Phishing attacks are on the rise again, and the targets — Facebook, Twitter, and other social networking sites, as well as large webmail sites — all seem at a loss as to how to protect their clients. I read a fascinating article on Byron Acohido’s “Watchdog on Internet security” blog which goes into the growing threats in some detail (the article was too long to repost, it is excerpted below). But what all these attacks have in common is the growing need for some new thinking on login protection. Being able to filter out automated login attempts by ... more

CNN ran an interesting story today on how social networking sites have been recently plagued with spam, phishing, and other online fraud. For those of us in the network security field, this is not exactly news — but stepping back a bit from such tunnel vision, we have to remember that it is indeed news to a lot of the users of such sites. So while the article itself is fairly basic and beginner-level when it comes to online security, what is interesting is that it is being presented to such a wide general-interest audience. So, for ... more

Yahoo has reportedly settled a class-action lawsuit against it, for the princely sum of twenty bucks. Well, twenty bucks each. But still, it seems they got off fairly cheaply. The suit claimed Yahoo was serving their ads up to some mighty shady sites, such as parked domains and typosquatting sites (which are slightly-misspelled URLs of legitimate sites). This led to a lot of click fraud, and a lot of angry advertisers. If you’re interested in the details, you can check out the court documents just filed in the case. Of course, there are third-party click fraud ... more