Tech Blog » Web Security

Find out who sold your email to marketers

frank — Fri, 03 Nov 2006 03:06:38 +0000

Here is a website that can help if you are wondering how your email was released to the public for spam. This spam tracking site finds out if you sign up for anything online that requires an email address, what is your likely hood of leaking this information out to marketers.

It would be wise to take check out any website on www.spamleak.com before giving away your valuable email information.

Google face recognition

frank — Tue, 15 Aug 2006 22:13:05 +0000

Google is moving into added face recognition on photos in the future. They are already crawling the web and finding images all over the place. With this new feature they can link a person whose images had been posted on various website. Depending on how this information will be served up to the public, it can shave away a layer of anonymity on the internet.

Homeland security issued Windows security advisory

frank — Wed, 09 Aug 2006 23:52:29 +0000

Homeland security is taking on the task of warning us that our computers are at risk. They just issued a warning yesterday that there exists a security hole in Windows that needs to be patched immediately. The security hole could allow someone to gain access to the computer and completely take control.

Ubuntu Security Update

frank — Tue, 08 Aug 2006 16:26:21 +0000

http://www.net-security.org/advisory.php?id=6577

It is time to run an update on all Ubuntu systems if they have not been updated already.

Phishing attacks on Yahoo Messenger

frank — Mon, 28 Nov 2005 20:38:51 +0000

Hackers have used phishing techniques via email to obtain personal information from their victims. A new form of phishing attack surfaced. Attackers now use Instant Messaging (IM) to gain access to your personal information. This new attack on Yahoo IM delivers an IM message to the user that appears to be coming from someone they know. The message contains a link to a site that looks like Yahoo which requests the user to login. Once the user logs in, the login name and password are captured allowing the hacker to gain access to the user’s account.

This was written up in March 2005 by CNET and I just received one of these phishing messages recently.
Phishing Yahoo Messenger

Myspace.com hacked

frank — Fri, 14 Oct 2005 18:04:53 +0000

myspace.com is a very popular community site where people can post information about themselves and create a network of friends with other members on the site. Earlier this week, someone hacked the site by injecting code into a profile that will make a HTTP request in the background when someone views the profile. The HTTP request is written to add the hacker’s profile as the Hero to the viewing member’s profile. Each newly added Hero also contains the script to do the same essentially creating a worm on the site. Of course, it grew exponentially as the hacker realized later in a posting and it quickly brought down the site.

Website email scripts hacked

frank — Wed, 14 Sep 2005 14:24:34 +0000

Many webmasters have noticed strange activities in their server logs recently. It seems that bots or viruses are testing their email scripts for vulnerabilities. In many cases they do exist. The bots hack the sites by entering data into the email script and sending emails to whomever they wish in effect making your website a spam site.

Issue:
The problem this poses to you is that your website might be blacklisted by other services like AOL, Yahoo, etc. When their users get spam, they can easily click a button to tag it as spam and have it reviewed by the email service provider. If enough emails from your IP address where your website is hosted are tagged as spam, the email service provider will notify your ISP that the IP address will be blacklisted if action is not taken. Your ISP will usually suspend your account at this point and your website will be down.

Solution:
Make sure your email scripts on your website are secure. Create some checks and balances when the script tries to send an email. Make sure your script checks that the email being sent is legitimate based on data you have in your system or business logic. For instance, if you know your website only sends emails to people who are in your database, then check for it.