Spam Counts for Week Ending June 3, 2007

Written by on

My Gmail 30-day spam count was relatively steady, up just 7 to 312 spam emails for a 2% increase.

My second Gmail account, the one getting the phishing email, picked up one more phishing email to bring the total to 9.

Comment spam (including trackback spam) continues to climb at The OS Quest. There were 2,036 spam attempts during the week for an average of 291/day. This is up from last week’s 274/day average. The total now sits are 7,026 spam attempts. Two trackback spams made it through bringing the total to 13.

The Spam Chronicles saw a drop by almost 50% in comment spam this past week with 16 attempts (down from last week’s 31), all of which were stopped. The total now stands at 197 for the life of the site.

I switched the anti-spam plugin being used by both The OS Quest and Spam Chronicles. Akismet has been replaced with Spam Karma 2. The main reason for the change was that trackback spam that was getting through Akismet. While the number was small, it was still annoying. So far, SK2 has stopped 757 comment spams without letting anything through. Akismet takes a “black box” approach to anti-spam where the analysis is done by their servers and there’s no local configuration. SK2 does the processing locally so can provide greater detail about what it flagged something as spam. As the name suggests, it assigns a “karma” value for spam-like or non-spam like behavior. It has numerous configuration options, although I’m using the defaults.

News

Items in the news that caught my attention this week were:

Spyware was used to steal municple funds from Carson, CA. They stole almost $450K with IDs/passwords obtained with key-logging spyware. All but $45K was recovered. From the article:

Avilla said she still dosn’t know how her computer was targeted. She said she doubts it had the latest security software patch protections — something sheriff’s detectives and bank investigators told her is essential in safeguarding her computer.

The CIO website has an article on how hard it is to find and nab online criminals, even harder than actually catching them. In what may be a clue to one way the spyware could get on Carson’s computer this article mentions:

He learned, for example, that an aquarium employee had downloaded an audio file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer.

Slashdot had a posting about addresses provided to AmeriTrade (for accounts) being used as a source of spam. Rather than a network security breach it’s likely someone within AmeriTrade is leaking the email addresses to spammers. AmeriTrade attributes the spam to bot-nets and the past loss of customer data On a backup tape). They ignore the fact that people set up email addresses dedicated to AmeriTrade after the breach. This is something I do, set up dedicated email addresses with financial related accounts. This helps identify phishing emails and can be used to identify data leaks as in this case.

Site Update

Written by on

If you’ve been here before you’ve notice the site design has changed. I’ll provide more details in a few days for those of you interested in such things. In addition to the new look there’s some changes to the plumbing which should help me update the blog more frequently and make it more useful (at least in theory).

I’m doing the update in phases and tonight it was updates to the theme and plugins used. The next phase means updating many of the old posts as I implement tagging. Those of you who get the feeds may see many old posts being marked as new or updated. There won’t be any new content, I’ll just be adding tags and tweaking the formatting for the new design. Speaking of the feed, feel free to subscribe using your favorite reader.

The design isn’t mine as I used an existing free theme (no link or name yet, I want to be able to do it justice and make sure my implementation doesn’t give it a black eye.) but let me know what you think of the design and provide any suggestions.

Firefox 2.0.0.4 – Security Update

Written by on

Firefox has released an update with six vulnerability fixes for Firefox 2 which ups the version number to 2.0.0.4 One of the fixes is listed as “critical”. There’s also numerous other updates and bug fixes.

Enhancements include “enchancements and fixes for Windows Vista” and support for two new languages – Afrikaans (af) and Belarusian (be).

Beginning with version 2.0.0.3 there was a problem with the Java Console which is documented by Mozilla, this also exists with this update.

The Sun JRE installs a Java console extension in the program directory, which is not visible in Tools -> Add-ons. JRE 6 is not compatible with Firefox 2.0.0.3 due to the manifest file setting the maximum version number to 2.0.0.0. This causes a message about the Java console being disabled when you upgrade to Firefox 2.0.0.3. If you change that number to 2.0.0.* configure the Java control panel to show the Java console and run a Java applet, sometimes the console will work, other times it will hang Firefox (so it seems to be more than just a version check problem)

You’ll probably receive a warning that this add-on isn’t compatible when you install this update. If you need the java console refer to the FAQ for alternatives.

The update is available through Firefox’s built-in update function or you can download it from Mozilla.

Firefox 1.5 was also updated to Firefox 1.5.0.12 and includes similar updates. Mozilla has stated they intend this to be the last update to the 1.5 branch of their product.

Site Upgraded to WordPress 2.2

Written by on

The web site was upgraded to WordPress 2.2 last night. One of the changes made to WordPress 2.2 is that Widgets are now part of the core software and not enabled through a plugin. Widgets can be used on the sidebar and I do use them.

The upgrade seems to have screwed up which widgets are used on the sidebar. I’ve actually removed all widgets from the configuration so they might go away and the default sidebars will return. In any case, I’m planning a major site redesign from now until the weekend which will make the problem moot. [Update: The problem is unique to this theme - tiga 1.02 - which is listed as non-compatible so the problem should be resolved by the weekend when I change themes.]

Since I want to be at WordPress 2.2 for the upgrade I’m leaving things they way they are. Apologies for the slightly bizarre sidebars. [Updated 6/1 - with the theme update ths problem no longer exists]

Quicktime Security Update

Written by on

Apple has release a security update for Quicktime. The update is for Quicktime on both Windows and OS X. The update patches two vulnerabilities that can be triggered by visiting a malicious website. The first allows code to be executed, the second could allow the "disclosure of senesitive information".

Apple has also released an update to iTunes that now includes support for DRM free music. This update doesn’t have any security implications.