Monthly Archives: November 2010

Shopping Online? Know Thy Seller

November 29, 2010

This time of year, it seems like everyone has a guide on how to shop safely online. Most of these tip sheets focus on ways to spot insecure Web sites and harden your computer against data-stealing malware, but it’s equally important to research the reputation of the merchant before it’s too late.

Spear Phishing Attacks Snag E-mail Marketers

November 24, 2010

Criminals have been conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations, anti-spam experts warn.

The attacks are a textbook example of how organized thieves can abuse trust relationships between companies to access important resources that are then recycled in future attacks.

Why Counting Flaws is Flawed

November 18, 2010

Once or twice each year, some security company trots out a “study” that counts the number of vulnerabilities that were found and fixed in widely used software products over a given period and then pronounces the most profligate offenders in a Top 10 that is supposed to tell us something useful about the relative security of these programs. And nearly without fail, the security press parrots this information as if it were newsworthy.

Captchabot: Blurring Human and Machine

November 16, 2010

Last week, I wrote about a “bulletproof hosting” provider that offers dodgy Web hosting that is insulated from takedown by abuse complaints or requests from Western law enforcement agencies. Today, I’ll look at one of that bulletproof provider’s biggest clients: Captchabot.com, a service that automates the solving of “CAPTCHAs,” those annoying agglomerations of squiggly numbers and letters that many online services require users to solve to help ensure that new accounts are not being auto-created by a computer.