In the past we’ve written a lot about PDF exploits (when a hacker or scammer sends you an e-mail with a PDF file attached and some compelling reason for opening the file). By now most people know that these are really viruses, especially when the e-mail comes from someone you don’t know or the file is there without good reason.
Read More →

There has been a lot of controversy regarding Facebook’s ever evolving privacy policies, but it turns out that some of Facebook’s legal actions can actually benefit everyone. Facebook and Microsoft have both been actively fighting and prosecuting some of the Internet’s worst spammers. This week Facebook won $711 million in damages from Sanford Wallace after a U.S. District Court Judge ruled that Wallace had violated the U.S. CAN-SPAM Act. The U.S. CAN-SPAM Act national standards for the sending of commercial e-mail and requires the Federal Trade Commission  to enforce its provisions.

Sam O’Rourke, associate general counsel at Facebook, says “If someone perpetrates a spam campaign that we feel is any way significant to our users, then we’ll go after them.” Meanwhile, just last month Microsoft filed a total of five suits against spammers using “malvertisement,” online ads that serve up malware to users computers.

These cases are one of the few situations where a big corporation getting involved helps benefit the average user. Patrick Peterson of Cisco says that the legal recourse being pursued by Microsoft and Facebook is good for everyone. “It is great for everyone,” he says. “In many cases people aren’t willing to go through the tremendous expense and distraction of prosecuting somebody.”

According to Patrick, you shouldn’t assume that these companies are pursuing these lawsuits as a source of revenue. Facebook and Microsoft usually never end up collecting real money for these cases, instead they spend hundreds of thousands of dollars on legal fees for these lawsuits. Their ultimate goal behind these cases is just to halt spammers and set precedents to stop future spammers. “The next guy who thinks about doing this will think twice,” Peterson says.

(Via Forbes)

Read More →

fake-pay-pal-screen-shotA resourceful hacker was able to create a fake PayPal account to gather sensitive financial information that bypassed Microsoft Internet Explorer, Apple Safari, and Google Chrome security. The hack was designed to pop up a PayPal page with an artificial SSL certificate prompting users to submit sensitive information to the hacker without warning.

Noticeably missing from the list is Mozilla Firefox, which does not seem to be affected by the hack. Dan Gooden of The Register stated that “Even though the certificate is demonstrably forged, it can be used with a previously available hacking tool called SSL Sniff to cause all three browsers to display a spoofed page with no warnings, even when its address begins with ‘http.’”

To make matters worse, Microsoft apparently knew about this problem back in June when a hacker attending the Black Hat Security Convention exploited the weakness. A spokesman from Microsoft stated “Microsoft is investigating a vulnerability in SSL in Windows presented during Black Hat, Once we’re done investigating, we will take appropriate actions to protect customers.” Until the issue is resolved experts recommend that anyone using PayPal go to the site directly rather than risk getting duped into putting your information of a fake web page.

(Via Seattle Pi)

Read More →