An anonymous reader submitted a video clip that allegedly demonstrates a hacker working in a honeypot. If you fear for the future security of the internet, this video will set your mind at ease.

ApharmdB writes "We frequently gripe about the poor quality of science reporting by the media. A Guardian blogger from the mathematics department at Queen Mary, University of London has made a honeypot press release to see how bad it can get. (Or maybe to have some fun trolling the media?) The statistic used is the strong link between the number of mobile phone masts in an area and the number of live births. Of course, there is no causal link because they are both instead based on a 3rd variable, the local population size. Slashdot readers can keep on eye on news sources over the weekend to see just how much traction the story gets and watch the train wreck in real-time!"

CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"

AHuxley writes "US law enforcement bodies view the sale of instant messaging service ICQ to a Russian company as a threat to homeland security. In spring 2010, Russia's largest Internet investment company, Digital Sky Technologies, agreed to purchase the service for $187 million from AOL. The US is sure that most criminals use ICQ and, therefore, constant access to the ICQ servers is needed to track them down. As the system is based in Israel, American security service have had access. The article concludes, 'Lawyers [of unspecified nationality] say that to block the deal the US Committee on Foreign Investment needed to cancel it no later than within 30 days after the deal has been announced — so unless the rules are broken, nothing can be changed.'"

Johnny Fusion writes "The writer of the Securi Security Blog had an alarming awakening when a honeypot on port 22 on a GoDaddy-hosted VPS recorded login attempts using his GoDaddy username and password and even an attempt to login as root. It turns out the attempt was actually from within GoDaddy's network. Before he could 'alert' GoDaddy about the security breach, he got an email from GoDaddy Demanding his root login credentials. There is an update where GoDaddy explains itself and says they will change policy."

EastDakota writes "Project Honey Pot today announced that it had trapped its 1 billionth spammer. To celebrate, the team behind the largest community sourced project tracking online fraud and abuse released a full rundown of statistics on the last five years of spam. Findings include: spam drops 21% on Christmas Day and 32% of New Year's Day; the most spam is sent on Mondays, the least on Saturdays; spammers found at least 956 different ways to spell VIAGRA (e.g., VIAGRA, V1AGRA, V1@GR@, V!AGRA, VIA6RA, etc.) in mail received by the Project; and much more."

An anonymous reader writes "Dutch company Frame4 group is offering subscriptions for the Malware Distribution Project, a large security archive with a massive collection of downloadable malware and computer underground related information for the purposes of analysis, testing, research and development. Help Net Security has talked with the founder of the project and several other security researchers to get more details on this unique service."

jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak: "We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."

rsiles writes "Honeynet solutions were seen just as a research technology a couple of years ago. It is not the case anymore. Due to the inherent constraints and limitations of the current and widely deployed intrusion detection solutions, like IDS/IPS and antivirus, it is time to extended our detection arsenal and capabilities with new tools: virtual honeypots. Do not get confused about the book title, specially about the "virtual" term. The main reason to mention virtual honeypots, although the book covers all kind of honeynet/honeypot technologies, is because during the last few years virtualization has been a key element in the deployment of honeynets. It has offered us a significant cost reduction, more flexibility, reusability and multiple benefits. The main drawback of this solution is the detection of virtual environments by some malware specimens." Read below for the rest of Raul's review.

eldavojohn writes "To combat piracy, the MPAA's latest idea involves a site that would allow users to search for a movie and then provide links to legit legal downloads or ticket purchases for it. Why are they doing this? Because their research showed 'many users have a hard time differentiating between legal and illegal content online.' And all this time I thought people pirated movies because it was cheaper to do! Turns out they were just confused."

An anonymous reader notes a recent post on the SANS Institute's Internet Storm Center site estimating the time to infection of an unpatched Windows machine on the Internet — currently about 4 minutes. The researcher stipulated that the sub-5-minute estimate was valid for an unpatched machine in an ISP netblock with no NAT or firewall. The researcher, Lorna Hutcheson, called for others to post data on time-to-infection, and honeypot researchers in Germany did so the same day. They found longer times to infection, an average of 16 hours. Concludes the ISC's Hutchinson: "While the survival time varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn't bet on in Vegas."

prostoalex writes "Information Week magazine runs a brief report from Microsoft Research, showcasing some of the new technologies the company's research division is working on. Among them — a rootkit that eliminates other rootkits, a firewall that blocks the traffic exploiting published vulnerabilities, a system for catching lost e-mail, a honeypot targeted at discovering zero-day exploits, and some anti-phishing applications."

Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.

An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."

rebvend writes "eWeek is reporting that two of the biggest honeypot projects (mwcollect and nepenthes) have merged operations. A new meta-portal at mwcollect.org will become a top-level community covering malware collection efforts while nepenthes will become the official tool for malware collection."

xav_jones writes "Nature.com reports on computer experts from Israel who are proposing a different strategy for combating fast-spreading worms and viruses -- one in which the fix can, theoretically, keep up with or stay ahead of the malicious code. They 'propose a system in which a few honeypot computers lie in wait for viruses. These computers run automated software that first identifies the virus, and then sends out its signature across the Internet. This enables a sentinel program on all the other computers in the network to identify the virus and bar it before it can attack them.' The honeypot computers would reside in a secure, dedicated network. For 'roughly 200 million computers ... [with] just 800,000 [(0.004%)] of them acting as honeypots [it] would restrict a viral outbreak to 2,000 machines.'"

Shalendra Chhabra writes "Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003, and has now released a full-on technical book, Ending Spam, on spam filtering. Ending Spam covers how the current and near-future crop of heuristic and statistical filters actually work under the hood, and how you can most effectively use such filters to protect your inbox." Read on for the rest of Chhabra's review.

An anonymous reader writes "On the heels of Google Hacking for Penetration Testers, and Johnny Long's talks at Blackhat/Defcon over the weekend, comes the "Google Hack" Honeypot, a honeypot designed to lure in malicious search engine activity. They had a second release of their tools on monday, according to their site."

VonGuard writes "The Game is the title of an article I have up on the EastBayExpress site, and it's an inside look at 4orty2wo, the company behind ilovebees.com and the original ARG 'Who Killed Evan Chan?'. I also have an interview with the 4orty2wo folks in this month's Game Developer Magazine entitled 'Inside the Honeypot'. Read both carefully and you may find clues to a new ARG!" From the article: "One day last fall, Lenore Henry stood by a pay phone on San Francisco's Market Street. She cupped the thick black shell of the receiver to one ear and plugged the other with an errant finger to block out street noise. Behind her, a man clicked on a recording device and poked a microphone at the telephone mouthpiece. A familiar female voice was on the line. It wasn't a recorded voice as before. This one was live. It was 'the Melissa,' and Lenore needed to make it cry."

dos_dude writes "This year's Spam Conference is over. As usual, the MIT provides low and high bandwidth webcasts. The talks featured a full spectrum of anything possible. From absurd to sound, from boring to entertaining, and from dead-horse-beating to brand-new. Highlights: John Graham-Cumming presented the results of the survey he did with the help of many Slashdot readers, Jon Praed gave the details of the trial against spammer Jeremy Jaynes and friends, Brian McWilliams posed the question what will happen when all spam is finally filtered, and Matthew Prince plugged Project Honeypot in a very entertaining way. Shameless but useful plug: here's the final schedule with links to the webcasts."