Microsoft Applies For Patent Telling You If A Website Is On A List Of Phishing Sites

It seems that every few days when new patents are announced there are a few gems from Microsoft. Take, for example, Microsoft's latest patent application on Phishing Detection, Prevention, and Notification. If they truly came up with an innovative way to stop phishing attacks, that would be interesting. Instead, it appears that the patent is for looking at the URLs found in an email or visited by a website, comparing them to a known list of phishing sites -- and then alerting you that the link might be fraudulent. In other words, it's the most obvious anti-phishing system around (and one that's proven to not be all that effective). If someone were to describe to you the problem of phishing, and ask you how to stop it, this would be nearly everyone's first attempt. It's hard to see how something so obvious deserves patent protection -- but the way our system works these days, the whole "non-obvious" requirement has been pretty much tossed out. -- Clarifying that this is simply a patent application, not a granted patent -- but the fact that Microsoft even thinks it's worth applying for such a patent highlights the way the system works these days.

New Drive-By Attack Taking Over Home Routers

Researchers at Symantec are warning users that if they haven't changed the default password on their home wireless router, they should finally just DO IT.

Symantec's Zulfikar Ramzan issued a warning Thursday that hackers are lacing phony Web sites with malicious code that actually will log into and mess with your home broadband router. He's coined a term for it: Drive-By Pharming.

"I believe this attack has serious widespread implications and affects many millions of users worldwide," wrote Ramzan in his blog
on Symantec's Security Response Weblog Thursday morning. "Fortunately, this attack is easy to defend against, as well."

Now, here's the thing… How long have security types been telling us to be smart about our passwords, whether the passwords are for our laptops, our smart phones or our home routers? It's not a new call to arms. But, obviously, it's one we all need to hear again.

Computer Temp Betrays Annonymous Computers

Wired is carrying a story about a method developed by security researchers to identify computers hiding behind anonymity services. From the article: 'His victim is the Onion Router, or "Tor" — a sophisticated privacy system that lets users surf the web anonymously. Tor encrypts a user's traffic, and bounces it through multiple servers, so the final destination doesn't know where it came from. Murdoch set up a Tor network at Cambridge to test his technique, which works like this: If an attacker wants to learn the IP address of a hidden server on the Tor network, he'll suddenly request something difficult or intensive from that server. The added load will cause it to warm up.

Malicious Hackers Sleeping? Or Better At Hiding Their Tracks?

No wonder various organized online crime gangs are recruiting young hackers to join their ranks. It appears that they're in need of an injection of fresh creativity, according to at least one report. Apparently, there hasn't been much innovation in the malware space in the last few months, as malicious hackers have focused mainly on reusing old scamming code with a few tweaks, rather than coming up with something really new. Of course, that assumes that these security companies who monitor these things actually knows about what's going on. With the rise of the organized crime aspect of malicious hacking, many of the attempts at malware have focused on making them harder to spot. Perhaps they've just been succeeding.

Kids Have Discovered Music Swapping Via Mobile Phones

Sometimes it just takes a little longer for the delusions of the entertainment industry to be proven incorrect. Three and a half years ago, just as the mobile music market was taking off thanks to ringtones, a few of us were suggesting it wouldn't last. What makes mobile content any different than other content? The economics of the content are the same, and it seemed like only a matter of time until mobile content had its "Napster moment" where the industry realized that people were sharing content left and right without paying for it. Amazingly, perhaps what's slowed this process down was the fantastic incompetence of the mobile operators, who continue to try to lock everything down, despite it slowing the growth of the mobile data market drastically. There were signs of cracks in the mobile content market last year, and earlier this year there were loud complaints that mobile content was way too expensive.

All of that, of course, was simply preamble for the obvious next result, which came out in a study today making it clear that kids like using their mobile phones to share content. Many kids are sharing music via mobile phones using Bluetooth, and nearly half of those who aren't already say they'd like to do so. As more kids get more advanced mobile phones, it's likely all of the numbers will go up -- and yet the recording industry still doesn't seem to have much of a plan other than to hope they can keep convincing people to pay big bucks for ringtones (a market that will get killed as kids get better and better at putting songs on their handsets for free). The article about the report trots out all the expected lines about how the industry needs to stop this now, while it's still small. Of course, that didn't work very well on the greater internet, and it seems unlikely to be very successful on mobile phones either. At what point does the recording industry realize that perhaps it's time to put in place a different strategy?