It's good old Ben Edelman again. A researcher from Computer Associates, Benjamin Googins, discovered this and covered it thoroughly. Edelman's researches confirm everything Googins said and offers an informed opinion as to the legality and so the morality of the Sears site's behavior. As SHC, the company that controls Sears seems also to control what is left of KMart, I think it safe to consider their site compromised, as well.
Jack
Showing posts sorted by relevance for query edelman. Sort by date Show all posts
Showing posts sorted by relevance for query edelman. Sort by date Show all posts
Thursday, January 03, 2008
Friday, March 16, 2007
The 59 Top Influencers in IT Security
The first name I recognized in this list was Bruce Schneier and he's #5, but I thought I'd recognize more than 4 or 5 names on the list. Some names that I thought might be missing were, of course, Ben Edelman (a previous guest on the show and focus of several blog posts) and Alex Eckelberry of Sunbelt Software. Perhaps they don't qualify as influencers though, just documentation and protection from spyware and adaware.
Anyway, go read the article and leave people that you think were left out in the comments. Thanks!
--MissM
The 59 Top Influencers in IT Security
I was looking for the DST2007 blog from MS, but couldn't find it, and am in a rush. Sorry. I hope to find it later, and post it for your edification. :)
Anyway, go read the article and leave people that you think were left out in the comments. Thanks!
--MissM
The 59 Top Influencers in IT Security
I was looking for the DST2007 blog from MS, but couldn't find it, and am in a rush. Sorry. I hope to find it later, and post it for your edification. :)
Tuesday, January 23, 2007
Security Oriented Web Sites
During last Sunday's show, Earl asked in our chat if I would catalog the security web sites I routinely check when looking at security issues. It is not a tremendously long list, but here they are.
For specific information on virus, worm and other malware removal, either do a Google on the name of it or go to the AV maker of your choice's site and see about information on how to accomplish that or removal tools.
Internet Storm Center
I check this one almost daily, and anytime there is a problem. You can glean a tremendous amount of information in a very short read, with links to help getting more information about problems and/or workarounds and fixes.
F-Secure
F-Secure Company web log
Both F-Secure's front page and the blog are interesting and likely to have the most details posted first of all the security companies, even if another team made the actual discovery. I don't know how they do this, but I think they maintain dedicated posting personnel all the time. At any rate, you can often enough get a 45 minute jump on other sites at these two that it is worth checking them first when trouble is in the wind.
Security Focus
More than simple security information, which clutters up the site a bit. Still, a very, very good resource for all things related to the well-being of your computer. They also have a bugtraq archive that is very useful, here.
Websence Security Labs
Loads of different threat information here. Some of it I consider a bit on the alarmist side in terms of it's presentation, but opinions vary on this and you should decide for yourself. No matter how it strikes you, there is a lot of good information here.
EEye Digital Security
EEye Tracker page for Zero-Day exploits
I watch both these pages as frequently as I can spare the time. They contain a lot of information and I have often used them in warning clients who might otherwise dismiss warnings by me as the result of my well-known paranoia.
Institute for Security and Open Methodologies
This is a place to learn about security. It will take a bit of time to wade through some of it, but there is a load of information here that cannot be found in any other single place. There are also security testing tools, some with detailed information on how to use the and interpret the results.
Malware.com
While nothing more than a handly listing of vulnerabilities and the code that exploits them, links to more information are provided for each entry. This is a very good place to go to get to some information on a problem in a hurrry, with little searching.
Ben Edelman's Site
We interviewed Ben in the past. He is one of the few definitive sources on adware/spyware infections. Ben is doing other things a lot more now, so he updates the site much less often than in the past. There is a good archive, though, and new articles do appear every couple months.
For specific information on virus, worm and other malware removal, either do a Google on the name of it or go to the AV maker of your choice's site and see about information on how to accomplish that or removal tools.
Internet Storm Center
I check this one almost daily, and anytime there is a problem. You can glean a tremendous amount of information in a very short read, with links to help getting more information about problems and/or workarounds and fixes.
F-Secure
F-Secure Company web log
Both F-Secure's front page and the blog are interesting and likely to have the most details posted first of all the security companies, even if another team made the actual discovery. I don't know how they do this, but I think they maintain dedicated posting personnel all the time. At any rate, you can often enough get a 45 minute jump on other sites at these two that it is worth checking them first when trouble is in the wind.
Security Focus
More than simple security information, which clutters up the site a bit. Still, a very, very good resource for all things related to the well-being of your computer. They also have a bugtraq archive that is very useful, here.
