We've now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content. Two recent examples, both targeting PayPal: www.ppal-form-ssl.com and www.welcome-ppl.com.
Source: Net-Security.org - LogError - Posted by Benjamin D. Thomas
Image spam is a serious and growing problem, not least because of its ability to circumvent traditional email spam filters to clog servers and inboxes. In just half a year, the problem of image spam has become general enough to be representative of 35 per cent of all junk mail. Not only this, but image spam is taking up 70 per cent of the bandwidth bulge on account of the large file sizes every single one represents.
Phishing is a type of fraud that involves email messages designed to redirect users to malicious websites especially designed to steal banking data from unwitting users. In this way, ‘phishers’ can steal passwords and personal details to spoof users’ identity and use it fraudulently. They use the name and corporate image of real companies in order to gain users’ confidence and carry off the fraud. To avoid this, it is vital to make sure that all transactions are carried out in secure environments.
Intent-Based Filtering represents a true technological breakthrough in the proper identification of unwanted junk email, or “Spam”. To date, spam-filtering techniques have fallen into several categories: blacklists, rules and heuristics, or more recently, Bayesian filters and signature technologies.
A security researcher has a devised a novel attack on online anonymity systems in which he literally takes a computer's temperature over the internet.
The attack uses a phenomenon called "clock skew" -- the tendency for the precise clocks in modern computers to drift off of the correct time at slightly different rates, which can be affected by heat.
"When a crystal is manufactured, it has a clock skew, and it's different for each crystal (throughout its) lifetime," explains Steven J. Murdoch, a Cambridge University researcher who discussed his work at the Chaos Communications Congress on Thursday.
Source: Technology News Daily - Posted by Benjamin D. Thomas
The Electronic Frontier Foundation (EFF) welcomes the newest member of its Board of Directors, computer security expert Edward W. Felten. A professor of Computer Science and Public Affairs at Princeton University, Felten recently demonstrated the ability to manipulate results on a Diebold electronic voting machine -- showing that the equipment was extremely vulnerable to "vote-stealing" attacks that would undermine the accuracy of vote counts.
Felten's research interests include computer security and privacy -- especially relating to media and consumer products -- and technology law and policy. He has published about 80 papers in the research literature and two books. Felten was the lead computer science expert witness for the Department of Justice in the Microsoft antitrust case. He has also testified before the Senate Commerce Committee on digital television technology and regulation and before the House Administration Committee on electronic voting.
Source: Wall Street Journal - Posted by Eric Lubow
To deal with the mounting copyright issues swirling around video and other content online, a start-up founded by some respected Silicon Valley executives is taking a novel approach: combing the entire Web for unauthorized uses. Privately held Attributor Corp. of Redwood City, Calif., has begun testing a system to scan the billions of pages on the Web for clients' audio, video, images and text -- potentially making it easier for owners to request that Web sites take content down or provide payment for its use. The start-up, which was founded last year and has been in "stealth" mode, is emerging into the public eye today, at a time when some media and entertainment companies' frustration with difficulties identifying infringing uses of their content online is increasing. The problem has intensified with the proliferation and increasing usage of sites such as Google Inc.'s YouTube, which lets consumers post video clips.
A startup boasted on Tuesday that it had created a technology to recognize people's faces from photos posted online, causing a stir among some privacy advocates who worry about the implications of automated matching. The tool--from Swedish startup Polar Rose--converts two-dimensional images into three-dimensional profiles to compensate for colors and shadows and then applies a facial recognition algorithm to the result. The company is relying on its users to enter the names of known people into the database, turning a neat technological trick into valuable data.
In the information age, surveillance isn't just for the police. Marketers want to watch you, too: what you do, where you go, what you buy. Integrated Media Measurement, Inc. wants to know what you watch and what you listen to -- wherever you are.
They do this by turning traditional ratings collection on its head. Instead of a Neilsen-like system, which monitors individual televisions in an effort to figure out who's watching, IMMI measures individual people and tries to figure out what they're watching (or listening to).
Though botnets have caused a large volume of junk email in recent months, security researchers are more alarmed at the rise in their level of sophistication, warning that targeted phishing attacks are making their way into corporate email servers. "They've reached a level of sophistication that we usually associate with commercial grade products," said Mark Sunner, chief security analyst at MessageLabs in New York. "We've seen the activity change and now botnets are spammed out in discrete chunks." In November, the global amount of spam in email traffic grew to nearly 90% of all global email traffic, according to statistics kept by MessageLabs. And that percentage is expected to hold in December. In addition, the vendor reported that 1 in 200 emails contained some type of phishing attack. MessageLabs said more than 68% of all malicious emails intercepted recently have been phishing attacks, a steady increase over the previous months.
