UGN safenet phishing report UGN safenet phishing report
Google ads, spyware, Hackers, Phishers and New forms of identity theft
Is it a good thing to let the governance of the internet go into the hands of questionable foreign administrators? No answer? Is it a good idea to open the gates of the internet to online criminals? Certainly it doesn't seem logical -- but everyone seems to be asleep, saying nothing, while the governance of the internet slips further and further into a coma.
No Clear on Consensus on Openness of "Whois"
The nonprofit organization that manages the Internet's domain-name system is set to vote on changes to the Web site registration process that would make it easier for people to shield their identities online and, indirectly, cut spammers off from an easy-to-mine database of legitimate e-mail addresses. The proposed change to the public Web site registration database -- known as "WHOIS" -- is expected to be considered by the Internet Corporation for Assigned Names and Numbers (ICANN), the Los Angeles-based group that oversees key technical matters governing how computers communicate over the Internet. (Washington Post)
Privacy activists said the WHOIS database has become a data-mining dream for marketers and spammers, to say nothing of stalkers and harassers. Companies representing some of the world's biggest brand names appear to have prevailed, arguing that any change to the current system would interfere with law enforcement investigations and trademark disputes. In the end, ICANN voted 7-17 to table the issue in favor of further studies on the privacy impact of the WHOIS database." (slashdot)
Whois reform: ICANN says let's run more tests You know, we shouldn't rush into anything
Says the Register:
"Everything you need to know about Virtualization at The Register's eSymposium ICANN 2007 Los Angeles Quick, people: what takes seven years? Biblical plagues? Itches? If you guessed an ICANN policy development process - that's a PDP to you, luddite - you are correct. ICANN today officially cut off the oxygen to its Whois reform PDP after seven years in favor of... well, no one's quite sure, yet. Something must have happened - after all, we're not hanging out at LAX for the charming scenery and the cool jumbos."
The Register
Whois Studies Approved, Privacy Deferred
Alex Veiga, AP Business Writer for WIRED NEWS writes:
A panel on Internet names voted Wednesday to defer long-simmering questions on whether names, phone numbers and other private information on domain name owners should remain public in open, searchable databases called Whois. Instead, the committee of the Internet Corporation for Assigned Names and Numbers, or ICANN, decided on further studies, which privacy advocates consider a stall tactic after seven years of discussions so far. (continue reading)
Meanwhile: internet users are under attack
The Whois is probably the bastion of hope in the war against cybercrime. What part of security don't they understand. Look at the facts:
In order to have a web site one must register and obtain a domain. In order to maintain some degree of accountability for that web site is the reliability of the people registering the domain. Without trackability, the domain owner is free to do as they wish -- right or wrong.
ICANN already allows rogue registrars and domain kiting -- the two best tools in the online criminal's arsenal. Why ICANN doesn't put a stop to it is beyond me -- strongly suggesting that something smells very bad in the wood pile.
Privacy advocates say
"individuals shouldn't have to reveal personal information simply to have a Web site." But isn't there something seriously flawed in that statement? How about an automobile? Should individuals have to reveal personal information to buy an automobile? What about hand guns? Should individuals have to reveal personal information to buy a handgun? How about a house? Should individuals have to reveal personal information to buy a house? You see, somewhere along the line there's got to be some degree of accountability. Privacy advocates obviously aren't firing on all eight cylinders. Because if they were, we wouldn't have to be reporting the following...
spammers have introduced MP3 music files into the expanding toolbox of stock spam techniques, with 15 million emails shaping the first spam run. Use of MP3 files is the latest tactic designed to sneak messages past spam filters and ultimately control the value of stock for nefarious reasons.
Phishing: October saw a decrease of 0.57 percent in the proportion of phishing attacks with one in 174.0 emails comprised of some form of phishing attack. Viewed as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 36.8 percent to 92.8 percent of the malware threats intercepted in October, the highest level on record. Market Wire (press release) - USA
According to the recent Symantec Internet Security Threat Report, cyber criminals are targeting trusted brands and Web sites to gain confidential information, such as usernames and passwords that they can use for identity theft or fraud, or to access sites from which to deploy further attacks. Cyber criminals are also becoming more professional and leveraging sophisticated toolkits to carry out these attacks. One example is with the use of phishing toolkits, a series of scripts that allow an attacker to automatically set up phishing Web sites that spoof legitimate Web sites. The top three most widely used phishing toolkits were responsible for 42 percent of all phishing attacks detected during the reporting period of Jan. 1 through June 30, 2007.
See: Symantec Internet Security Threat Report CNNMoney.com - USA
As early as 2004, someone calling themselves Vladuz was selling a set ofPHP files designed to create phishing sites that would collect eBay data. Guardian Unlimited - UK
During the first half of 2007, Microsoft's Malicious Software Removal Tool detected 31.6 million phishing scams--an increase of more than 150 percent over the previous six months--and tracked a 500 percent increase in Trojan downloaders and droppers, according to the company's latest Security Intelligence Report eWeek - New York, NY
During the first half of 2007 alone, 31.6 million phishing scamswere identified, up 150% from the previous six month time period. The study also identified a whopping 500% increase in trojan downloaders and droppers. These are malicious programs used to install trojans, password stealers, keystroke loggers, and other data-gathering software, on user's system. TG Daily - USA
Russian cyber-criminals are using malicious PDFs to broadcast a Gozi Trojan variant. A malicious PDF attack launched earlier this week is downloading a variant of the Gozi Trojan--the same malware that's been used to steal personal data with a black market value of over $2 million, including bank, retail and payment services account numbers as well as Social Security numbers. PC Magazine - USA
Most computer-security professionals don't believe in security. To those who know better, a computer network can never be "secure"--only "more secure." In other words: No data is absolutely safe. Forbes - NY,USA
Security experts are saying that a well-intentioned effort by the New Jersey Office of the Attorney General to combat phishing may backfire. Earlier this week, State Attorney General Anne Milgram called on four banks -- Bank of America, Citibank, Washington Mutual, and New Jersey-based Sun National Bank -- to provide her with details on how they respond to phishing incidents. PC World - USA
... a study by AOL and the National Cyber Security Alliance -- after examining computers from more than 350 households, they found that 80 percent lacked core protections like "recently-updated anti-virus software, a properly configured firewall and/or spyware protection." About one in five of the computers was infected with at least one virus and 23 percent of users received at least one phishing attempt within a two-week period via e-mail. Fairbanks Daily News-Miner - Fairbanks,AK,USA
Syracuse (WSYR-TV) - It seems scammers always try to capitalize in the middle of a tragedy. Your Stories viewer John Traino got an e-mail which looked like it was from the IRS asking him to donate to the victims of the California wildfires. NewsChannel 9 WSYR - Syracuse,NY,USA
grocery chain Supervalu Inc. earlier this year was conned into depositing more than $10 million into two fraudulent bank accounts before it discovered the ruse. Marketing Pilgrim - Raleigh,NC,USA
A phishing trojan that targets users of Apple"s OS X operatingsystem has been found to be much more widespread than originally believed,say experts. VNUNet.com - UK
Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director
* Discuss Photoshop
* Discuss Desktop Publishing
* Critique your Web Site