chicksdaddy writes: "So much for privacy settings. In a paper published in the Proceedings of the National Academy of Science (PNAS), researchers from Cambridge University and Microsoft Research demonstrated that it is possible to use knowledge of an individual user’s “Likes” on Facebook to “automatically and accurately predict a range of highly sensitive personal attributes including: your age, and gender, sexual orientation, ethnicity, religious and political views." The list of reliably guessable information goes on to include other less quantifiable characteristics like your personality traits, intelligence, happiness, your preference (or not) for addictive substances and whether your parents split up, according to a report by The Security Ledger.
For their study, the researchers surveyed over 58,000 volunteers who provided their Facebook Likes, demographic proles, and the results of several psychometric tests. The researchers then performed a regression analysis on the Likes and other data to predict details about the individual users. Turns out: the model works quite well. Researchers found they were able to correctly discriminates between homosexual and heterosexual men in 88% of cases, and discern the profiles oof African Americans and Caucasian Americans in 95% of cases. Political affiliation was also reliably predicted: researchers could discern between Democrat and Republican in 85% of cases, the report found.
The report makes for good reading – even if it does tend to reinforce some cultural stereotypes. For example, researchers concluded that “the best predictors of high intelligence include ‘Thunderstorms,’ ‘The Colbert Report,’ ‘Science,’ and ‘Curly Fries,’ whereas low intelligence was indicated by ‘Sephora,’ ‘I Love Being A Mom,’ ‘Harley Davidson,’ and ‘Lady Antebellum.’” Wait – Curly Fries??"
chicksdaddy writes: "Phone scams are a numbers game. Most people hang up in your ear. Of those who actually answer, only a small fraction are gullible enough to fall for your scam. So what you really don't want to do is to waste time on the line with somebody who's an IRL (in real life) expert on the topic that's the subject of your scam.
Alas, that's exactly the situation that "David" found himself in when he randomly dialed Joe Faulhaber, a technician in Microsoft Corp.'s Malware Protection Center (MMPC). Faulhaber described the encounter in a blog post last week (http://blogs.technet.com/b/mmpc/archive/2013/03/06/when-fake-malware-phones.aspx), "When fake malware phones," IT World reports. Its a good read if only to understand how scammers are playing on consumers' lack of technical sophistication to fool them into buying useless or ineffective products and services."
chicksdaddy writes: So much for democracy in Hong Kong. Residents of the island are up in arms after plans for an "American Idol" style popular vote in the Miss Hong Kong beauty pageant were undone by a flood of traffic that knocked the pageant's Microsoft Azure- based servers offline. Officials at station TVB said that the incident was "deliberate," forcing them to cancel the online vote and ask the pageant judges to elect the winner themselves, according to a story in The Standard. However, Hong Kong residents dispute the claims of foul play. The controversy was exacerbated by the judges' subsequent decision to choose contestant Carat Cheung Ming-nga as the next Miss Hong Kong, rather than Tracy Chu Chin-suet, the public's favorite.
chicksdaddy writes: "Threatpost is reporting on research from Microsoft that argues money mules — the accomplices who help move stolen funds — may be the real victims of online banking scams, not the bank customers who are the ostensible targets of fraudsters.
In a paper that turns conventional wisdom on its head, Microsoft researcher Cormac Herley and two co-authors argue that, mules, unlike fraud victims, are not protected by Federal anti fraud laws. And, unlike the criminals they work for, they are not beyond the reach of the banks or law enforcement. Further, as banks and other financial institutions have gotten better at tracing account takeover scams and reversing charges, it is the mules who pay the price: having funds extracted from their account to make the victim whole, assuming such funds are available.
"The thief is really stealing from the mule, not the compromised account, though that fact does not become clear until the dust settles," the researchers write.
Their conclusion: shoring up customer accounts (say, through stronger passwords) will have only limited utility in stemming fraud. A better approach would be to crack down on muling, denying fraudsters the critical link in getting money out of compromised accounts: a legitimate bank account that will take an illegal money transfer from a hacked account and turn it into a legitimate transfer to the fraudsters' account."
chicksdaddy writes: "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations.
Microsoft is beta testing the system internally in recent months. J.T. Campana of Microsoft's Digital Crimes Unit described it as a 70-node cluster running the Apache Hadoop framework on top of Windows Server. It currently stores data culled from the Kelihos botnet in September, 2011 and other sources. That data includes IP addresses of Kelihos infected systems complemented by other data such as reputation data provided by Microsoft's Smart Data Network Services (SNDS). Personally identifiable informaiton (PII) is not part of the threat feed, Campana said. Threatpost has the full story."
chicksdaddy writes: "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed.
"We collect a tremendous amount of data from our global assets," said T.J. Campana, a Senior Program Manager in Microsoft Digital Crimes Unit (DCU). Now the company is working on a way to get slices of that information to its partners, including ISPs, CERTs, government agencies and private companies, based on their need, he said.
Microsoft is beta testing the system — a 70-node cluster running the Apache Hadoop framework on top of Windows Server, but soon hopes to make it available outside the company. Subscribers would receive realtime feeds of threat data relative to their infrastructure, including the IP addresses of infected systems complemented by other data such as reputation data provided by Microsoft's Smart Data Network Services (SNDS)."
chicksdaddy writes: "Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Consider "virus," and "worm.") Now it turns out that the links may be more than just rhetoric. Microsoft Researchers say that tools they developed to detect spammers' efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus. A report from Microsoft Research in honor of World AIDS Day yesterday described how Microsoft Researchers David Heckerman and Jonathan Carlson were called upon to help AIDS researchers analyze data about how the human immune system attacks the HIV virus. To do so, they turned to tools and algorithms developed at Microsoft to detect and block spam e-mail in the company's Hotmail, Outlook and Exchange e-mail products."
chicksdaddy writes: The threats and attacks may have changed in the last decade, but one thing has remained constant: software giant Microsoft doesn’t pay for information on vulnerabilities in its products. Never has. Never will — even as rivals like Mozilla and Google have introduced successful bug bounty programs. But with the value of zero day vulnerabilities rising and targeted hacks making headlines, the company may be forced by circumstance to start paying vulnerability researchers for their work.