sorinmustaca.com – Sorin Mustaca – personal blog. Security software, agile development, scrum, programming and more

IT security expert Avira found during recent surveys of its customers that email spam is still an everyday occurrence, but not the nuisance it once was. Nearly half of all end-users are satisfied with the anti-spam filters on their PCs and laptops, plus many others rely upon their Internet Service Provider (ISPs) to filter messages. The vast majority of users receive fewer than 10 spam emails per day.

“The Spam landscape has clearly changed in the last two years with the take down of a couple of major botnets,” said Sorin Mustaca, data security expert at Avira GmbH. “Considering the fact that almost all email providers have a form of spam filtering installed on their servers, end-users receive only what the anti-spam solutions on the servers don’t catch. What really surprised me was that 45% of the users answered that they have an anti-spam solution on their computers and that they are satisfied with it. Overall, there is clearly work to be done within the security industry to get rid of 100% of all spam emails, but progress is being made.”

The larger security challenges today include fighting web-based Trojans and spyware that harvest credit card numbers and personal identity information. “But I still don’t recommend anyone clicking open spam emails, as many of them are linked to malicious websites. It’s always best to stay safe from unknown links and emails“, said Mustaca.

A Twitter security flaw is being widely exploited on Twitter, showing remote content from third-party websites without user’s consent.

The flaw uses a JavaScript function called onMouseOver() which creates an event when the mouse is passed over a text or link. Any user can use this flaw to

create simple popups, redirect the page to somewhere else, retweet some messages or hide parts of the message.

The link has to be constructed in such a way that it starts with http://twitter.com/<text>@”onmouseover=”<code>”

The problem is that Twitter doesn’t filter the code, it instead executes it.

To overcome the problem, use some 3rd party websites to work with Twitter. These website use the API directly and not the twitter.com website GUI.

Another solution is to use the mobile website, which doesn’t seem to have the flaw.

Update: Twitter fixed the problem : http://blog.twitter.com/2010/09/all-about-onmouseover-incident.html

This is an interview I gave on telephone for Signal Magazine.

“… Internet can be a dangerous activity, but the security status of different types of websites is not the same, Sorin Mustaca, data security expert, says. …

”

I am a little bit unhappy about this, which I never said:

“Mustaca admits that the survey information is more anecdotal than scientific”

What I said was: “the interview was made with a random sample of Avira users”.

But from experience I know that it can be much worse.

Enjoy.

I have to many services which I like to use: Facebook, LinkedIn, Twitter, this blog and others.

But how can I keep them synchronized ? I can’t… because they are just too different.

I found by mistake a service which can… It is called Ping.fm and it actually works : I write in one place something and it is automatically posted in all the above websites.

This is cool…
Expect more infos from me

I did it again : I’ve written a new article for VB
Note that you need an account in order to read it.

Delivering reliable protection against phishing websites

I wrote a new article for Virus Bulletin Magazine called Delivering reliable protection against phishing websites

(requires registration)