Dark alleys of the Internet not actually the dangerous parts.

For years I have been telling people to be especially careful when they venture into the dark back alleys of the Internet. My thinking was that these more "wild west" areas would be home to most of the malware and other attacks.

Dark Reading analyzes a Cisco report which says that online shopping sites and search engines are over 20 times more likely to deliver malware than counterfeit software sites. Advertisers are 182 times more dangerous than pornography sites.

So, I guess I need to change my tune. Be careful when you are going about your daily business, and have fun in those dark alleys!

Germany wants to spy on suspects via Web

Germany wants to spy on suspects via Web Germany is proposing to use trojan horse software to enable surveillance of target computers. I have to wonder how effective this will actually be. They are talking about distributing it in an apparently official email from a government email address.

  1. Now that the bad guys know this, it seems likely that they will take more care with the attachments from the government.
  2. Anti-virus / anti-malware programs should be able to identify and block this software
  3. If the anti-virus software makers are convinced to leave a hole for this software, it will be a huge back door for other hackers to use to deploy their trojan horse software.

In general this seems like a high risk operation for the Germans. I suspect that it will be used rarely and very selectively.

Third Time a Charm for Anti-Spyware?

I have seen a couple of articles recently on the third attempt by Congress to pass an anti-spyware bill (this time H.R.964 aka "The Spy Act").*link *link *link

In general I have mixed feelings about legislation like this. Legislation is a tricky thing, and the law of unintended consequences is always lurking near by. I wonder if more general legislation about hijacking systems without informed consent might not achieve the same goals. I am surprised that existing laws don't already cover this. It seems often to be the case that new laws are passed where diligent enforcement of existing laws would suffice (I guess my libertarian stripes are showing). I am not a lawyer, and so am not qualified to make this judgement.

Read More