It's proof that no one, no matter how good, can guarantee that there are no IT security risks in their products. US-CERT, the US government body that reports risks discovered in products, has its usual raft of Adobe and Microsoft products in this week's list but there is a surprising entry: data security company F-Secure, a recognised leader in the field, has made an appearance, too.
There's a whole industry, across the world, that charges fees for doing things you can easily do for free and which give you the impression, whilst not actually saying so, that you need their services to obtain your rights. One is the domain name registration scam, that appears in several variants.
In recent weeks, we've seen a significant number of spam-scams from a domain that is remarkably similar to an official UK government domain, showing that registrars and hosts are failing to identify obviously fraudulent customers. The fraudulent domain name is close enough to the real thing to fool many targets.
The benefits that flow to Google, Bing, etc. from linking to illegal websites are substantial. So are the benefits gained by internet hosts, especially those providing anonymous or anonymising services for a fee (e.g. Cloudflare) and the internet domain registrars that facilitate the purchase and anonymisation of domains by criminals. In this article, we start the list of domains and those who benefit from providing services to them. Registered users can add their own examples of genuinely illegal websites in the comments.
There's rarely anything new in Spam Scams but the letter that purports to come from "Investigation and Enforcement Services" and carries a (not exactly correct) UK Government Copyright Notice is novel. Read the full mail below.
It was called Avalanche and it was "specifically designed to thwart detection by law enforcement." But co-operation between enforcement agencies in more than 40 countries and private sector participants created a profile of it and that enabled it to be located and taken down. It had facilitated huge harms.
Mahmoud Daher, an employee of The Australian Securities and Investment Commission (ASIC), has today appeared at Downing Centre Local Court charged that he effected unauthorised access to restricted data and uttering a false document contrary to money laundering, etc. law.
firstname.lastname@example.org. Spam him, please. All website scrapers, email harvesters, even those who engage dozens of people in dark rooms in Delhi, get that address. Put it on every mailing list you can find. Bomb it. Block the mailbox. Make Microsoft...