Best Damn Tech Show, Period.

Chris & Ponzi’s Wedding - Preparations, originally uploaded by Sprout.

Congrats to our fellow Geek Chris Pirillo and Ponzi on their recent knot-tying.

They read their vows off of a tablet PC. Awwww. Ponzi’s apparently crashed. Damn Windows.

_drew

According to an article posted by The New Zealand Herald, McAfee released a report about Organized Crime and the Internet. It appears that Criminal outfits are using “KGB-style tactics” to recruit blackhats. Apparently computer jobs (particularly in Eastern Europe) are low paying enough to make it worth consideration.
The article states:

“The gangs’ tactics echo the way Russian agents sought out experts at trade conferences or universities during the Cold War, the company said in an annual report.”

“Although organized criminals may have less of the expertise and access needed to commit cybercrimes, they have the funds to buy the necessary people to do it for them”

As we are look back upon the dusk of massive worm attacks as a standard, and the dwindling of the ‘recognition over profit’ hacker mentality, it only makes sense that the dawn brings us more personalized and sophisticated attacks. Yeah, Bot nets will be a big problem until ISPs start to do their share of enforcing malicious use policy, but for the most part we are seeing far more sophisticated approaches to Internet crime.

Lets face it. You never see mobsters tagging billboards. Where there was recognition from vandalism, now there is money. And where there’s a lot of money, there’s organized crime. The script kiddies are growing up and actually learning to program. As they do, we may want to pay attention to who does the hiring. There’s only profit in selling 0 day exploits when there are buyers, and now there are buyers.

Computer crime is becoming more sophisticated in a time where social engineering is still a very viable means of identity theft. I have a feeling that web 2.0 isn’t the only bubble with the potential to burst.

But on a plus side, there will always be the Internet Storm Center, white hats, and AV vendors to help keep you safe. The main difference here is that computer safety/security requires a lot more proactivity than other types of crime. Let’s face it, police cars can’t yet patrol the Internet.
I’ll discuss this a little bit more next Monday on the upcoming ‘Iris on the Virus’ segment, so come back next Monday and watch the show.

technorati tags:computer, crime, hackers, security, virus

Apple logo birthmark, originally uploaded by kmcculler.

This poor child. Probably Flemo’s. He would probably brand a child just to market his beloved Apple.

Lame.

_drew

By now you may have heard about the MySpace worm. This one uses a Quicktime flaw to compromise a user’s profile and ultimately direct users to a page with Zango (formerly 180 Solutions) content and spyware.

Here’s a little more detail. As far as I can tell (from reading an article at blog.spywareguide.com and stories linked to from here), The worm starts with an infected profile and does the following:

• Runs through the friends of the profile submitting a comment with a quicktime movie on the friends page.
• When the friend goes to their myspace page, the movie uses javascript to overlay a fake navigation bar over the users existing one (which looks pretty obvious if you don’t use the default look and feel).
• On this fake overlay is a login button. When you click here, it takes you to a spoof site where a user is prompted to log in. If the user falls for this and logs in to the spoof site, they wind up sending their MySpace login information to the bad guys.
• The bad guys use your profile to send a bunch of spam out to other victims and go through you friends as the cycle will repeat itself.

MySpace.com continues to allow QuickTime movies so the problem will likely persist. This then makes it also the responsibilty of the MySpace.com community. So as always, when on MySpace, always do the following:

• Pay attention to the url when you log in. (look for http://login.myspace.com in the address bar)
• If you see an IP address (em. 66.554.88.104) in the address on the myspace log in page, run and/or panic. Just DO NOT LOGIN THERE.
• Pay attention to the status bar on your browser when you hover over links (it’s the bar accross the botton of the browser by default). If the link isn’t to somewhere in the myspace domain, then be aware that it shouldn’t ask you for MySpace login information. (this doesn’t always help, but look anyway.)
• Get a different theme/skin for you myspace profile, this will help to make it obvious that your profile has been tampered with.
• Don’t be a sucker. No women, that you never met before, are sending you suggestive movies hoping you will contact them for a relationship. Even if you’re a very smart/good looking/likable/desirable person (easier said than done; for some harder than others).

If you are not familiar with Zango (or 180 Solutions) all you really need to know is that they are a bunch of douche bags and have done (and despite claiming otherwise) still do some unscrupulous things. These guys are one of the companies polluting the net with spyware, adware, and other baddies while waving the “Nobody said we couldn’t” banner. They are shit. Think of them as you would a herpes salesman.