WIN member since Oct, 2003

Tuesday, April 12, 2005

Pew report commentary - don’t get too comfy, ISPs

Posted Apr 12, 2005, 4:00 PM ET by Sarah Gilbert

Alyce Lomax from the Motley Fool (free registration required for this article) has some great commentary on the Pew report we covered earlier. She reminds us that, just because we’re getting a little more comfortable with spam, we shouldn’t ignore some of the scarier parts of the report - such as, ”more than half of people say that spam has undermined their trust of email, and 67% of people say spam makes their online experience ‘unpleasant or annoying.’”

ISPs and spam filter makers and email providers shouldn’t get “comfy,” Lomax says. After all, ” Spam continues to be a big, bulky pain, and when it comes to scams like phishing, it’s downright dangerous.”

And after all, 67% disgruntled customers is better than last year - but it’s still an overwhelming majority!

Read	Permalink | Email this | Comments [1]

Spam - the more we get it, the more we can live with it

Posted Apr 12, 2005, 2:53 PM ET by Sarah Gilbert

According to a new report from the Pew Internet & American Life Project, spam is a little like living in the Pacific Northwest. The more rain you have, the less you mind it.

Although by all accounts spam volumes are exploding, only 67% of survey respondents were bothered by it, compared to 77% a year ago. It’s not that it’s useful - the same percentage of respondents said they had purchased anything from spam this year as last (around 6%) - it’s just that, pundits suggest, we’re becoming inured to the annoyance.

After all, spam is actually better than junk mail - it doesn’t harm the environment! I’d rather have an inbox full of messages from “Swags T. Gassiest” and “FixMyCreditNow” than a gaudy pile of pizza coupons and “checks” from mortgage refinancing companies to recycle.

Read	Permalink | Email this | Comments [0]

Thursday, March 31, 2005

Protecting its customers

Posted Mar 31, 2005, 6:24 PM ET by Greg Scher

WoW..when it rains it pours and apparently anyone who was out phishing today, got struck by lighting.  A mere two weeks before the Windows Update site forces Windows XP workstations to upgrade to Serivce Pack 1 and on the same day that they released a significant upgrade to Windows 2003 Server, Microsoft has gone on a rampage.

Microsoft Corp. on Thursday filed 117 civil lawsuits against alleged phishers trying to scam Microsoft customers out of personal information such as credit card numbers.

The lawsuits, filed in U.S. District Court for the Western District of Washington, seek to identify large-scale scam operations and recover damages from so-called phishing operations. Phishers typically send out spam e-mail, made to look like official e-mail from a real e-commerce company, asking recipients to click on a link and update their personal information. The link takes consumers to a Web site that mimics the look of the real e-commerce company, but collects personal information for ID thieves to use.

Read	Permalink | Email this | Comments [0]

Monday, March 21, 2005

Debunking Exchanges IMF

Posted Mar 21, 2005, 8:45 AM ET by Greg Scher

Exchange D2D.com has a short piece that provides the low down on the Exchange Intellignet Mail Filter while also providing a bit of guidance on how the end user can really take advantage of it’s capabilities.

Friday, March 18, 2005

Dumprep.exe discoveries - is it spyware?

Posted Mar 18, 2005, 5:14 PM ET by Sarah Gilbert

After a long and tortured conversation with a Dell representative who barely spoke English, we decided my Inspiron must have a virus, or some nasty spyware aboard. The Dell guy said I should re-install XP. My stomach lurched at the thought. But I had to do something - my computer was getting exceedingly hot, then just shutting itself off. *pszhoooo* and silence. Not great for efficiency.

So I poked around in my task manager. Turns out I had four copies of a process called “dumprep.exe” running, all taking up a considerable amount of CPU time. I know, I know, you shouldn’t just go and mess with your processes - but I was desperate. It was this or a total hard-drive scrubdown. One by one, I shut them down. And suddenly, everything was fine.

I’ve been researching it, a bit, as it’s been a few days with no problems. Turns out that dumprep.exe is (or should be) a legitimate Microsoft program, one that runs when a program has a critical error and cannot be restored. It’s not integral to your system, so if you should sneak in and shut one down on your computer, it won’t be the end of the world.

And - it might very well be some spyware or other software in disguise. As a guest in The ISP Guide forum reports, “although spyware can assume the same name as this Microsoft software (as with any process, spy ware can “mask” itself as a legitimate OS software).”

XP users out there: has anyone else had a similar problem? Did you discover spyware or just reinstall XP?

