For a while now, the web browser vendors and major purveyors of targeted internet advertising have been working on a proposal for allowing users to prevent web sites from tracking their online activity and using it to “customize their web browsing experience,” a.k.a., displaying targeted advertisements which are, theoretically, tailored to the person viewing them.… Read More: Have you enabled do-not-track? »
A recent security breach exposed the plaintext usernames and passwords of almost 100,000 members of IEEE, the Institute of Electrical and Electronics Engineers. The usernames and passwords were discovered by a researcher in 100GB of log files inadvertently left open to the public on an IEEE FTP server. Leaving aside for the moment how incredible… Read More: How to misread statistics, ArsTechnica edition »
UPDATE [2013-02-13]: According to this article on Craigslist, as of February 10, 2013, they have implemented and are testing the idea I described below for fixing the problem described in this posting. I recently placed a for-sale ad on Craigslist. I anonymized my email address in the ad, which means that the published email address… Read More: Craigslist email-reply scam and what Craigslist could do to fix… »
In the past, securing SSH on the public internet has been pretty much as easy as (a) keep your OS patched, (b) don’t let root log in with a password, and (c) run fail2ban to stop brute-force attacks. Unfortunately, it looks like the bad guys have finally figured out how to put their bots to… Read More: Ongoing large-scale distributed SSH brute-force attack »
On the afternoon of September 15, I started getting some strange email messages from cron on my Linux server, which hosts my email, blog, DNS, and several web sites for various non-profit organizations I’m involved with. (Background: One of the web sites, an old Drupal installation, handles scheduled tasks through a cron job that periodically… Read More: Post-mortem of security breach on my Linux server »
This time, my email identity thief created an account using my email address at support.mozilla.com. I received email from the site in French asking me to confirm my email address. I’ve reset the password on the account to prevent him from using it, but I can’t log into the account to see what profile information… Read More: Email identity thief strikes again »
I wrote several days ago about spam I received from Nation of Change at an email address which had previously only been shared with Brave New Foundation. Earlier today, I wrote about Nation of Change apparently attempting to cover their tracks after their unauthorized use of email addresses was discovered and reported by me. I… Read More: IMPORTANT UPDATE on Brave New Foundation and Nation of Change »
I wrote recently about spam I received from a new, shady-seeming progressive organization called Nation of Change, sent to an email address that I had only ever used to subscribe to another organization’s mailing list. I asked a lot of questions about Nation of Change, and thus far they’ve failed to respond to any of… Read More: Nation of Change trying to cover their tracks? »
In September 2009, I registered as a developer at sun.com. When doing so, I used a tagged email address, i.e., an email address part of which was unique to my registration at that site. I’ve never used that particular email address anywhere else or published it anywhere. In January 2010, Oracle completed its acquisition of… Read More: Oracle (née Sun) joins the club of companies who can’t… »
As I previously reported, somebody has been interacting with Web sites using my email address. I suspect that in addition to the ones I know about, this individual is probably also doing things that I don’t know about, because I assume that not all the web sites at which he’s using my address are kind enough… Read More: Mysterious identity thief uses my email address to create Skype… »