Security Bytes: Blog beatdown blamed on antispam vendor

By SearchSecurity.com Staff 08 May 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Antispam company denies it helped bring down blogs
Menlo Park, Calif.-based Blue Security Inc. denies claims it inadvertently caused a massive denial-of-service attack against popular blog-host sites TypePad and LiveJournal after coming under fire by a renegade spammer.

In a news release issued Thursday, the antispam company said last week's "sophisticated attacks" were orchestrated by a rogue cracker named PharmaMaster, carrying through on earlier threats to take down the company and the Internet if it didn't allow his spam to get through. The company has adamantly rebuffed the notion it was the victim of a denial-of-service attack. "The attacks started with a strike on the Internet backbone itself, causing the Blue Web site to become inaccessible to visitors outside Israel, while remaining available for Israeli visitors," CEO Eran Reshef said in a statement. The company's research work is performed in Israel.

Once the spammer launched the attack, Blue Security closed its site and posted a note on its blog. It claims PharmaMaster then decided to go after any site associated with the antispam company. "This attack caused five top-tier hosting providers in the U.S. and Canada, a major DNS provider and a popular blog site to go down for several hours," Reshef said. A security chief for Internet monitoring and routing analysis firm Renesys Corp. of Manchester, N.H., told InformationWeek that Blue Security changed its DNS record to reroute traffic to its blog, hosted by San Francisco-based Six Apart Ltd.'s TypePad site. It never warned Six Apart of the 1 to 3 million packets per second hitting its servers, causing the sudden spike in bad traffic to overwhelmed the blog host's servers and knock millions of TypePad and LiveJournal blogs offline for several hours.

Ohio University begins notifying alumni of server breach
Ohio University in Athens, Ohio has begun sending e-mails to 137,800 individuals and organizations to inform them that its alumni database, which contains personal information, including Social Security numbers, had been compromised -- perhaps as far back as 13 months ago. Faculty and staff hired before January 2004 also were affected, the school said in a news report. The server had been taken offline more than a year ago, so the compromise wasn't discovered until last week when IT staff noticed it was being used to launch a denial-of-service attack. A second server within the university's Innovation Center business incubator also was breached April 21, compromising patent data. The FBI discovered the theft while investigating another incident.

Yahoo sued for deceptive advertising scheme, spyware connection
A well known antispyware activist has filed a class-action lawsuit against Yahoo for manipulating its allegedly fraudulent advertising network. Ben Edelman filed the suit in New Jersey, alleging Yahoo's Overture pay-per-click network -- known formally as Yahoo Search Marketing -- routinely breached its contract with advertisers by bundling ads in spyware to produce pop-ups and gaining credit from traffic to sites without bona fide content that's part of its syndication contract. In addition, Edelman claims the ISP uses "typo-squatting" to route users to ad-based sites based on misspelled URLs, again to earn click-through payment credits. It also is accused of lacking controls to prevent competitors from clicking ads to hike the price a rival will pay for click-throughs. Edelman noted Yahoo has worked closely to generate income for adware vendor Direct Revenue LLC, a business relationship disclosed in a recent lawsuit against Direct Revenue filed by the New York attorney general. Yahoo told eWeek the company plans to "vigorously defend our position."

Linux kernel getting buggier
More security holes are appearing in version 2.6 of the Linux kernel and something needs to be done about it, according to the Linux production kernel's lead caretaker. "I believe the 2.6 kernel is slowly getting buggier. It seems we're adding bugs at a higher rate than we're fixing them," Andrew Morton said during a discussion at the LinuxTag 2006 conference in Wiesbaden, Germany, on Friday. His comments appeared in a ZDNet story about the conference. Morton said he hasn't proven the increased vulnerabilities from a statistical standpoint, but he said he's receiving more flaw reports. If he is able to confirm the increasing defect rate, he said he may temporarily halt the kernel development process to spend time sealing holes. "A little action item I've given myself is to confirm that this increasing defect rate is really happening," he said. "If it is, we need to do something about it." Specifically, kernel developers would need to focus more time fixing bugs. "We may possibly have a bug fix-only kernel cycle, which is purely for fixing up long-standing bugs," he said.

Windows Vista will affect security market
A new report from Boston-based Yankee Group says the security features in Windows Vista will essentially eliminate the need to use separate antispyware and firewall software. Vista will also have a significant impact on the $3.6 billion market for Windows security products, the report said. "Yankee Group expects Vista to significantly shrink the aftermarket for antispyware and desktop firewalls," wrote analyst Andrew Jaquith in the report. Vista may also reduce the need for disk encryption, device control and certain types of host intrusion prevention software, Jaquith added. But Yankee Group doesn't believe Vista will have a significant effect on the antivirus software space because it doesn't include antivirus functionality. For that, the software giant will begin selling its Windows Live OneCare antivirus program separately next month.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Information Security Laws, Investigations and Ethics,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Quiz: How to build secure applications Black box and white box testing: Which is best? Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary