Thursday, September 17, 2009

Is it just me, or is reading all those emails somewhat intrusive... For all my students. I should work this into my “Email Etiquette” rant. Also provides guidance for Social Engineering.

http://blog.okcupid.com/index.php/2009/09/14/online-dating-advice-exactly-what-to-say-in-a-first-message/

Ok, here’s the experiment.

We analyzed over 500,000 first contacts on our dating site, OkCupid. Our program looked at keywords and phrases, how they affected reply rates, and what trends were statistically significant. The result: a set of rules for what you should and shouldn’t say when introducing yourself online.



Tools & Techniques For stalkers? At least you can get to know your new neighbors...

http://www.makeuseof.com/tag/how-to-conduct-a-free-criminal-background-check-online/

How To Conduct A Free Criminal Background Check Online

Sep. 16th, 2009 By Mahendra Palsule

Criminal Searches

Criminal Searches allows you to:

  • Search criminal records by first and last name, optionally filtered by US state

  • Search criminals in a neighborhood

  • Search sex offenders in a neighborhood

  • Sign up to receive alerts on criminal records of up to 5 names

  • Get criminal statistics based on types of crime, ethnicity, gender and age

… You can also check out previously profiled SpotCrime for crime reports in your neighborhood and Family Watchdog to get a map view of the National Sex Offender registry.



It's public or it's not, isn't it? Ignorance of the law is no excuse, but does that apply to “secret laws?” If the law is not freely (as in free) available, isn't it “secret?” If I link to it online, have I committed a “Copyright crime?” (I wouldn't know if I can't access the law...)

http://yro.slashdot.org/story/09/09/16/1925206/Professor-Posts-Illegal-Copy-of-Guide-To-Oregon-Public-Record-Laws?from=rss

Professor Posts "Illegal Copy" of Guide To Oregon Public Record Laws

Posted by timothy on Wednesday September 16, @03:48PM from the hey-man-I-paid-for-that dept.

An anonymous reader writes

"Copyright law has previously been used by some states to try to prevent people from passing around copies of their own government's laws. But in a new level of meta-absurdity, the attorney general of Oregon is claiming copyright over a state-produced guide to using public-records laws. That isn't sitting well with one frequent user of the laws, who has posted a copy of the guide to his website and is daring the AG to respond. The AG, who previously pledged to improve responses to public-records requests, has not responded yet."

The challenger here is University of Oregon Professor Bill Harbaugh.

[From the article:

Instead, the attorney general sells the 326-page book for $25 a pop, mostly to law firms and other state agencies. Kroger's spokesman, Tony Green, says that's how the AG's office makes back the cost of producing the book.

That doesn't mollify Harbaugh, who challenged the state's copyright claim by posting a scanned copy of the book. Harbaugh, who tends to get under the skin of public officials, complains it's just another chapter in the long effort by state bureaucrats to make using the law as difficult as possible.



SANS study

http://www.sans.org/top-cyber-security-risks/

The Top Cyber Security Risks

Two risks dwarf all others, but organizations fail to mitigate them

Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.

September 2009

Best Practices in Mitigation and Control of The Top Risks

A few weeks ago, the Center for Strategic and International Studies published an updated version of the Twenty Critical Controls for Effective Cyber Defense.

http://csis.org/files/publication/Twenty_Critical_Controls_for_Effective_Cyber_Defense_CAG.pdf

These controls reflect the consensus of many of the nation's top cyber defenders and attackers on which specific controls must be implemented first to mitigate known cyber threats.


(Related) Crooks are getting more sophisticated.

http://news.cnet.com/8301-27080_3-10355069-245.html?part=rss&subj=news&tag=2547-1_3-0-20

New scam adds live chat to phishing attack

by Elinor Mills September 16, 2009 1:22 PM PDT Updated 4 p.m. PDT throughout with minor additional details.

Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.

After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.

The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.

The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.


(Related) and their numbers are increasing fast.

http://news.cnet.com/8301-1009_3-10354540-83.html

Web 2.0 security risks scrutinized

by Vivian Yeo September 16, 2009 7:45 AM PDT

Web 2.0 sites that enable people to create content are increasingly used to carry out a wide range of attacks, according to a new security study.

Websense's State of Internet Security" (PDF), released Tuesday, notes that attackers are focusing their attention on interactive Web 2.0 elements. Some 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or contain malicious links, the security vendor warned. [I find that very hard to believe. Bob]

"The very aspects of Web 2.0 sites that have made them so revolutionary--the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks--are the same characteristics that radically raise the potential for abuse," Websense said in its report.

… According to Websense statistics, the number of malicious sites between January and June grew 233 percent over the second half of 2008, and 671 percent compared with the same period last year.

The security company also found that during the first six months of 2009, 78 percent of new Web pages with objectionable content such as pornography or gambling, contained at least one malicious link. Some 77 percent of Web sites with malicious code were compromised legitimate sites.



Some more Quick References (Okay, Cheat Sheets)

http://www.customguide.com/quick_references.htm

FREE Quick References

  • Distribute them at your organization.

  • Forward them to users with support issues.

  • Post them on your organization's Website.



For my website students.

http://www.killerstartups.com/Web20/ws4ws-com-the-why-wherefore-of-websites

WS4WS.com - The Why & Wherefore Of Websites

http://ws4ws.com/

Succinct answers to the "what", "why" and "who" for websites as a whole. That is what this portal is all about. The categories that you can have your pick from include “Database”, “Collaboration”, “Reference” and “Wiki”. Of course, a “Social Media” category is likewise part of the main list, along with a “Productivity” one.

… The aim of such a site is a clear one. General users can understand websites and how they work, effectively maximizing them. For its part, publishers do get the chance to promote their sites for free. The site is completely inexpensive in every case, so that if you want to question away simply set your browser to it and see what you can find.



Global Warming! Global Warming! Something useful from the recycle guys! Now is the time to grab the mineral rights (recycle rights?) to dumps and landfills!

http://hardware.slashdot.org/story/09/09/16/2228236/Transforming-Waste-Plastic-Into-10Barrel-Fuel?from=rss

Transforming Waste Plastic Into $10/Barrel Fuel

Posted by samzenpus on Wednesday September 16, @07:15PM from the mr.-fusion dept.

Mike writes

"Today Washington DC-based company Envion opened a $5 million dollar facility that they claim will be able to efficiently transform plastic waste into a source of oil-like fuel. The technology uses infra-red energy to remove hydrocarbons from plastic without the use of a catalyst, transforming 82% of the original plastic material into fuel. According to Envion, the resulting fuel can then be blended with other components, providing a source for gasoline or diesel at as low as $10 per barrel."



Dilbert explains the best reaction you can expect from a PowerPoint presentation...

http://dilbert.com/strips/comic/2009-09-17/

No comments: