cote d'Ivoire," the proper name of the francophone country. Articles concerned with terrorism don't always use the term, Goldman noted.

The system works behind the scenes and needs none of the complex search terms subscribers to premium news databases such as LexisNexis and Factiva must use. LexisNexis is a unit of Reed Elsevier NV. Factiva is a joint venture of Dow Jones & Co. Inc. and Reuters Group Plc.

"We are trying to bring that type of power to users for free," said Goldman, an ex-Lehman Brothers investment banker.

Inform plans to count on targeted advertising revenue tied to consumer's news preferences. Eventually, it wants to offer enhanced services that include subscriptions, pay-per-view articles, archived news and merchandise sales, officials said.

Inform Technologies has 55 employees, half of whom are based in India. These workers have set up a list of nearly 1,000 Web-based news sources and 100 top blogs and are adding several new sources to the system each day, they said.

Read more!

Google for Related Stuff: