Oh Happy Day

A few weeks ago published a short post on the demise of Atrivo (aka Intercage). Today Washington Post technology columnist Brian Krebs brings word that McColo Corp., a Northern California hosting firm that had been identified by the computer security community as home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day, has been taken offline.

Host of Internet Spam Groups is Cut Off

Spam Drops After Internet Providers Disconnect a California Hosting Firm

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, November 12, 2008; 7:16 PM

The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.

While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world’s junk e-mail.

The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.

But the company’s web site was not accessible today, when two Internet providers cut off MoColo’s connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.

Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. Read the rest…

Score one for the good guys… Of course I’m sure we’ll all miss those ads for male enhancement products in inbox…

HP, Dell, Toshiba Recall Laptop Batteries

Computerworld is reporting that HP, Dell & Toshiba are recalling approximately 100,000 Sony made laptop batteries.

October 31, 2008 (IDG News Service) Three of the biggest laptop computer makers are recalling certain batteries because of a risk they may overheat and catch fire. Sony Corp. made the batteries. The recall mirrors, yet appears a lot smaller, than a similar one that occurred two years ago.

This time, around 100,000 batteries are affected, a fraction of the 9.6 million recalled in 2006. Dell Inc., Hewlett-Packard Co. and Toshiba Corp. have already issued recalls for the batteries that were used in their products, and the U.S. Consumer Product Safety Commission said “consumers should stop using recalled products immediately.”

The batteries in question were manufactured between October 2004 and June 2005, and there have been about 40 incidents reportedly worldwide of overheating to date, Sony said today.

Most of the incidents are believed to be the result of manufacturing-line adjustments made during the period that may have affected some batteries, Sony said. In addition, some may have been caused by raw material flaws.

Of the 100,000 batteries affected, around 35,000 were used in laptops shipped in the U.S. By far the greatest number, about 32,000, were shipped with HP laptops. Read the rest…

Detail about the effected batteries and the recall programs can be found at:

• HP Notebook PC Battery Pack Replacement Program
• Toshiba Sony Battery Pack Recall Programs
• Dell Battery Recall

Update: engadget.com is reporting the recall also includes Li-ion batteries used in some Acer laptops as well as those from HP, Dell and Toshiba.

A Quick Update on the Palin E-mail Hacking Case

t’s been a few weeks since Sarah Palin’s private e-mail account was broken into and I’m sure many of you are curious what happening with the case.

Unfortunately, I don’t have any new information on the investigation or suspects… Michelle Malkin has confirmed the investigation is ongoing though:

I talked to Justice Department spokeswoman Laura Sweeney today for a follow-up. She says the “inquiry is ongoing.” She couldn’t comment on any federal grand jury activity that might be taking place related to the case.

SecurityFocus columnist Mark Rasch’s latest column examines the relevant federal statutes and how it might apply to the Palin case:

The Vice of Vice Presidential E-Mail
Mark Rasch, SecurityFocus, October 6, 2008

Is it a crime to read someone else’s e-mail without their consent?

Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle “Rubico” claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. (Editor’s note: Reports have linked David Kernell, a 20 year old undergraduate at the University of Tennessee, with the intrusion, but Kernell has not been charged nor indicted.)

To break into Palin’s account, Rubico had to figure out the personal details that the governor used as security questions. From behind a single proxy server, Rubico used a form of social engineering to change Palin’s password to “popcorn” and then posted both the technique he used and a few of the e-mails he observed. The technique was relatively simple and took less that 45 minutes, because much of Palin’s information was public. Read the rest…

Update (Tuesday, October 7, 2008 @ 10:05 a.m.): I originally wrote this post a little after 11:00 p.m. last night and after rereading it this morning I decide to change the title and rewrite parts of it. The most significant change is quote from Michelle Malkin’s article.

Update: Palin E-mail Hacker Indicted

Previous:

• Sarah Palin’s Private E-mail Account Hacked
• Palin E-mail Hack Follow-up

Palin E-mail Hack Follow-up - Updated

Updates Below the Fold…

As I mentioned yesterday the FBI and Secret Service have opened a criminal investigation into the unauthorized access of Sarah Palin’s private e-mail account. That investigation is undoubtedly progressing quietly outside the public view.

According to media reports the Associated Press has refused a Secret Service request for copies of the stolen e-mails. Smooth move AP, I can understand your desire to protect your sources, but the theft of those e-mails represent a gross violation of Sarah Palin’s privacy. You can either be part of problem or part of the solution.

On the bright side the operator of the proxy service used by the hacker is ready and willing to cooperate with investigators. From The Register:

Memo to US Secret Service: Net proxy may pinpoint Palin email hackers
Not quite Anonymous
By Dan Goodin in San Francisco
Posted in Security, 18th September 2008 01:22 GMT

Memo to law enforcement investigators tracking down who broke into Sarah Palin’s Yahoo email account: Gabriel Ramuglia might be a good place to start.

The 25-year-old webmaster and entrepreneur is the operator of Ctunnel.com, the browsing proxy service used by the group that hacked into the vice presidential candidate’s personal email account and exposed its contents to the world. While he has yet to examine his logs, he says there’s a good chance they will lead to those responsible, thanks to some carelessness on their part.

“Usually, this sort of thing would be hard to track down because it’s Yahoo email, and a lot of people use my service for that,” he told El Reg in a phone interview. “Since they were dumb enough to post a full screenshot that showed most of the [Ctunnel.com] URL, I should be able to find that in my log.”

Ramuglia got into the proxy business a few years ago, after schools began blocking access to an online game site he used to co-own. Pretty soon, people began using the proxy service to access YouTube, Gmail, MySpace, and dozens of other sites that are routinely blocked by IT departments.

As an aside… I used to carry a badge, criminal investigations happen at their own pace. I wouldn’t expect to hear much, if anything, about the progress of this investigation for several days.

Read more

Sarah Palin’s Private E-mail Account Hacked - Updated

Scroll For Updates…

Network World and Wired are reporting that Sarah Palin’s private Yahoo mail account has been hacked and that screenshots of messages have been posted on various web sites.

From Wired:

Vice-presidential candidate Sarah Palin’s private Yahoo e-mail account was hacked, and some of its contents posted on the internet Wednesday.

The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails.

The cache of stolen data contains five screenshots from Palin’s account, including the text of an e-mail exchange with Alaska Lt. Gov. Sean Parnell about his campaign for Congress.

Another screenshot shows Palin’s inbox and a third shows the text of an e-mail from Amy McCorkell, whom Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007.

Hacking into someones e-mail is a federal crime punishable by up to five years in prison and it appears that the FBI in coordination with the Secret Service has begun an investigation into this incident. I’m a little fuzzy on the law here but I’m reasonably certain that sites like WikiLeaks and Gawker that published the stolen information could face prosecution along with the hackers.

Update: The McCain Campaign has released the following statement:

“This is a shocking invasion of the Governor’s privacy and a violation of law, the matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment.”

Update: The FBI has confirmed that an investigation is underway. From CNN’s Political Tracker Blog:

FBI Spokesman Eric Gonzalez in Anchorage, Alaska confirms to CNN an investigation is underway.

“We are aware of the allegations and we are coordinating with Secret Service as far as the allegation that someone has hacked into Governor Palin’s personal e-mail account,” he said. “We are going to be working a joint investigation with Secret Service on this.”

Brian Hale, an FBI spokesman in Washington, also confirms the FBI has been contacted about the incident. Two federal law enforcement sources say the FBI and Secret Service would have concurrent jurisdiction normally on a matter such as this, but it remains to be seen if the Secret Service will take the lead on the investigation because Palin is a protectee.

Update: The always indispensable Michelle Malkin has the story behind the story:

This afternoon, I mentioned an infamous group of hackers whose Internet bulletin board was the gathering place for those who bragged about and publicized the Sarah Palin private e-mail hacking.

A tech-savvy reader who monitors the hackers’ site e-mailed me a detailed explanation of how it went down, who was responsible, and how someone with a conscience warned a friend of the Palin family of the crime (language warning):

As an aside… This would be a good time to change your passwords. A strong password should be at least 8 characters and include letters, numbers, and at least one special character. It should also be easy to remember but not easily guessed.

Hat Tip: Michelle Malkin & Ace.

For Additional Updates see:

• Palin E-mail Hack Follow-up
• A Quick Update on the Palin E-mail Hacking Case
• Newsflash: Palin E-mail Hacker Indicted

Bill & Jerry… Dude???

Microsoft has released the second in a series of ads featuring Bill Gates and Jerry Seinfeld… It’s an improvement over the first one but I’m still not sure Microsoft is trying to accomplish with these ads.

Dude, I mean WTF???

Bill & Jerry… WTF???

Dude, WTF???

I have no idea what Microsoft is trying to accomplish with this new ad featuring Bill Gates and Jerry Seinfeld… but if this is their response to Apple’s hugely successful Get a Mac campaign they might want to go back the drawing board.

Again… Dude, WTF???

Computer Crime…

Here an interesting video from Mikko Hyppönen at F-Secure that talks about one of the common misconceptions about computer crime and viruses. A lot of people think that since we haven’t had a major virus outbreak like the Melissa or Sasser worms in quite awhile the situation is getting better… As Mikko points out it’s not, it’s getting worse.

Race to Zero? How About Bad Idea…

I’ve been busy and haven’t been in a blogging mood over the last couple of days but I thought I’d point out a couple of great posts by David Harley and Randy Abrams at ESET’s Threat Center blog.

They’re both about the Race to Zero contest being held during the Defcon 16 conference.

What is the Race to Zero contest? The contest organizers describe it as:

The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.

David and Randy do a great job of laying why the Race to Zero is a bad idea… Anti-virus developers are receiving samples of thousands of new viruses and other malicious programs every month we don’t need contests that encourage the creation of new viruses.

Anti-virus software is not 100 percent effective and is often grossly oversold… It’s a risk mitigation tool that when used in combination with Sex Hex practices can reduce your chances of having your system compromised by malware.

Update: Eugene Kaspersky, one of the most respected people in the anti-virus industry weighs in on the Race to Zero here. Suffices to say he’s vehemently opposed to it.

Apple Tops in Tech Support?

I first saw this Computerworld article several days ago and I forgot about while I was dealing with more pressing issues. But it popped up in my inbox again today saw I thought I’d put my two cents in.

Personally, I don’t put much stock in much of what Consumer Reports says but I have to admit I mostly agree with their surveys findings on tech support. I’ve had good and bad experiences with tech support from Adobe, Microsoft, HP and others over the years but Apple has consistently been the easiest to deal with… I won’t say they’re perfect but in my experience Apple’s tech support is significantly better than what passes for average these days.

In other tech news:

Computerworld is reporting that Windows XP Service Pack 3 (SP3) may cripple some systems with endless reboots. The problem seems to be confined to systems with AMD processors. More information and suggested workarounds here…

Next Page »

• Blogroll

  • American Thinker
  • Blackfive
  • Counterterrorism Blog
  • Flopping Aces
  • Hacking NetFlix
  • Hot Air
  • John Patrick
  • Michael J. Totten
  • Michael Yon
  • Michelle Malkin
  • Monica Crowley
  • Mudville Gazette
  • One Marine’s View
  • OPFOR
  • Patterico’s Pontifications
  • Power Line
  • Rachel Lucas
  • RedState
  • Small Wars Journal
  • The Liberty Zone
  • The Long War Journal
  • The Strata-Shere
  • Tygrrrr Express
  • Villainous Company
  • Wizbang

• Links

  • America Supports You
  • CNSNews.com
  • Commentary Magazine
  • Computerworld
  • Factcheck.org
  • Human Events
  • IBDeditorials.com
  • Macworld
  • National Review
  • Reuters
  • The New York Sun
  • The Washington Examiner
  • The Washington Times
  • The Weekly Standard
  • Times Online
  • Townhall.com
  • Wall Street Journal

• Recent Posts

  • CNSNews.com: Union Workers at Big Three Automakers Average $73 an Hour
  • Newt’s Prospects Fading in Quest for RNC Chair?
  • Wall Street Journal: Why Bankruptcy Is the Best Option for GM
  • 5 Myths About the 2008 Elections
  • Change?
  • Wall Street Journal: Just Say No to Detroit
  • Poll Question: Who Do You Want As RNC Chair?
  • The Perils of Talking
  • RNC to File Suit to Undo McCain-Feingold Limits
  • Two Quick and Dirty Book Reviews

• Categories

  • Afghanistan
  • Announcements
  • Books & Movies
  • Computers
  • Crime
  • Culture
  • Economy
  • Education
  • Energy
  • Entertainment
  • Health care
  • Humor
  • International Affairs
  • Internet
  • Iraq
  • Law
  • Lest We Forget
  • Life
  • Media
  • Medicine
  • Military
  • Money
  • Palate Cleansers
  • Photography
  • Politics
  • Polls
  • Presentations
  • Security
  • Sports
  • Taxes
  • Technology
  • War on Terror

• Archives

  Select Month November 2008  (22) October 2008  (71) September 2008  (53) August 2008  (15) July 2008  (12) June 2008  (5) May 2008  (10) April 2008  (13) December 2007  (2) November 2007  (1)

• Advertisments

• Site Tools

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org