Spyware Weekly Newsletter :· September 24, 2003
The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/sep24,2003.
California Bans Spam. All Of It.
California Governor Gray Davis has signed a law that criminalizes the sending of commercial email to people who have not explicitly requested it. There are no exceptions to this law, no loopholes to exploit. If it is an email sent in bulk, advertises any product and the recipient did not request it, a crime has been committed.
Civil action can be undertaken by the state, by e-mail providers that have to handle spam and by the recipient. Backers of the new law say that giving individuals the right to file lawsuits against offenders will ensure that the law is enforced, even if the government itself decides not to enforce it.
If proven to have spammed a Californian resident, a spammer breaking this new law will face fines up to $1,000 for each unsolicited message sent and up to $1 million for each email campaign. The bill also puts the burden on the sender of the emails to determine if a person is a California resident, something which is not easy to do.
It is unclear whether Governor Davis is just pandering for support in the upcoming recall vote and whether or not this law will survive legal challenges by direct marketing lobbyists.
The new law is a little scary, as it probably effects me as well. I send emails in bulk and they do have one advertisement. However, I'm glad to see this law go into effect. If you have not requested mailings about new products or have not done business with the company, then that company has no damned right to email an advertisement to you.
Links:
http://yro.slashdot.org/comments.pl?sid=79689&cid=7038060 :: New York Times article (via Slashdot)
Featured Software :· Pop-up Stopper Professional
 |
Program: Pop-up Stopper Professional
Author: Panicware
Platform: Windows 98, 98SE, ME, 2000 and XP (Macintosh versions available)
Browser Support: AOL, MSN, Internet Explorer 5.0 and above, Netscape 4.x, 6.x, 7.x, Opera 6.x - 7.x, SBC Yahoo, WMConnect, Compuserve, Juno, NetZero, Mozilla
License: $39.95 $19.47 [35% off for SpywareInfo readers. Use coupon code SPYWARE]
I have a tremendous offer for you this week. There is a 35% discount on Panicware's Pop-Up Stopper Professional. This is one of the premier pop-up blocking programs on the market today. It has received great third party reviews from the likes of Time Magazine, The Wall Street Journal, The Los Angeles Times, Newsweek, USA Today, CPU Magazine, Chicago Sun Times and many more.
Pop-Up Stopper is listed at $39.95. The Panicware people have this program on a special discount of $10.00 off. However, Spywareinfo readers now have a special discount on top of that. The price for this excellent program is only $19.47 ... that's more than fifty percent off their list price!
Panicware is allowing Spywareinfo readers to apply the 35% discount to all their products for this week. That includes Pop-up Stopper Companion, a Macintosh version of Pop-up Stopper (Pop-Up Zapper), Don't Panic!, and even the Spycop antispyware program that we featured a couple of weeks ago. Go have a look at all of their products.
Remember to use the coupon code SPYWARE at checkout.
Every week, SpywareInfo arranges a discount on the programs best suited to keep your private life private. This arrangement lets us pay the bills to keep SpywareInfo running without having to sell ads to the likes of DoubleClick and X-10.
We do need your input, as the discount is for your benefit. What commercial privacy software would you like to see featured here at a discount? Drop us a note and let us know.
Links:
http://www.panicware.com?rid=1520 :: Panicware Home Page
http://www.panicware.com/product_psprofessional.html?rid=1520 Pop-up Stopper Pro
The Ultimate Browser Hijacker
Verisign, custodian of the .net and .com registry, recently began redirecting all mis-typed internet addresses for web sites that don't exist so that web surfers end up on Verisign's pay-per-click search portal. This has broken countless millions of spam filters, networking tools, and blocked all competing error page redirection services. Verisign has become the ultimate browser hijacker.
The internet community is in an unprecedented uproar. Tens of thousands of angry IT geeks at Slashdot rushed to sign an online petition targeted at ICANN demanding that it use its authority over Verisign to force it to stop hijacking mis-typed domains. After the first ten thousands signatures were received, printed copies were sent to ICANN via FedEX.
ICANN has sent Verisign a letter asking that it voluntarily suspend the hijackings while they discuss the situation. Verisign refused the request.
The developer of BIND, the software running on most of the world's Domain Name Servers (DNS), has released a patch that nullifies Verisign's hijack. This patch can be downloaded at http://www.isc.org/products/BIND/delegation-only.html.
Poplar Enterprises, another company which uses error page redirection at the browser level to drive traffic to pay-per-click sites, has sued Verisign in US Federal Court claiming unfair competition. Rival domain name registrar Go Daddy Software also has filed a lawsuit in Federal Court.
Your Privacy At Risk
Privacy activist Richard Smith has announced that he has discovered a web bug embedded in the page on which surfers land when they mis-type a web address. This web bug, set by internet advertising company Overture, sets a cookie and can be used to track surfers for five years before it expires.
"This certainly means the culling of some information", said Smith. "They're getting a sense of what domain names are mistyped, and perhaps this can be used by a domain name sales company. In addition, Overture is a pay for click search engine, with questionable affiliates."
It is possible that Verisign could correlate surfers' IP addresses with those cookies and potentially could identify people with whom they have business relationships. Verisign holds digital certificates for two million individual certificate holders and has access to those customers' personally identifiable information.
Verisign and Overture also are receiving vast amounts of personally identifiable information about people when they fill out a form that is coded incorrectly. If someone fills out a form and the webmaster has misspelled his own website, that information will be sent to Verisign instead of its proper destination. This includes potentially credit card information.
When people attempt to log into a secure web site, if they misspell the address or if the link they are clicking is misspelled, Verisign and Overture receive the log-in name and password.
