9/5/2008 Weekly Security Post

Spammers Find a Friend
Cheer up spammers!  Times may be tough here in the States with new legislation and all, but at least you can take comfort in that you have a friend.  The Directi Group, a shadowy company, was found by anti-spammer KnujOn to own over 40 “phantom” Registrars.  These registrars are linked to faked real world addresses and are typically registered under fake company names as well. 

Among the worst is PDR, allegedly in Oregon (but not really).  It comes in a hot 9 in the top 10 “Worst Internet Registries”.  Thats because its cooking up something, and that something is a lot of spam. 

In all the Directi Group has a whopping 19,000 domains advertised by spam, including 1,820 fake pharmacy domains.  Enzyte here they come!  It uses a service called PrivacyProtect to try to cover its seedy tracks.  When the offensive sites are reported Directi Group does the responsible thing and deletes them… and then moves them to another IP address.  Spammers, nows that is true friendship!

The Directi Group isn’t the only company on Santa’s bad list.  Anti-spam communities SpamHaus and StopBadware report that Atrivo, a collection of companies which provide web hosting and other services are the center for online crime on the internet.  Also known as InterCage, this dirty group hosts botnets, malware, and other things that go bump in your computer at night.  Watch out for this one.

French Database Takes Aim At Politically Active Youth
Like politics?  Are you in a union?  And are you a youth 13 or up?  If so you might find your person information being added to the Edvidge database.  The database contains information collected by the government on all those showing political interests, which French government officials describe as “likely to breach public order”.

You might think such severe Big Brother tactics would be found in Russia and China.  Well, most people forget that France was home some of the most brutal political crackdowns in history, including the French revolution.  Their reputation for being soft or pacificists is certainly undeserved, according to many historians.

Still some French are not happy with the new project.  Michel Pezet, a lawyer and former member of a body charged with protecting French citizens from electronic prying states, “The Edvige database has no place in a democracy. There is nothing in the decree that sets limits or a framework. Whether the database is used with or without moderation depends only on orders from up high. The electronic Bastille is upon us.”

RFID Bullying — Nervous MythBuster Revises His Claims
MythBuster Adam Savage made headlines when he accused credit card company lawyers of bullying Discovery out of an episode on the simple pleasures of hacking RFID.  He’s gone from saying multiple lawyers were on call to nervously changing his story to that there was only one.  He also said he wasn’t actually on the call himself, per say.  Right Mr. Savage, we know exactly what you mean.

He also adds that the decision to cancel the show was not made by the Discovery channel but rather the producers of MythBusters — Beyond Productions.  How politically correct is that?  Its okay, Mr. Savage, by now everyone knows how RFIDs can be hacked to gain free subway access, and possibly much more, no MythBusters special necessary.  Now, who’s up for an RFID implant?

Criminals Love the iPhone
Some say crime doesn’t pay, but it does pay Apple, if reports are to be believed.  IPhone 3G’s are selling in droves and if reports are to be believed, criminal elements are among the Apple fans.  They’re not too worried about poor signal strength or cracked case — they love that the iPhone can feature remote wipe capability.  This way they can remove all traces of their illegal dealings, in case cops bust down their door when they’re out, or manage to snag their phone. 

UK’s Serious Fraud Office Keith Foggon warns of this development and adds that the BlackBerry from RIM also has this capability.

Terms of Service — Oh The Hours Of Entertainment
One of the more amusing topics of reading is terms of service.  While some are comical for their woefully bad attempts to write in the English tongue, some feature excellent grammar but are just funny in the ridiculous things they say.  End User Licensing Agreements (EULAs) certainly have a way with words.

Until recently the EULA for Google’s new chrome browser, offered that Google gets to repost, modify, and use any material you post or submit in the browser even if its copyrighted and you own it.  While Google removed this gem, its Gmail EULA still asserts that Google can read, modify, delete, or otherwise your email messages at whim.  So you might want to send those racey messages to your out of state flame on Yahoo.

Youtube (owned by Google) also has a creatively worded EULA.  It says that it gets to keep and display copies of your work, even if you delete it from the site.  Another similar provision is Facebook’s EULA.  Long after teens and 20-somethings have moved on from Mr. Zuckerberg’s internet empire, he will be sipping champagne and smoking cigars thanks to a lucrative residual business — they own your pictures.  Imagine how much money pictures of future presidential candidates drinking beer from bongs or cross dressing might fetch is such high-brow publications as People magazine or TMZ. 

Finally, a truly funny EULA is the one for AOL’s IM service.  AIM states that AOL may elect to kick you off and deny you service if your language is “vulgar, obscene, profane, indecent or otherwise objectionable.”  Obviously AOL’s staff must have been on vacation, say the last 10 years, while teenagers exchanged tomic volumes of such cultured remarks nightly.

(For last weeks security post, refer here.)

Leave a Comment

Your email address will not be published. Required fields are marked *