BlogSmall business, Marketing, Promotion and Web Design

There is a post on Mashable that outlines how to game Twitter into becoming a natural environment to spread malware. There is little to none incentive to create pure spam feeds, as they will, undoubtedly, be closed and all future links will be marked with “nofollow” attribute. Malware, however, is whole another story. In this case the attacker doesn’t have to have clean direct links. In fact, as it is mentioned in original article, attacker, actually, have to mask destination with some sort of shortener (worse yet, if the link looks like “legit” affiliate link). By gathering large enough audience, an attacker can get to them in a single strike. And if the destination look innocent enough, he might get away with it just long enough. After all -it all is still same old social engineering.

Educated guess says that Jaiku might be vulnerable the same way. Just look what happened to the Blogger.com (aka Blogspot) - it became free doorway hosting service right at the beginning…

Popularity: 16%

You might also be interested in reading this:

• Twitter, twitter, little star… (August 21, 2007): Last week I have discovered a new and innovative way people will produce doorways for their black hat SEO techniques. It's called Twitter and it's some sort of a guestbook, where posting is available via number of widgets, including direct post from IM. Create a bunch of twitter pages (the only manual part of the [...]
• Why Trusted Platform Module won’t protect you (December 14, 2007): Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is. Pretty much all the protection applied in [...]
• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]
• Survey and article (November 3, 2004): Having thought it all through, I think the subject of online credit card fraud deserves the specially written article. But before jumping the water, I think it would be worth to at least try to gather as much information as possible. So I set up a small survey, which I ask anyone who reads this [...]

Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is.

Pretty much all the protection applied in contemporary systems is built upon the thesis that any data is decipherable either by using LOTS of computer power or LOTS of time which makes data either too expensive to obtain in such a way or obsolete by the time it is deciphered.

Obtaining data from any hard drive is very expensive and time-consuming process. Unless you keep a little too much information on it - no one gives a damn. Basically, targeted attacks only make sense if attacker has enough reasons to believe that certain laptop possesses certain value. In all other cases - it’s cheaper to get “stuff” through other means.

That’s the primary reason for spam and phishing attacks – because it is cheaper and more productive to attack the weakest link in security chain. Such link happens to be a human, since most successful attacks use social engineering rather than brute forcing your password. Why break if you can ask and get it?

Generally speaking, most of security rules in place are impenetrable enough that fraudsters avert their efforts from brute force and other types of high-tech attacks and pursue scamming and phishing. Penetrating current security measures requires very high levels of knowledge and intelligence as well as knowing insides and outs of particular system one plans to attack. However, crafting fake bank web site and sending zillions of fake notifications to “update your account info” requires way less time, knowledge and costs almost nothing. The financial outcomes, however, are significant enough to make such attacks more feasible and more numerous.

Popularity: 14%

You might also be interested in reading this:

• Zoundry Blog Editor (January 15, 2008): While contemplating on my ideas of blogging editor I stumbled upon various reviews of existing blogging clients. One of them caught my eye, so I ventured ahead and downloaded Zoundry - free blogging client. I am attempting to write this post in Zoundry, version 1.0.40. Generally, I am not looking for features I came up with [...]
• X61p brief review (December 17, 2007): Since I have got the new Lenovo X61s laptop I am getting used to do things slightly differently then before. For one, I don't have to lug around with all the beauty of T60p with two hard drives and all the data on them. Even though all the e-mail isn't here (it's [...]
• What is it that I want (July 31, 2007): While moving tons of my ex-IT stuff from old apartment to new (and losing some ISA network cards on the way) I realized what is it that I ultimately need while most of my stuff is unavailable (like when I am moving, traveling, vacationing and so on). So think of this as of unofficial wish [...]
• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]

CNET runs an interesting story about analyzing the source of the e-mail message in order to determine how legit it is. Similar things have been popping up here and there for a while now, but it’s good that mainstream started to pick up on consciousness of the simple process of reading e-mail.

Popularity: 12%

You might also be interested in reading this:

• Why Trusted Platform Module won’t protect you (December 14, 2007): Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is. Pretty much all the protection applied in [...]
• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]
• Twitting in a new way (December 18, 2007): There is a post on Mashable that outlines how to game Twitter into becoming a natural environment to spread malware. There is little to none incentive to create pure spam feeds, as they will, undoubtedly, be closed and all future links will be marked with "nofollow" attribute. Malware, however, is whole another story. In this [...]
• Twitter, twitter, little star… (August 21, 2007): Last week I have discovered a new and innovative way people will produce doorways for their black hat SEO techniques. It's called Twitter and it's some sort of a guestbook, where posting is available via number of widgets, including direct post from IM. Create a bunch of twitter pages (the only manual part of the [...]