Verisign also is receiving every email in which someone mis-types the address of the recipient. Verisign potentially can read the contents of those emails. Verisign is receiving the addresses of both the sender and recipient, as well as the log-in password of the sender. This is significant in that Overture, Verisign's partner in all this, is a known spammer (Overture denies this, of course).
Correction. Verisign can't capture the password of the sender unless the sender attempts to log into a mail server at an unregistered domain.
Ironically, Verisign's hijacking is assisting the more common browser hijackers that we usually deal with at SpywareInfo. Already, we are seeing several browser hijackers altering victims' HOSTS files in a way that redirects Verisign's hijacker site to their own hijacker sites.
The HOSTS file tricks Windows into thinking that Verisign's web site is located on the attacker's web server. The script kiddies now can boost their traffic on every error a victim makes when they mis-type an address, just as Verisign hopes to do.
Blocking Verisign's Hijack
Most ISPs have applied the BIND patch to block Verisign's hijacking. If your ISP has not done this, then your privacy is at grave risk from Verisign. If you end up at Verisign's search portal when you mis-type a domain, then you need to contact your ISP immediately and ask them to apply the patch as soon as possible.
You can also block this web site yourself with these very simple steps posted by mjc at the SWI message boards.
Add the following to your HOSTS file:
127.0.0.1 sitefinder.Verisign.com #Block Verisign SiteFinder
127.0.0.1 sitefinder-idn.Verisign.com #Block Verisign SiteFinder
If you have Windows 95, 98, or ME, your HOSTS file is located at C:\windows\HOSTS. If you have NT or 2000, your HOSTS file is located at c:\winnt\system32\drivers\etc\HOSTS. If you have XP, the file is at c:\windows\system32\drivers\etc\HOSTS.
This will block most, if not all of the redirects.
If you have a firewall that allows IP blocking you can add the following IPs to its blocklist.
12.158.80.10
64.94.110.11
Block traffic to those IP address in both directions and in all applications and protocols.
Hopefully Verisign will realize soon that they cannot enrage every person on the planet and continue to conduct business. If they don't and they continue with this hijacking, then hopefully the companies advertising on Verisign's web site will realize they are likely to face a general boycott for financing Verisign's hijacking. One way or the other, this browser hijacking and invasion of privacy will not be tolerated by the internet community.
Links:
http://slashdot.org/ :: Slashdot
http://www.mjc1.com/ :: mjc's web site
http://www.computerbytesman.com/ :: Richard Smith's site
http://www.adsubtract.com/advisor/feat_bugs.html :: Web Bugs: Harmless Images, or Invisible Spies?
http://www.theregister.co.uk/content/6/32926.html :: Verisign's SiteFinder finds privacy hullabaloo
http://forums.spywareinfoforum.info/index.php?showtopic=11539 :: Discuss this at the forums
http://www.mikehealan.com/articles/releases/godaddy_verisign.php :: Go Daddy Software Sues Verisign
5 tips for using a public PC
A couple of months ago, I wrote about a couple of high profile cases where hackers used keylogging spyware to steal online banking information at dozens of public internet terminals. My advice at the time was to download X-Cleaner antispyware, stick it on a floppy disk, and take it with you to scan a public machine before using it. If the machine is infected, either clean it or move on to a different machine.
Kim Komando, "America's Digital Goddess", has written an excellent article on the same subject at MSN's Business Central. SpywareInfo is linked in the article; and the server logs have been spinning like a windmill for two days now.
Kim gives five valuable tips for protecting your privacy at a public internet terminal.
- Check for spy programs
- Erase your tracks
- Protect your passwords
- Don't rely on encryption
- Use some common sense
Go read the article for the complete tips.
Links:
http://www.komando.com/ :: Kim Komando
http://www.spywareinfoforum.info/newlsetter/july22,2003#spyware :: The Cost of Spyware
http://www.bcentral.com/articles/komando/140.asp :: Danger, danger: 5 tips for using a public PC
Spammer Tries To Scam The FBI
An Ohio woman accused in federal court of using mass forged e-mails from "AOL security" to swindle America Online subscribers out of their credit card numbers was allegedly tracked down after spamming exactly the wrong person: an FBI agent specializing in computer fraud, according to court records.
Helen Carr pleaded not-guilty last week to a two count federal indictment charging her with conspiring with colleagues in the spam community to send mass e-mails to AOL subscribers purporting to be from "Steve Baldger" from AOL's security department.
The messages claimed that AOL's last attempt to bill the recipient's credit card had failed, and included a link to an "AOL Billing Center" webpage, where an online form demanded the user's name, address, credit card number, expiration date, three-digit CCV number and credit card limit.
Bottom line folks, do not ever fill in personal or financial information on an unknown web site, at the prompting of an email. When in doubt, look up the telephone number of the business that appears to be contacting you and ask if they sent the email. Chances are, they have not; most businesses do not contact customers by email for such things.
What Is Your Favorite AntiSpyware Program?
SpywareInfo is conducting an informal poll. The question is: Which is your favorite antispyware program?
There are 89 votes as I write this. Spybot S&D is leading Lavasoft's Ad-aware by more than 2 to 1 at the moment. Aluria Spyware Eliminator is a distant third.
Everyone is invited to vote. Developers and support staff from the products listed are welcome. The only hitch is that you must be a registered member of the message board and be logged in when you vote. There is no way around that.
Links:
http://www.lavasoft.de/ :: Ad-aware
http://www.safer-networking.org/ :: Spybot S&D
http://www.spwyareinfo.com/rd/aluria/ :: Aluria Spyware Eliminator
http://forums.spywareinfoforum.info/index.php?showtopic=11756 :: Vote in the poll
Recommend SpywareInfo to a friend
Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter.
Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000.
The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459
Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick.
Links:
http://www.scotsnewsletter.com Scot Finnie's Newsletter
http://www.langa.com/newsletter.htm The Langalist