Read	Permalink | Email this | Comments [4]

Wednesday, March 16, 2005

IE 7.0 Details trickle out

Posted Mar 16, 2005, 8:15 AM ET by Greg Scher

Looks like some additional details of IE 7.0 are finding their way to the huddled masses, lbeit in fits and starts.  And are we ever chomping at the bit.

Take a look at Microsoft Watch for some details on standards, secruity and the GUI. Sorry, no pics yet, just images for your mind to conjure up.

The most interesting things that I’ve heard so far are the RSS aggregator, tabbed browsing, .PNG graphics support, IDN support (this is a big one in light of emerging phishing attacks) and possible integraton between IE 7 and the MS AntiSpyware Beta, which I’ve heard is very likely getting the boot as far as enterprise support (Group Policy, enterprise threat reporting, etc…) is concerened.

MSN Hacker gets six months

Posted Mar 16, 2005, 7:27 AM ET by Greg Scher

Hmmm…how malicious could it have been to get him only six months?  Also, does anyone know if this was prosecuted under the CANSPAM legislation?

A Louisiana man has been sent to prison for six months for sending a malicious e-mail to Microsoft MSN TV customers.

The e-mails the convicted man sent out contained an attachment that the mails claimed would re-set their TV’s display colours when opened.

Instead, the attachment contained script that re-programmed customers’ TV boxes to dial 911 instead of a local phone number to access Microsoft’s servers

Read	Permalink | Email this | Comments [1]

Tuesday, March 15, 2005

Microsoft to require two factors

Posted Mar 15, 2005, 8:15 AM ET by Greg Scher

Microsoft has revealed at a security panel at CeBIT that it is preparing to dump passwords in favour of two-factor authentication in forthcoming versions of Windows.

Detlef Eckert, the senior director in charge of Microsoft’s Trustworthy Computing initiative, did not specify which form of two-factor authentication would be used in the next edition of the company’s operating system, codenamed Longhorn

Acknowledging that in this day and age single factor authentication, in other words PASSWORDS, just aren’t enough to secure corporate IT assets, Microsoft has announced much tighter integration of two factor authentication technologies into future versions of the Windows OS.  While they do exist today, two factor auth is more of an add on to the OS than a core component, as a result, it is inherently not as secure as it could be. 

One well known Online Financial Services provider has already begun to head down this route.  Who might you ask?  E*Trade.

For those of you unfamiliar with two factor authentication schemes, they can be summarized as authentication with two pieces of information.  Typically these pieces of information amount to SOMETHING YOU KNOW and SOMETHING YOU HAVE.  There are many examples.  In the case of RSA SecureID the “something you know” is a PIN number and the “something you have” is a key fob with a code that changes every sixty seconds based on an algorithm that the authentication server knows based on the serial number of the fob and the time.  If you lose the device, the PIN is useless and if you lose or forget the PIN, the device is useless.

Other approaches use RFID tags such that if the tag is in proximity to a sensor and the proper PIN is entered, the machine will unlock and when the sensor leaves the area, the machine will lock. Another well known approach to two factor authentication uses biometrics (a thumb/finger print, retina scan, etc…) and a PIN code.  Again, if you lose the bio feature…well, you’ve got bigger problems then not accessing your computer systems unless of your name is Jack Bauer.

Two factors.  Very secure.

Read	Permalink | Email this | Comments [2]

Sunday, March 13, 2005

Air Force gets Microsoft patches first

Posted Mar 13, 2005, 9:58 PM ET by Sarah Gilbert

Damn, and Microsoft made me feel like I was such a special customer…hah! Not. In order (they say) to thwart hackers, who might find vulnerabilities in the test versions of the patches, Microsoft is issuing security patches it’s developed for many of its software packages to the Air Force a month before they’re released to the public.

The Department of Homeland Security will let the other government agencies in on “new” vulnerabilities that exists and, once the Air Force is finished testing, will distribute them to the rest of the governmental computers.

Who knew that the Air Force were the computer whizzes of the U.S. government? I thought for sure it would be the CIA. Or is the DOHS just worried that these patches aren’t perfect so it shouldn’t expose anyone too important?

Read	Permalink | Email this | Comments [0]

How many spam emails did you receive in 2004?

Posted Mar 13, 2005, 5:25 PM ET by Sarah Gilbert

According to Canadian research firm Ipsos Reid, those in Canada receive 4,524 spam messages each last year. That’s about 49% of their overall emails. The good news? Spam fell as a percentage, and in total, for 2004; down from 68% in 2003.

No telling why Canadians (supposedly) get so many fewer spam emails than the rest of us (at 87% by most estimates). Maybe it’s because they already have inexpensive Canadian pharmaceuticals? Just a guess…

Read	Permalink | Email this | Comments [4]

Next Page ›