Thursday, October 26, 2006

Don't let your Web app help spammers

We've all been plagued by unsolicited commercial email -- also known as spam. In fact, the Washington Post reported that spam may soon account for half of all U.S. email traffic.
Lets look at ways on how we can protect our email address from the spammers.
read the complete article here

Wednesday, October 11, 2006

How Ajax makes it easier to steal information from your clipboard

Cut Copy Paste has always been an important part of our digital life. Developers, as well as regular users, can't live without it. Regular users use it routinely to copy and paste information such as passwords and credit card numbers from one form to another. Office employees use it all the time when creating documents. There's no denying our reliance on the Copy and Paste functionality of the clipboard.

How would you feel if that information were stolen out of your computer?

read the complete article here

Sunday, October 08, 2006

Taking the battle to the phishers

"University of Illinois at Chicago is working with some financial institutions (he can't say which) on the anti-phishing agent, so there is commercial interest. "We'll be providing them complex code, user names, and passwords," he says. "And they will be able to see the phishing traffic" and disable it and track the phishers for eventual prosecution, for instance. "

This would be really interesting. So far we have seen few approaches including that of building a database of phishing sites. Though that is a slow and evolving process, but not good enough to stop phishing attacks. This anti phishing agent may just be the answer to provide quick solution to phishing attacks.

read the complete article here

Friday, October 06, 2006

Court OKs NSA wiretapping

http://www.wired.com/news/wireservice/0,71911-0.html?tw=wn_technology_security_3

"The Bush administration can continue its warrantless surveillance program while it appeals a judge's ruling that the program is unconstitutional, a federal appeals court ruled Wednesday."

"The program monitors international phone calls and e-mails to or from the United States involving people the government suspects have terrorist links. A secret court has been set up to grant warrants for such surveillance, but the government says it can't always wait for a court to take action."


Are they monitoring only what they have mentioned here?

Is Microsoft changing?

http://wired.com/wired/archive/14.10/microsoft.html

Something different from security but if all the chief security architect could be as Ray Ozzie, 75% of the security attacks we are seeing today wont be possible at all.

How safe is “hacker safe”

ID Thieves Turn Sights on Smaller E-Businesses

This article raises so many questions but the biggest of them all is how effective are these sites which are providing this kind of “hacker safe” services and who is to verify what level of services they are providing. For all we know, it’s just a false sense of security as we found out in this case. The companies, who are totally not aware of what to do about information security, get sucked into these kinds of services and are at the mercy of hackers.

Google victim of click fraud

This time it was google’s turn to play victim of click fraud.

http://www.theregister.co.uk/2006/10/06/google_adsense_worm/

RE: Privacy group takes US to court over email spying

post: http://www.theregister.co.uk/2006/10/06/eff_sues_us_govt/

What I would like to know is if US govt. can state it for the record, that they are only using it to monitor terrorist communications and NOTHING ELSE. They have claimed that they are using it to track terrorist communications but I don’t know if they have said only terrorist communication and nothing else?

Wednesday, October 04, 2006

To open source or not to open source

Yahoo allows outsiders to innovate on Yahoo e-mail

Yahoo has decided to open the underlying code of yahoo mail to outside programmers. Now this can be a good thing and a bad thing. Of course we will see a lot more applications built on top of yahoo mail, but then it is a also a nightmare from the security point of view. On one side, since the source code is allowed access they are more vulnerable to attacks. On the other hand, how secure will be the newer applications which are going to be integrated with yahoo mail.

Tuesday, October 03, 2006

Taking passwords to the grave

Interesting story on the passwords.

http://news.com.com/Taking+passwords+to+the+grave/2100-1025_3-6118314.html

it brings up an interesting twist to the whole password saga by raising a question, whether we should store them in our will. Though it has a valid reason but then isnt that against what we preach.