Attacker gives Amazon feign sum from a whois query, and gets genuine address - A former Amazon software developer had his account information given away by of all companies, Amazon.
It seems that this all started with domain registrations, for some reason Eric Springer used the address of a hotel instead of his own. He writes on Medium.com ” It’s just a fake address of a hotel that was in the same zip code where I lived. I used it to register some domains, knowing that the whois information all too often becomes public. I used the same general area as I lived, so that my ... read more ...
Tag Archives: security
Fri 5th February 2016
Mon 25th January 2016
This week's new TLDs: 3 some-more from XYZ - 5 domains hit general availability on Wednesday.
New top level domain name company XYZ LLC releases three new domain names this week.
On Wednesday, the company will launch .Security, .Protection and .Theatre in general availability. The company didn’t originally apply for these names; it acquired them from other companies.
Following on XYZ’s recent .car, .cars and .auto releases, the company is taking a premium-pricing approach to these launches. Expect to pay $2,000+ for .security and .protection ... read more ...
Wed 4th November 2015
New U.K. Surveillance Bill includes monitoring users' online habits - BBC.com broke down the details of the new surveillance bill to be passed in the U.K. No surprise there are opinions from all sides with some saying the bill goes too far and are too intrusive, this type of surveillance is not legal in and other European country or the U.S.
Those in favor say these measures are needed to keep the country safe.
The article goes on to show what is allowed now:
What can the agencies do at the moment?
They can listen to phone calls, intercept emails and even hack devices ... read more ...
Mon 26th October 2015
Paul Vixie, Member Internet Hall of Fame: "New gTLD module is a Money Grab & Mistake" - Dr Paul Vixie, a member of the Internet Hall of Fame has called the new gTLD program a money grab and a mistake and called out ICANN for allowing it to happen saying it “indicates corruption.”
ZDNet.com, published a post about Dr. Vixie remarks from the Ruxcon information security conference in Melbourne on Sunday.
According to Wikipedia.org, Dr. Vixie is “an Internet pioneer, the author of several RFCs and some Unix software. After he left Digital Equipment Corporation (DEC) in 1994, ... read more ...
Tue 1st September 2015
FireHost Rebrands As Armor.com After Purchasing The Domain Name - On August 23, 2015 I had detected that the domain names Armor.com and Armour.com had likely sold and questioned if Under Armour may have purchased the domains from the past owner, Chris Poor who had owned them since they were created back in 1995.
Well, a company by the brand name of FireHost sent out a press release yesterday, August 31, 2015 announcing a rebrand to Armor and revealed they were the buyers of Armor.com.
I spoke to Chris Poor today on the phone and he was unable to provide comment ... read more ...
BlueCoat Study: Top 10 Shady Sites in New gTLD's Is Flawed as Unlaunched .Zip is #1 - Blue Coat Systems, Inc, an enterprise security company, issued a report today of the 10 new gTLD’s that have the most “Shady Sites” (pdf) concluding that “more than 95% of websites in 10 new Top Level Domains (TLDs) are suspicious”
The report is already getting a lot of coverage in the mainstream media but there is a huge issue with the report that hasn’t been covered.
The new gTLD topping the list is .Zip which hasn’t even launched yet.
.Zip which is delegated to the root is owned ... read more ...
Thu 27th August 2015
Can The FTC Sue You For Lax CyberSecurity ? - A couple years ago after some famous website hack, I was sitting in a Chipolte and said to a friend that somewhere down the road companies are going to get sued big time for getting hacked if they were lax in their security. My friend told me I was an absolute moron. His take was that a company did not ask to be hacked and would have no way of knowing if they would be hacked.
So today I was reading an article on AboveTheLaw.com, the headline “Can The FTC Sue You For Lax CyberSecurity? (Spoilers: ... read more ...
Tue 18th August 2015
Web.com breached, 93k credit label sum competence be compromised - Large domain name registrar discloses security breach.
Web.com announced today that a security breach might have disclosed credit card information of 93,000 of its customers.
The company owns Network Solutions and Register.com. Although most domain name investors use lower-cost registrars, many have accounts with these registrars for expired domain names. The registrars don’t necessarily have your credit card information, though, as domains won at NameJet are paid through NameJet. Update: See FAQs ... read more ...
