CheckFree Attack

Brian Krebs reports on a attack on CheckFree in todays Security Fix blog. It looks like someone used phishing to get credentials for their Network Solutions account. Brian says “This may seem like a logical stretch, and perhaps it is.” I dont know about that. If they just phished the email address in the whois …

Continue reading ‘CheckFree Attack’ »

Verizon on DNS Vuln: Don’t Panic

I’ve seen more than a handful of snarky posts linking results from’s DNS tester and complaining that their ISP is still vulnerable to DNS attack mere days after the patches were released. The Verizon Business Security Blog has some good comments and reports they have recommended to their customers to patch within 30 days.

Iconix Phishing Protection

A couple days ago I received email from Paypal titled “New PayPal Plug-In – Shop anywhere online.” That struck me as kind of suspicious so I looked at the mail headers. The headers showed the message did originate with Paypal’s servers, and more importantly it contained a domain key (DKIM). According to Wikipedia, “DomainKeys is …

Continue reading ‘Iconix Phishing Protection’ » badness

looks like someone forgot to renew doh! Domain Name: GRANDCENTRAL.COM Registrar: EASYDNS TECHNOLOGIES, INC. Whois Server: Referral URL: Name Server: NS1.EASYDNS.COM Name Server: NS2.EASYDNS.COM Name Server: NS6.EASYDNS.NET Name Server: REMOTE1.EASYDNS.COM Name Server: REMOTE2.EASYDNS.COM Status: clientHold Updated Date: 20-may-2008 Creation Date: 19-may-1997 Expiration Date: 20-may-2008

The spam filter has run amok

My MovableType spam defenses have kind of run amok. It was letting through a ton of spam which led me to disable anonymous comments. For its next trick it decided to trash valid comments. The first method used for trashing valid comments was a rule that http:// shouldn’t appear in the commenter’s name field. That …

Continue reading ‘The spam filter has run amok’ »