Websence Security Labs
Loads of different threat information here. Some of it I consider a bit on the alarmist side in terms of it's presentation, but opinions vary on this and you should decide for yourself. No matter how it strikes you, there is a lot of good information here.
EEye Digital Security
EEye Tracker page for Zero-Day exploits
I watch both these pages as frequently as I can spare the time. They contain a lot of information and I have often used them in warning clients who might otherwise dismiss warnings by me as the result of my well-known paranoia.
Institute for Security and Open Methodologies
This is a place to learn about security. It will take a bit of time to wade through some of it, but there is a load of information here that cannot be found in any other single place. There are also security testing tools, some with detailed information on how to use the and interpret the results.
Malware.com
While nothing more than a handly listing of vulnerabilities and the code that exploits them, links to more information are provided for each entry. This is a very good place to go to get to some information on a problem in a hurrry, with little searching.
Ben Edelman's Site
We interviewed Ben in the past. He is one of the few definitive sources on adware/spyware infections. Ben is doing other things a lot more now, so he updates the site much less often than in the past. There is a good archive, though, and new articles do appear every couple months.
Tuesday, July 18, 2006
How Vonage Funds Spyware
I remember a couple mentions in chat about Skype not charging for land line calls in the U.S. and concern about Vonage's continued success. Apparentlly they are doing just fine. According to Ben Edelman, they paid Direct Revenue $31, 570 in one month in 2005, for "Spyware-Delivered Pop-Up Ads." Ben has done a very comprehensive job of documenting Vonage's use of spyware ads. We can't only blame the spyware companies, but also the companies who support spyware, with their advertising dollars. His article begins:
see the chart and the rest of the report, its disturbing. And makes me grateful for firefox blocking popups!!
--MissM
How Vonage Funds Spyware
I ought to be a Vonage enthusiast. I support Vonage's efforts to protect network neutrality. I applaud their flexible voice over IP service and their efforts to compete with incumbent phone companies. I'm even a VoIP customer (albeit using a competitor's service).
But instead of praising Vonage, I have to criticize them -- not for their core business (which seems robust) or for their customer service (which others have repeatedly criticized), but for their reckless advertising practices. Vonage spends huge amounts on advertising -- more than $20 million per month. (source) Unfortunately, among this spending is widespread and substantial spyware-delivered advertising.
For years, my manual and automated testing have documented Vonage ads appearing in all the major spyware programs. Now that Vonage has completed its IPO -- itself promoted as a way to raise more money to buy more advertising [Do WE know anybody that bought Vonage stock?]-- this page presents twelve recent examples of Vonage ads appearing in spyware.
see the chart and the rest of the report, its disturbing. And makes me grateful for firefox blocking popups!!
--MissM
How Vonage Funds Spyware
Saturday, May 13, 2006
Killer phrase will fill your PC with spam
Researchers Ben Edelman and Hannah Rosenbaum reckon that typing the phrase 'Free Screensavers' into any search engine is the equivalent of lighting a blue touch paper and standing well back.
For a list of other danger words, read the article. The article mentions SiteAdvisor, which comes in a free version. I recently started using it and so far I've seen no downside to it except like all tools it may give a somewhat false sense of security if you don't use your brain along with it.
Thursday, May 04, 2006
Yahoo faces class-action spyware suit
Ben Edelman, our favorite anti-spyware activist, is involved in this suit. It seeks to force Yahoo to deliver what they've promised without placing ads on questionable sites that also install spyware. It's a good read, short and informative.
Jack
Jack
Tuesday, March 21, 2006
Adware backers named and shamed
The report is called "Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend" and is by The Center for Democracy and Technology. In it, the CDT basically does what Ben Edelman has been doing for a while now; telling us just who supports the adware industry and how it is done. The link takes you to a synopsis in The Register.
Of course, 180 Solutions says adware is no different that television, where people pay for the content by "watching a few ads". I don't quite equate the two; mostly because I can't recall when the ads might have damaged my television or rendered it unusable. Drawing that outrageous parallel is the sort of slimy thing I'd expect from adware folks.
Jack
Of course, 180 Solutions says adware is no different that television, where people pay for the content by "watching a few ads". I don't quite equate the two; mostly because I can't recall when the ads might have damaged my television or rendered it unusable. Drawing that outrageous parallel is the sort of slimy thing I'd expect from adware folks.
Jack
Thursday, January 12, 2006
Mark's Sysinternals Blog
Mark Russinovich is the person who discovered Sony's XCP rootkit. His current blog entry is an almost sickening account of misleading spyware/adware popups that sell dodgy anti-spyware apps. Ben Edelman has other documentation of the same sort of thing.
If you need a refresher course in what we are up against in terms of spyware/adware, this is it.
Jack
If you need a refresher course in what we are up against in terms of spyware/adware, this is it.
Jack
Tuesday, June 14, 2005
Do Google Ads Help Fund Spyware?
Do Google Ads Help Fund Spyware?: "Google's sponsored-link ads may have helped turn the world's best-known search engine into a financial powerhouse, but they also are coming under attack for contributing to spyware practices that undermine trust on the Web. "
When you're on top, everyone takes shots at you. The latest criticisms of the United States' biggest media company: that Adwords funds spyware. Well-known anti-spyware researcher Ben Edelman leveled the charges in a detailed report, focusing in on IBIS and Ask Jeeves as delivering spyware-ridden toolbars using Google's targeted classified ads. Is there substance to the charges? Read our story, follow the links for more information, and decide for yourself.
Joe
When you're on top, everyone takes shots at you. The latest criticisms of the United States' biggest media company: that Adwords funds spyware. Well-known anti-spyware researcher Ben Edelman leveled the charges in a detailed report, focusing in on IBIS and Ask Jeeves as delivering spyware-ridden toolbars using Google's targeted classified ads. Is there substance to the charges? Read our story, follow the links for more information, and decide for yourself.
Joe
Saturday, June 04, 2005
Uneasy Rider - Newsweek Technology - MSNBC.com
This article asks if Ask Jeeves, the owners of "My Search", are in the clear. Apparently, Ask Jeeves is working to make sure their toolbar doesn't go places its not wanted, including cancelling contracts with its distributors.
As a side note, Ben Edelman, who was a guest a couple of weeks ago, is quoted.
As a side note, Ben Edelman, who was a guest a couple of weeks ago, is quoted.
Tuesday, May 24, 2005
Microsoft seeks protection from spyware firms
This CNet News.com article says that MS has appealed to the Congress for protection from "frivilous" lawsuits by the purveyors of adware and spyware. Such firms have threatened or actually filed suit against a number of organizations who make removal tools, as well as Ben Edelman (who was on the show, recently).
You know; No one complains if I uninstall software on my machine. Yet these firms complain about the companies that help me remove software by providing me with tools. Seems silly, but I know the legal bills can mount up fast and it seems the shadier the operation, the more willing they are to sue.
Jack
You know; No one complains if I uninstall software on my machine. Yet these firms complain about the companies that help me remove software by providing me with tools. Seems silly, but I know the legal bills can mount up fast and it seems the shadier the operation, the more willing they are to sue.
Jack
Monday, May 16, 2005
Ben Edelman for May 16 -- What's So Hot About Hotbar?
If you heard yesterday's show (and if you didn't you really have to grab it) we had Ben Edleman, master adware sleuth, as our guest. Ben updates his site every Monday and the spyware du jour is Hotbar. I know that my girlfriend's machine got infected with this when her junior high age son installed it without realizing that it carried a nasty payload. So go and enjoy Ben's web site and read up on the all the ways these nasties get loaded onto folk's machines. The computer you save may be your own, or that of a friend or relative.
Wednesday, May 04, 2005
Spying on the spyware makers | Tech News on ZDNet
Spying on the spyware makers | Tech News on ZDNet: "Ben Edelman may be spyware's most dangerous enemy. "
How spyware free is your computer?
Joe
How spyware free is your computer?
Joe
Tuesday, March 22, 2005
Who Buys AdWare?
What companies use adware? You'd be surprised, as this article at Benjamin Edelman's site shows.
Perhaps it's time for us to quit patronizing companies who intrude upon our user experiences. I actively do so now.
Jack
Perhaps it's time for us to quit patronizing companies who intrude upon our user experiences. I actively do so now.
Jack
Monday, March 07, 2005
Unwanted Software Installations with Peer-to-Peer Applications
Benjamin Edelman operates a very good, very informative web site regarding security and related topics. He's analyzed the End User License Agreements (EULAs) along with the hundreds of registry keys written and extra software installed by 5 P2P applications. One license agreement ran well over 22,000 words! No wonder folks don't read them. It's an interesting and eye-opening read. Screen shots and comparison charts are well thought out and clearly convey what's up.
Actually, everything on the site deserves your attention, in my opinion. This one in particular, though. If you don't understand the issues of unwanted software installation, this one is for you. If you do already get it, the details will still knock your socks off.
Jack
Actually, everything on the site deserves your attention, in my opinion. This one in particular, though. If you don't understand the issues of unwanted software installation, this one is for you. If you do already get it, the details will still knock your socks off.
Jack
Subscribe to:
Posts (Atom)