Mon 29th June 2015
Click Fraud Malware Can Lead To Bigger Problems - Ashley Carman published an article today on SCMagazine.com that deals with click fraud malware and how it can lead to bigger problems. In her article she referenced a report by Damballa.com that was basically a overview of all potential infections going around the web. The report points out that click fraud malware is usually deemed “low risk” but it can lead to bigger problems.
From the article:
In the report’s RuthlessTreeMafia group example, a victim was infected with click-fraud malware ... read more ...
Tue 23rd June 2015
Symantec sells .Security and .Protection domains to XYZ - Symantec now left with two .brand domain names.
Security software firm Symantec has sold its two non-brand top level domain names to XYZ, the company behind the .xyz top level domain name.
XYZ says the .security domain name can be used for anything from private security to building security to internet security, with domains like ComputerSoftware.security and DowntownLosAngeles.Security.
The company notes that a lot of security companies use the term protection in their brand names and slogans. Protection ... read more ...
Fri 19th June 2015
Architelos Releases the NameSentry Abuse Report on Phishing For May 2015: Worst Offender .Br - Architelos released its NameSentry Abuse Report with a “Focus on Phishing” for all domain name extensions ccTLD, new gTLD’s and Legacy TLD’s like .com, .net and .org for the month of May 2015.
.Com had the most reports of abuse but still only 11K reports out of 118 Million or so domain names.
There were only 143 Phishing reports for May for all new gTLD’s out of over 6 million registrations
The ccTLD .Br had 1,026 reports all by itself which is around 7X more reports than all new gTLD’s ... read more ...
Fri 22nd May 2015
Report: 4 Million AdultFriendFinder.com Members Personal Information Stolen - click2houston.com, is reporting that the personal information from as many as four million members of AdultFriendFinder.com may have been stolen.
The information includes the sexual preference, marital status and other personal data, like dates of birth and email addresses.
According to the story, the site boasts 64 million members, but it’s not known which of those had their information stolen.
Its one of those sites that people in and out of relationships use to hookup.
For those in relationships ... read more ...
Fri 15th May 2015
According to SecureList.com New gTLDs are a strike with Spammers and Cybercriminals - According to SecureList.com there is one group that is taking to the new gtlds, that group is spammers. Stating that spammers and cybercriminals have found the new strings to be an excellent tool to promote illegal campaigns.
It is a pretty extensive article that is filled with examples, I am sure this will rally the anti new gtld participants to say, “We told you so” I am sure the pro new g crowd will see it as propaganda or a paid piece. SecureList is published by Kaspersky Lab.
From the article:
Spammers ... read more ...
Thu 5th March 2015
OpenDNS Working On A System To Quickly Detect Cyber Crime - Interesting article on ComputerWorld.com about a new system for detecting domain names and websites used for cyber crime. The company OpenDNS has been around since 2005 and has created something they call Natural Processing Language.
From the article:
A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.
The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) ... read more ...
Survey: domain name registrars contingency concentration on confidence and price - Domain name registrars must offer strong security and price to attract customers.
There are some questions I’ve asked on the Domain Name Wire Survey over the past ten years that have predictable answers year after year.
One of these is “Rank the importance of these items when choosing a domain registrar.”
Just about every year, security and price are the top two. That was the case again in 2015.
The weighted score for these two factors was essentially a statistical dead heat for the most important ... read more ...
Mon 16th February 2015
Memex Provides Law Enforcement A Better Way To Surf a Dark Web - Mark Stockley wrote an interesting article that took a look at Memex. Memex is brought to you by the people that built the original ARPANET. It seems to be very well received by law enforcement as a way to surf the “Dark Web”, it has even proved vital in one major conviction against a sexual predator according to the article.
Whereas Google and Bing are designed to be good-enough systems that work for everyone, Memex will end up powering domain-specific searches that are the very best solution ... read more ...
