Archive for the ‘security’ Category

Spam of the Day

It’s amazing people fall for things like this:

From: "Yahoo Customer Care" <>
Reply-To: <>
Date: Fri, 7 Mar 2008 19:36:56 +0100
Subject: Yahoo Warning!!! Unused Account Removal Confirm Your Account !!!

The All-New Yahoo! You Must Be A Part Of It To Avoid Your Yahoo Account To Be Closed

The All-New Yahoo! Mail Beta Is:

* Faster: Fewer steps to get things done.
* Easier: Drag & drop organization.
* Effortless: Automatically checks email for you.

Yahoo Image>

With the all-new Yahoo! Mail Beta you can Fill the Informations Below To
Verify Your Account ,PleaseThis For Your Benefit. Read Below To Understand More.

Yahoo User

Due to the congestion in all Yahoo users and removal of all unused Yahoo Accounts,
Yahoo would be shutting down all unused Accounts, You will have to confirm your
E-mail by filling out your Login Information below after clicking the reply
button, or your account will be suspended within 24 hours for security reasons.

* Username: .................................

* Password: ...................................

* Date of Birth: ................................

* Country Or Territory: .................................

After following the instructions in the sheet, your account will not be interrupted
and will continue as normal. Thanks for your attention to this request.
We apologize for any inconveniences.

Warning!!!  Account owner that refuses to update his/her account after two weeks
 of receiving this warning will lose his or her account permanently.


Yahoo! Mail

No virus found in this outgoing message
Checked by PC Tools AntiVirus ( - 10.061.003).

They don’t even bother with giving you a nice HTML form so they can steal your password; apparently they expect you to dither around with formatting a reply. And then there’s the broken English, which makes it even more obvious.

Ironically enough, this got past both past both Yahoo’s and Thunderbird’s spam filters. Maybe it was for my entertainment.


Come See the Stalker Side of Sears

Two articles in the past few days have cast a dark light on Sears, and have cast doubt on whether they are a worthy entity with which to do business.

The first comes via computer security expert Bruce Schneier, who writes in his blog that Sears will now install spyware on your computer if you join their “My SHC Community.” Pretty nasty stuff – apparently it will track all outgoing and incoming traffic on your computer and monitor your email, not to mention match it up with information they already have. There’s a full writeup on the Computer Associates web site, including an analysis of the (lack of) disclosure about what this software will do on Sears’ web site.

The other article, also from the CA web site (via Consumerist), shows how you can look up anyone’s previous purchases from Sears on their web site, apparently going back as far a television bought in 1978. I understand that how looking up one’s own purchases would be useful, but having no real security safeguards on this data is criminally irresponsible.

So what do we learn from these episodes? It appears that Sears is not only content to engage in wholesale surveillance of their customers, but they also cannot be trusted to adequately protect the data that they collect. Do you feel safe doing business with such a company?