Advertiser Sneaks Malware into Flash Ad

An underhanded advertiser trick that hit LiveJournal demonstrates a risk of accepting Flash ads -- they can pop up windows: ... the Flash ad contains code to open a popup that leads to a very different destination -- it's what I assume is an affiliate link that attempts to download and install ErrorSafe on your computer (link is to Symantec's description of it). This, of course, would be totally against any ad company's guidelines. Masquerading as a banner ad, but discreetly opening a popup -- ... (read more)

Robert Scoble, Naked Conversations and Exposed PCs

Robert Scoble's departure from Microsoft is getting major-news treatment from the mainstream media this morning: Mr. Scoble's blog, called Scobleizer, is widely seen as helping to humanise Microsoft and shift its stance from arrogant and aloof to one that is more inclusive and accepting of criticism. It also commented on broader changes in the net world and how they affected the company. Scoble began his blog around the time he left UserLand Software and deserves credit for using an employee ... (read more)

The Mother of All Infected Windows XP Systems

My mom has a Windows XP system with an always-on high-speed Internet connection that's occasionally used by relatives and other guests. The PC had become glacially slow, opening new web pages after a pause of 10 or more seconds, so I started looking for spyware or viruses that might be causing the problem. I brought the virus definitions in Norton Anti-Virus up to date and installed Ad-Aware to look for other junk. As they were running, shortly after midnight the PC began sending hundreds of ... (read more)

Netcraft Toolbar Catches Phish

One in 20 people fall for phishing scams and provide their account information to bogus versions of PayPal, EBay and other ecommerce sites, according to a study by Rachna Dhamija of the Harvard Center for Research on Computation and Society. The study presented real online banking and fake phishing sites to subjects to see if they could tell the two types apart. ... The most sophisticated site caught out 90 percent of the 22 people participating. I began using the Netcraft Toolbar in October, ... (read more)

Stopping Open Recursion Name Server Attacks

I received an ominous e-mail from my server host Thursday: The DNS service(s) on your server are currently open to recursive queries from the world, leaving them vulnerable to DNS cache poisoning attacks and allowing them to be used to attack other sites. Your server was reported participating in an outbound DDoS attack through means of this vulnerability by an attacker. Please ensure that recursive lookups are DISABLED in yournameserver's configuration to prevent future abuse. If you need any ... (read more)

Spammer Messes with My Headers

A few weeks ago, I mistakenly believed that I had closed a PHP mail form vulnerability that let spammers use my web server to send mail. Another batch of penis enlargement and phentermine pitches were sent through my server last night, which I discovered when "rejected bulk e-mail" bounces found their way to me. A spammer exploited a mail script I had written that coded the recipient address like this: $recipient = ""; I thought the script was secure because users couldn't ... (read more)

Identity Thieves Mastered My Card

I just completed a 10-day ordeal dealing with fraudulent charges on two credit cards. On Friday Nov. 18, my card donated $1.89 to the Hong Kong chapter of the relief organization Médecins Sans Frontières. The following Monday, my wife's card spent around $190 with the Ito-Yokado retailer in Japan. These charges were discovered within 72 hours as I reviewed my MasterCard account online. I had just paid for wireless Internet access at a Disney World conference center on Nov. 20, and a day later ... (read more)

Closing a PHP Mail Form Vulnerability

I wrote a PHP script that accepts e-mail from web site visitors using a feedback form. The script works with different sites, routing mail to the right inbox with a hidden field on the form: The who field doesn't specify an e-mail address, because that would be easy pickings for spammers. They crawl the web looking for e-mail scripts that can be configured to send e-mail to any recipient they specify. Instead, my script was written to send mail only to accounts on my server: $recipient = ... (read more)

My Name Server is Totally Lame

I started the day with a dead name server that knocked more than 100 sites offline, including Workbench, the Drudge Retort and all of the Buzzword.Com bloggers. I've been using BIND for years and thought I had run out of interesting new ways to break it. Overnight, most name requests failed and my server log filled up with errors like this: lame server resolving '' (in ''?): A lame server is one that's not responding to a name request it is expected ... (read more)

Don't Fall for Scamazon.Com

Considering the sophistication of the scam e-mails that I've been receiving lately, there must be a huge black market in phishing, the practice of tricking people into revealing their passwords from ecommerce sites and banks. A phony Amazon.Com e-mail I received last night is pretty convincing: Dear Amazon member, Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning. Per the User Agreement, Section 9, we may immediately issue a warning, ... (read more)