Tue 10th February 2015
Reuters: US Government Creating Agency To Deal With Cybersecurity Threats - According to Reuters citing a story in the The Washington Post, the U.S. government is creating a new agency to monitor cybersecurity threats, which will be called “The Cyber Threat Intelligence Integration Center (CTIIC)
According to the story the CTIIC will be an “intelligence center that will ‘connect the dots’ between various cyber threats to the nation so that relevant departments and agencies such as the Department of Homeland Security, the FBI and the CIA so they are aware of these ... read more ...
Fri 6th February 2015
Do Cheap Domain Names Fuel The eCrime Economy ? - It looks like the business of cheap domain names will be getting its own track at a security conference. RSA Conference draws nearly 30,000 attendees per year, and according to them makes them the world’s largest info security event.
The description for track goes like this:
To stay agile and avoid detection, cybercriminals need plentiful and “too cheap to meter” domain names and the DNS industry is only too happy to comply. The result is that most new domain names are created for wicked purposes. ... read more ...
Tue 25th November 2014
Symantec Discovers “Regin” A Sophisticated Piece of Malware - Symantec has discovered a piece of malware that has been used to spy on ISP’s and telecom companies that they say was most likely by a government agency. They did not say which government. The malware looks to have been created back in 2008, paused and then started back up.
Recode wrote about the news:
Computer security researchers at Symantec say they have discovered a sophisticated piece of malware circulating the world that appears to be used for spying at Internet service and telecommunications ... read more ...
Thu 30th October 2014
Agari and Neustar Partner To Provide Domain Protection Solution - According to a press release today Agari and Neustar are partnering to today announced the two leading security firms are partnering to give customers the highest level of domain security possible in the current climate of targeted and sophisticated cyberattacks. The partnership provides the industry’s first-ever collaborative domain protection solution for customers, combining the power of the Agari PRO solution with Neustar’s UltraDNS offering. The two services will reinforce one another to ... read more ...
Tue 21st October 2014
Chinese Government Launches Attack Against iCloud Users - According to Ars Technica it seems that China is running a man-in-the-middle attack on iCloud users. They have a screenshot of this on their website, this was discovered by a group called GreatFire.org.
From the article:
GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within ... read more ...
Fri 17th October 2014
Is Microsoft a Self Appointed Sheriff of a Internet ? - Robert McMillan of Wired did an interesting piece on how Microsoft became the self appointed Sheriff of the Internet. The article starts off detailing the facts in the case of No-IP. Apparently Microsoft had noticed that an unusually high amount of malware was going out to domain from No-IP.org.
It was 7 o’clock in the morning when the knocking on Dan Durrer’s front door woke him up. His dog started barking, and Durrer thought he was getting an early morning package. But when he opened the ... read more ...
Sat 27th September 2014
The Bash Bug Has No Easy Fix and Could Be More Problematic Than Heartbleed - Earlier in the year it was Heartbleed and now there is another bug that has been uncovered, Shell Shock, which could be even more problematic. Many outlets have covered the topic and NPR did a good job breaking down, the who, what, where and what potential steps to take.
From the article:
Hundreds of millions of computers and networks are at risk after a bug called Shellshock was found this week. It turns out it’s actually been around for a while — it took 22 years to discover this bug. If exploited ... read more ...
Mon 1st September 2014
Namecheap Finds & Issues Urgent Security Warning That May Affect All Internet Users - In a post on its corporate blog, Namecheap.com, the domain name registrar, announced it found an attack overnight and blocked over 30,000 IP’s that were attempting to gather the “username and password data gathered from third party sites that were trying to be used to try and gain access to Namecheap.com accounts.”
This is different than most attacks because Namecheap was not the target of the hackers, meaning that the hackers were not trying to get the user information from Namecheap, ... read more ...
Wed 6th August 2014
Does Anyone Actually Care About Security Online ? -
It has been reported by just about every major media outlet that the largest ever heist of user data took place recently by a group of Russian hackers. 1.2 billion passwords and 500 million email addresses. Over 420,000 websites are apparently involved.
Kashmir Hill from Forbes had the most interesting take on the story out of all the sites I read on the topic. Hill delved into how Hold Security the security firm who uncovered the hack was offering a service to tell people if they were vulnerable.
From ... read more ...