« June 2008 | Main | August 2008 »

July 2008 Archives

July 6, 2008


jill1194 pitch

jill1194 profile

missyinpink1987 pitch

missyinpink1987 profile

Spammers went after Twitter pretty hard this holiday weekend using the "friend invite" model that was first developed against other social networking services. Briefly, the attack involves creating a large number of spammy profiles and then inviting people to view the spam by performing a friend request, or in twitters case, "following" the spam target. I have included screenshots of a few of these attacks.

An individual can remediate this attack in the short term by disabling e-mail notifications of people following you. This is by no means an optimal solution. The only people who can really address the situation is twitter, through a combination of blacklisting, throttling, CAPTCHAs, and content analysis.

July 8, 2008

reCAPTCHA launches free mail address hider.

I guess this is easier than making a little graphic of your e-mail address. The attack surface for reCAPTCHA is pretty large at this point, and web page scraping is not the only means by which a spammer can grab your address, leading me to question how effective this will be for keeping your inbox clean. Thanks to Jennifer for the heads up.

July 9, 2008

Anti-spam company employee spamming on twitter.

Hilarious. Oh yeah, this is the company in question.

July 10, 2008


I was interviewed by SC Magazine's Dan Kaplan on the value of education in the security industry and its associated interpretation on both the west and east coast.

July 14, 2008

CoverItLive Event on Social Networking Security

I will be co-hosting a live blogging event on social networking security tonight with Jennifer Leggio on CoverItLive. You should be able to view the content in the horrifying iframe below here:

Thanks go to Plurk's Plurkshops for sponsoring the event.

Attackers hit close to home.

My wife Sophy's gmail account started spewing spam this morning to everyone in
her sent mail folder. Given that my wife has been working in technology for
about as long as I have been in information security, and specifically three
years in anti-spam, I was both slightly intrigued and rather miffed when I
received the following message in my inbox:


If this were a PC laptop, I would chalk this up to a desktop compromise. There
has not been a significant number of reports of OSX malware that does address
book scraping, making this possibility rather remote. I had Sophy immediately
rotate her gmail password, log in, and pass over a screenshot of her access


If we take a closer look at, we can see the IP doesn't exactly
reside in San Francisco:

descr:        CNC Group CHINA169 Henan Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20070111
source:       APNIC

I am pretty certain that neither of us were in China this morning, and at this
point I was certain that her desktop was safe as the compromise likely affected her
webmail account only. I later discovered that Sophy had used similar passwords
on multiple websites, leading me to believe that one of the many websites she
accessed was compromised, handing the attacker a legitimate Gmail login (her
e-mail address) and password.

The moral of the story is that you absolutely have to use a different password
for each and every website you use, or at least cluster your accounts based
upon attack propagation tolerance. In other words, you can use the same
password across multiple junk message boards, but doing the same across
multiple financial websites would be Bad.

Oh, and the attackers didn't just send spam from her mail account, they also
deleted all her mail on Gmail. Because Sophy maintains backups of her mail, a
potentially stressful day was avoided. Oh yeah, thats the other moral of the
story: maintain good backups, please.

July 27, 2008

Jack Newsham

John Nikola Newsham was born on Friday, July 25th to Tim and Aailyah Newsham. Congratulations guys!

About July 2008

This page contains all entries posted to NP-Incomplete in July 2008. They are listed from oldest to newest.

June 2008 is the previous archive.

August 2008 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.33