Security Bytes: Major spammer offers an allocution

By SearchSecurity.com Staff 06 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Spammer settles suit with Microsoft, Texas
The Blue Security saga showed that some spammers can fight antispam companies to the death and come out on top. But there are also times when the spammer caves to pressure and turns over a new leaf.

Ryan Pitylak, a spammer accused of unleashing up to 25 million unsolicited marketing messages a day at one point, has settled a lawsuit with the state of Texas and Microsoft. According to Silicon.com, the settlement will cost him $1 million plus the seizure of many of the assets he accumulated as a spammer. In his blog, Pitylak said he has seen the error of his ways and will dedicate his future efforts to helping eradicate nuisance email.

"Over time I have come to see how I was wrong to think of spam as just a game of cat and mouse with corporate email administrators," he said. "I now understand why so much effort is put into stopping it. The settlements with Microsoft and the [Texas] Attorney General's Office have been a serious reality check: harsh but good, and in the public's best interest."

He added: "I am pleased to announce that I am now a part of the antispam community, having started an Internet security company that offers my clients advice on systems to protect against spam. I'm now working earnestly to help other entrepreneurs avoid the traps that deceived me and led me to make questionable business choices."

McAfee acquires Preventsys
Santa Clara, Calif.-based antivirus firm McAfee Inc. announced Tuesday that it's acquiring Carlsbad, Calif.-based security risk management firm Preventsys Inc.

McAfee spokeswoman Siobhan MacDermott told the Reuters news agency that the transaction was valued "in the low millions." She declined to elaborate.

Preventsys develops security risk management software companies use to identify security problems as they seek to demonstrate and monitor compliance with internal auditing procedures and government regulations.

McAfee Chief Executive George Samenuk last week said at an investor conference that he planned to use some of the company's $1.1 billion in cash to broaden its portfolio of security products through acquisitions. He told a Cowen & Co. investor conference that he hoped to make several acquisitions over the coming quarters and that the deals would be valued between $5 million and $250 million.

New Snort fix arrives
Less than a week after Carpintereria, Calif.-based Demarc Security Inc. discovered a vulnerability in the popular open source Snort intrusion detection system (IDS) and issued a third-party fix, another security company has announced its own solution.

Chicago-based intrusion prevention system (IPS) firm AmbironTrustWave Corp. announced its own patch for Snort, which is used as a component of its ipANGEL product line. "The flaw was an evasion and not a vulnerability, which means that while it is possible for an attacker to bypass detection, ipANGEL sensors and the networks they protect were not at a heightened risk of other attacks," the vendor said. "The flaw affects all IPS products that leverage the open source Snort engine and potentially millions of companies worldwide."

Sourcefire Inc., the maker of Snort, has not yet made a fix known or endorsed any of the third-party patches, but said last week it would issue an update sometime this week.

Microsoft launches Web-based security services
Microsoft's Live Labs, launched in January, has rolled out two security-related Web-based services, one for providing authentication and another for connecting peer-to-peer applications through network firewalls. According to the IDG News Service, the services are part of Microsoft's plan to quickly deliver Web-based services to compete with Google Inc. and Yahoo Inc. Microsoft has already announced that many of its Live services will be hooked into the upcoming Windows Vista.

The Security Token Service (STS) is available at sts.labs.live.com, while the new Relay Service is available at relay.labs.live.com.

The IDG News Service said STS is an online identity-management service that enables users to register personal information on a virtual information card using Microsoft's authentication service, code-named InfoCard. After signing up for STS, when users visit a site that is InfoCard-enabled, they can sign in to the site using information stored in the virtual card. Microsoft Chairman Bill Gates unveiled InfoCard at the 2006 RSA Security Conference in February, calling it the successor to the password approach used by most organizations today.

Health organizations band together for security's sake
Leading health care industry executives Monday announced the formation of the eHealth Vulnerability Reporting Program, an initiative created to enhance the security of eHealth systems. The program will establish a framework by which eHealth system developers, their customers and security companies communicate vulnerabilities and aid in determining the most appropriate mitigation strategy, the group said in a statement. It will also facilitate the identification and communication of pertinent and time-sensitive information regarding security vulnerabilities for the purpose of enabling organizations to better evaluate and manage associated risks.

"While both the health care industry and government recognize the enormous potential electronic health record systems possess, we shouldn't lose sight of the risks and challenges they introduce," Augusta Kairys, VP, provider relations for Highmark BlueCross BlueShield and an eHealth Vulnerability Reporting Program board member, said in a statement. "Exploitation of security vulnerabilities has the potential to undermine physician and consumer confidence in these systems. Our goal is to establish a mechanism to identify and communicate security vulnerabilities, thereby minimizing their exploitation."

Tags: Information Security Laws, Investigations and Ethics,  Open Source Security Tools and Applications,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Open Source Security Tools and Applications Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of security tools Maltego demo: Identifying a website's trust relationships Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary