is now available!
The web has started commenting on twitter's decision to limit the number of accounts that a given user can follow. Having a hard limit is a smart move for multiple reasons. Not only does it allow you to more finely bound the computational load of the message passing architecture, it negatively impacts only two groups, namely spammers and the obsessive-compulsive.
This is a good first step that I have pointed out in an interview once before. I suspect that Twitter will also be working on a throttling policy as well as an IP and content blacklisting technology as follow-on mechanisms to continue to battle spam.
I enjoy talking with reporters, and I do so quite frequently. It is part of my responsibilities at Cloudmark. Thankfully, most of the guys I talk to on a regular basis are extremely responsible, detail oriented, and diligent about the facts; a single omitted word can radically alter the meaning of a phrase.
Chris Hoff, a very well seasoned speaker and media contact, is now experiencing the repercussions of such an error. By dropping the word "security" from the phrase "Virtualizing security will not save you money, it will cost you more.", a reporter changed Hoff's statement from a negative statement about the security to a negative statement about his employer. As you can imagine, this has caused a massive headache for Hoff and his employer.
The only way to fix any misquote in the current media climate is to generate corrective content early and often, as I am doing with this post.
I have been at BlackHat/DefCon since Tuesday, and I have been slightly out of the loop on some recent security events. Coincident with the presentations on social network security and new XSS attacks against MySpace, reports of a worm hitting MySpace and Facebook started trickling in via SMS messages from our team back at the office. My initial concern was that this was a full-blown Samy-style worm hitting both social network sites, and some of my comments were oriented towards this threat.
It turns out that the MySpace/Facebook worm was less a worm and more a standard malware-push technique. Rather than having malware infect a system to send spam to other users that enticed them to install the same malware, the authors had the malware hijack MySpace and Facebook profiles on login by the user, spamming their friends with a malware download pitch. Basically this ends up being a hybrid worm, that requires more than just pure browser support, like XSS and CSRF attacks, to propagate. Good show, spammers.
The interesting part of this incident is that attackers, the media, end users, and vendors are focusing on this as a social networking story and not a desktop malware story, when it is equal parts of both. It is further evidence to me that desktops are being considered by home users to be nothing more than browser containers, with their activities being almost completely focused around a handful of major (social) web properties.
I will be hosting the Defcon TCP/IP Drinking Game again this year. Drop by Friday night to see your favorite information security experts make fools of themselves.
I will be in Las Vegas for the Blackhat and Defcon conferences this week. I hope to see you all there!
John Nikola Newsham was born on Friday, July 25th to Tim and Aailyah Newsham. Congratulations guys!
My wife Sophy's gmail account started spewing spam this morning to everyone in
her sent mail folder. Given that my wife has been working in technology for
about as long as I have been in information security, and specifically three
years in anti-spam, I was both slightly intrigued and rather miffed when I
received the following message in my inbox:
If this were a PC laptop, I would chalk this up to a desktop compromise. There
has not been a significant number of reports of OSX malware that does address
book scraping, making this possibility rather remote. I had Sophy immediately
rotate her gmail password, log in, and pass over a screenshot of her access
history:
If we take a closer look at 123.12.254.155, we can see the IP doesn't exactly
reside in San Francisco:
route: 123.8.0.0/13 descr: CNC Group CHINA169 Henan Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR changed: abuse@cnc-noc.net 20070111 source: APNIC
I am pretty certain that neither of us were in China this morning, and at this
point I was certain that her desktop was safe as the compromise likely affected her
webmail account only. I later discovered that Sophy had used similar passwords
on multiple websites, leading me to believe that one of the many websites she
accessed was compromised, handing the attacker a legitimate Gmail login (her
e-mail address) and password.
The moral of the story is that you absolutely have to use a different password
for each and every website you use, or at least cluster your accounts based
upon attack propagation tolerance. In other words, you can use the same
password across multiple junk message boards, but doing the same across
multiple financial websites would be Bad.
Oh, and the attackers didn't just send spam from her mail account, they also
deleted all her mail on Gmail. Because Sophy maintains backups of her mail, a
potentially stressful day was avoided. Oh yeah, thats the other moral of the
story: maintain good backups, please.
I will be co-hosting a live blogging event on social networking security tonight with Jennifer Leggio on CoverItLive. You should be able to view the content in the horrifying iframe below here:
Thanks go to Plurk's Plurkshops for sponsoring the event.
