11 total posts
This spammer's stash could be yours
by Anne Broache , Staff Writer, CNET News.com | Published: 8/10/05
Gold bars, cash and a fully loaded Hummer H2 are among the prizes AOL is offering as it celebrates a settlement with a spammer.
Both AOL members and non-members--all of whom will have a chance to win the goods--can thank the Can-Spam Act.
The law, which has not gone without criticism, not only arms Internet service providers with legal weapons against those who fire off unsolicited e-mail, it also allows courts to seize any property that a convicted spammer has obtained using money made through the offense. Any equipment, software, or technology used for illicit purposes is also fair game.
AOL obtained the goods as part of a settlement earlier this year in the first lawsuit it filed under the Can-Spam Act, in a case involving a then-20-year-old New Hampshire resident.
From Wednesday until Aug. 19, people can sign up online for a chance at winning the goods. A winner will be announced shortly after the enrollment period ends.
Trying to stay a step ahead of Murphy's Law
By New York Times Staff, The New York Times
Published on ZDNet News: August 11, 2005, 6:43 AM PT
Don't put it off any longer.
That is the advice of specialists in planning for disasters, who say too many small businesses are courting ruin by failing to take fuller precautions against fires, floods and, increasingly, the loss of critical data stored in computers that go on the fritz.
Jane Vitart wishes she had acted sooner. When the Delaware River overflowed behind the French bakery and cafe she owns with her husband, Joel, in New Hope, Pa., last September, a retaining wall protected her shop. That lulled the couple into a false sense of security, and when the flood waters rose again in April, they did not bother to evacuate their equipment or their computer as they had seven months earlier.
New scam asks people to fax away data
(different source for another news story already posted)
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: August 11, 2005, 7:48 AM PT
Phishers have added a new lure to their tackle boxes: e-mails that ask people to fax sensitive information to bogus security investigators.
In a new scam, attackers are sending e-mail warnings that appear to come from PayPal, security specialist Sophos said Wednesday. These e-mails say that someone tried to reset the recipient's password and asks him or her to participate in an investigation.
The e-mails direct people to a Microsoft Word document hosted on a Web site and urges them to download the form, fill it out, and fax it to a toll-free number, Sophos said. The form asks for credit card information.
New York law requires notification after data breaches
Published: August 10, 2005, 5:47 PM PDT
By Declan McCullagh
Staff Writer, CNET News.com
New York Governor George Pataki on Wednesday signed a bill that requires businesses and state government agencies to notify consumers if sensitive data is nabbed in a security breach. This places New York on the list of states such as California that have adopted similar rules--while many other states and the federal government are considering them.
NIST releases vulnerability database
The National Institute of Standards and Technology (NIST) has launched a cybersecurity vulnerability database that will be updated every day. The National Vulnerability Database (NVD), funded through the Department of Homeland Security’s National Cyber Security Division, will provide information on security vulnerabilities and will be published at http://www.nvd.nist.gov
The NVD also provides such features as a statistics generation engine that allows graphing and is provided free to the public.
FBI director criticizes companies' code of silence
FBI Director Robert Mueller said that many companies are maintaining a code of silence by not reporting cyberattacks. Such behavior will harm companies and the nation, he added.
A recent exception was Atlanta-based Card Systems, which quickly reported the theft of hundreds of thousands of records to the FBI, Mueller said. But many other incidents haven't been reported, he said.
“According to a survey by the Computer Security Institute and the FBI, only 20 percent of companies that experienced computer intrusions in 2004 reported those incidents to law enforcement,” Mueller told attendees at the InfraGard’s annual national conference yesterday in Washington, D.C.
He said most companies believe that reporting a security breach will harm their image or competitive advantage in the marketplace or expose confidential information.
More in http://www.fcw.com/article89853-08-10-05-Web
Microsoft fixes delivery of IE patch
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: August 11, 2005, 12:55 PM PT
Microsoft on Wednesday fixed a glitch in delivery of a critical IE patch, which had prevented people from installing it from the company's Download Center Web site. The update addressed an error in a security bulletin released by Microsoft earlier this week as part of its monthly patch cycle.
Hackers slam 'Everquest II' economy
Published: August 11, 2005, 4:51 PM PDT
By Daniel Terdiman
Staff Writer, CNET News.com
Sony claims that a group of hackers illegally created a huge amount of "Everquest II" currency over the weekend, and says the players caused the game's economy to suffer 20 percent inflation in just 24 hours before being caught.
According to Chris Kramer, director of public relations for EQ2 publisher Sony Online Entertainment, the players had on Saturday begun using their so-called "duping bug" to make large quantities of platinum, the game's currency. (A duping bug is a hack that exploits a weakness in online games' code to effectively create counterfeit currency or other goods.)
The players then began trying to sell the ill-gotten plat on Station Exchange, the official auction exchange for EQ2 weapons, armor, currency and other virtual goods. "The amount of money in the game increased by a fifth in about 24 hours," Kramer said. "We have a lot of alarms for this kind of thing, and they all went off on Saturday."
Lavasoft Research: Den of thieves
"During the past few weeks there has been a buzz within the antispyware industry as a particularly malicious keylogger was found poaching into private bank and online accounts. The application has already probably succeeded in pervading to various accounts, stealing considerable amounts of money and credit card details.
On July 28th, our researchers came across this keylogger, named Dumador.df, when they discovered a Trojan dropper stchost.exe during an analysis of files. The Trojan was found to log keys, looking for eBay information in particular as well as bank information amongst numerous other things. The Trojan was added to the Beta SE1B59 definition file on the 29th of July. According to the latest information in the Whois database, the information was transmitted to a web server located in China, although the actual ISP seems to be located in Singapore
Sunbelt: Lavasoft finds similar trojan?