Tag: e-mail

Anonymous Email Services Shutter In Wake Of Snowden

Faced with the prospect of being forced to turn over metadata from their customers’ private correspondence to secret courts in the U.S. or other countries, two prominent secure e-mail services decided this week to cease operation. The secure email service Lavabit – lately the choice of NSA leaker Edward Snowden – announced that it was ceasing operations on Thursday after ten years of operation. The announcement was followed, on Friday, by a similar one from the security firm Silent Circle, which operated Silent Mail. Both companies cited the difficulty of securing e-mail communications and the prospect of secret government subpoenas to obtain information on the activities of their customers as the reason for deciding to stop offering secure email services. In a message posted on the Lavabit.com web site, owner and operator Ladar Levison said that he was being forced to “become complicit in crimes against the American people or […]

Continue Reading

Six Hours, $4500: The Short Life and Quick Death Of A Facebook Bug

A security researcher based in Indonesia disclosed yet another Facebook bug this weekend – one that would allow an attacker to obtain the primary e-mail address associated with any Facebook account. Hours after informing the social network about the bug, however, it was closed and the researcher, Roy Castillo, was $4,500 richer. Castillo, a white hat vulnerability researcher based in The Philippines, disclosed the bug in Facebook’s Developer Application Roles Page in a post on his blog on Saturday.  When exploited, it allowed an attacker to discover the primary Facebook email address of any account – even those with the email privacy setting on “Only Me,” Castillo wrote.   Attackers would need a Facebook Developer account and some basic programming knowledge to take advantage of the vulnerability, in which Facebook mistakenly disclosed the e-mail address associated with a unique Facebook user ID. After discovering the buy on June 25th, Castillo […]

Continue Reading

Cyberbunker Owner Arrested In Spain, Rolled In Mobile DDoS Van

As the saying goes: “If the van’s a DoS’in, don’t come a knock’in.” Or something like that. Alas, for  a man believed to be the controversial owner of the Dutch bulletproof hosting firm Cyberbunker, the authorities did “come a knock’in,” arresting the individual who is believed to be responsible for the world’s largest distributed denial of service (DDoS) attack. In a statement on Sunday, the Spanish Ministry of the Interior released a statement saying that National Police agents arrested the man responsible for the attacks in response to a European arrest warrant stemming from an investigation begun by Dutch authorities. The suspect was not named, but was described as a 35 year-old from Alkmaar (Netherlands) who was apprehended while  traveling in a van equipped with computer equipment and a range of antennas and used as a mobile office. The man is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm […]

Continue Reading

Data Breach For Dummies: Simple Hacks, Hackers Are The Norm

In spite of widespread media attention to the problem of “advanced persistent threats” and nation-backed cyber espionage, most cyber attacks that result in the theft of data are opportunistic and rely on unsophisticated or non-technical means, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). Verizon said that its analysis of 47,000 security incidents and 621 confirmed cases of data loss showed that three-quarters were “opportunistic” – not targeted at a specific company or individual – and financially motivated. Around 20 percent of attacks were linked to what Verizon termed “state affiliated actors” conducting cyber espionage. Verizon’s annual Data Breach Investigations Report presents the results of investigations conducted by Verizon’s RISK investigators, the U.S. Department of Homeland Security, US-CERT as well as by law enforcement agencies globally. In its sixth year, it is a highly regarded and oft-cited benchmark of malicious activity and threats to organizations. In a press release […]

Continue Reading

Spammers Using Yahoo, Google To Whitewash Links

If the gigantic distributed denial of service (DDoS) attacks against the spam blacklisting operation Spamhaus wasn’t proof enough: spammers have trouble steering around blacklists and other reputation-based filters. Even if the language in their message is generic enough to avoid detection, dropping a link to a known, malicious- or compromised domain is plenty to get an entire message dropped. Spammers without a legion of 100,000 bots at their fingertips have to get creative about getting their message into the target’s inbox. Lately, a method that’s drawing attention is to leverage low-security redirection services to whitewash a link to a ‘known-malicious’ or merely suspicious sites. Barracuda Networks said that it has captured spam attacks that are combining a Yahoo based URL shortening service with Google’s free Translate service to whitewash links in spam e-mail messages and evade automated detection. The message, which was sent to a Barracuda “honeypot” system  includes a […]

Continue Reading
1 6 7 8 9