Gadgetell | Tech News, Reviews, and Interesting Things

According to a report on Information Week, infamous “Spam King” Sanford Wallace, and his phishing partner Walter Rines were slammed with a whopping $225 million judgment by a U.S. District Court on Monday.

“MySpace has zero tolerance for those who attempt to act illegally on our site,” said Hemanshu Nigam, chief security officer of MySpace, in an e-mailed statement. “The Federal District Court in Los Angeles awarded MySpace $223,777,500 under the federal CAN-SPAM Act and $1,500,000 under the California anti-phishing statute. User engagement is up 32 percent year over year while spam is significantly decreasing, proving efforts like this are working.”

In October of 2006 the pair began creating bogus MySpace accounts and hijacking over 300,000 others. They then used the compromised accounts to send tens of thousands of spam messages and bomb the comment section of thousands of MySpace pages with links to other spam sites. The popular social networking site sued in 2007. Wallace posted a response to the judgement on his website, claiming he had never been served and that “the check is in the mail.”

Since 1997 Wallace has been sued by many service providers including AOL, Earthlink, and CompuServe, and last year was fined $4 million by the FTC for deceptive advertising and distributing spyware.

Read [InformationWeek]

MySpace has won its lawsuit against infamous spammer Sanford Wallace, dubbed the “Spam King”. MySpace was awarded a legal judgment after Wallace ignored numerous requests to turn over documents and ultimately failed to show up in court. The suit was filed last year, accusing Wallace of running a phishing scam to access MySpace profiles and then using them to spam thousands of other users in an effort to get them to visit his website. Wallace claimed that since he was not accepting mail or packages, he had missed all the notifications of his court dates. The court didn’t buy it.

MORE »

It looks like we may have all misinterpreted PayPal’s announcement that it will block users who are using old browsers when doing online transactions at PayPal. Some reports have included Apple’s Safari browser as among those that will be blocked by PayPal.

PayPal has denied this report by saying that it has no intention of blocking current versions of any browsers that include the Safari browser from accessing it’s site. And to clarify, it will only block customers from logging into the PayPal when using obsolete browsers on outdated or unsupported operating systems, such as IE4 running on Windows 98.

Actually, the confusion may have started when reports cited that the Safari browser does not support Extended Validation SSL Certificates.

So there, the confusion is cleared and clarified. Safari users can still access PayPal’s site using their trusty browser. End of story.

Via [Mac Daily News]

It doesn’t look like the participants in the McAfee S.P.A.M. Experiment have received grand jury summonses in their inboxes yet, but it’s something they can look out for. According to the FBI’s press release about the email,

“At first glance, the e-mail appears authentic. It contains a court case number, federal code, name and address of a California federal court, court room number, issuing officers’ names, and the court’s seal. The spammer directs recipients to click the link provided in the e-mail in order to download and print associated information for their records. If the recipient clicks the link, a malicious code is downloaded onto their computer.
The e-mail also contains language threatening recipients with contempt of court charges if they fail to appear. Recipients are told the subpoena will remain in effect until the court grants a release. As with most spam, the content contains multiple spelling errors.”

MORE »

Social networking site MySpace (part of Fox Interactive Media, Inc.) has filed a lawsuit against Scott “Spam King” Richter for violating the federal CAN-Spam Act (aka Controlling the Assault of Non-Solicited Pornography and Marketing Act) and California’s anti-spam statute.

Allegedly, Richter used phished MySpace account information to send email sales campaigns without the page owner’s knowledge. The filing demands monetary compensation (amount not specified) and a permanent injunction barring Richter and his various companies from MySpace.

If found guilty and there is not an out-of-court settlement, the CAN-Spam Act states that each violation is subject to fines of up to $11,000 and include imprisonment, while the California statute adds $1000 for “each unsolicited commercial e-mail advertisement transmitted” with a maximum of $1 million per incident.

Richter has already been sued by Microsoft in 2005/2006 and the New York Attorney General, paying $7 million and $50,000 to NY respectively. Hormel Foods, which owns the questionably tasty SPAM product, stopped Richter’s effort to start up a line of “Spam King” clothing.

With so many cranky companies and the potential to owe many millions more, it’s no wonder Richter likes to settle out of court. Next time, try for a tastier title like “Sausage King” or even “Teenie Weiner King.”

Read [CNNMoney]

Ever since Paypal became the most used Internet payment site, they have had a huge problem with phishing schemes.  Now, in an effort to combat such schemes, Paypal has turned to their new Security Key, a keychain fob similar to the ones that online banks have been using for years.

With the new device, a unique one-time-use password is generated every 30 seconds.  Users will be prompted for not only their username (or email) and password as before, but they will also be asked to enter in this new number.  Regular users will be asked to pay $5 for the fob, while business users will be offered one for free.  The new layer of security may seem like it is indestructable, but as Jason from Gizmodo points out, there are two scenerios where the Security Key’s number will no longer matter.

In one scenerio, the phishers could somehow gain knowledge of your specific Security Key’s algorithm.  This is obviously very unlikely since the chance of finding any sequence in a series of 6 random numbers is near impossible.  The next scenerio is if a user is tricked into entering their username, password, and keygen in a phishing site, the phishers will have 30 seconds to login to Paypal.  I’d say this is VERY likely to happen, although it will still cut out a majority of phishing attacks that exist today.  Paypal, you’re off to a good start, but there’s still some work to be done.

Read [Paypal] Via [jkOnTheRun]

Opera introduced real-time Fraud Protection in its Web browser, including technology from GeoTrust and PhishTank.

Phishing is a form of online fraud in which a malicious party convinces users to visit a forged Web site. That site is designed to mimic a trusted site in order to trick users into divulging personal information, credit card numbers, or bank account details. According to PhishTank, the month of November alone saw more than 9,628 unique phishing attacks. Since most phishing sites are taken down quickly, only real-time protection holds the key to consistent safety. PhishTank, operated by OpenDNS and community members, enables anyone to submit, verify, track and openly share phishing data. The open access of PhishTank, and the use of PhishTank data in Opera, is intended to encourage the sharing of information and increase the chance of eliminating phishing all together.

While all this phish talk makes me hungry, I really wonder if consumers even get it. It’s like identity theft in that until it happens to you, you assume it only applies to others, and “How could they get my information from me anyway? I keep it private.” Yeah right, can anyone say the internet?

Read [Opera]

The Redmont-based software giant is reported to have initiated 129 lawsuits in Europe and the Middle East in its effort to help law enforcement curb phishing. That’s very good of Microsoft, playing a very nobel role as a corporate citizen. For those who are not yet aware, Microsoft had launched a Global Phishing Enforcement Initiative in March, as part of its effort to combat phishing, an online trick that has mushroomed over the last few years, with the number of attempts to dupe citizens into handing over their bank account details almost doubling in the first half of 2006 to 157,000, according to a recent report from security software vendor Symantec.

On another front, the latest IE7 browser by Microsoft also incorporates an anti-phishing feature which gives out warning to users of a potential phishing website. But the anti-phishing feature has contributed to a somewhat negative effect when it wrongly flags legitimate websites as suspected phising sites. Reports have been submitted by the website owners to Microsoft but I wonder if there were responses by Microsoft on the false alarms. I was just wondering, would Microsoft be liable for phishing false alarms? Anyone want to test the water?

Read [MSNBC] Via [Google Group]
Read [CJCM and IT]

We knew it was coming. Firefox 2 Beta 2 is now available for download. New features and changes in this milestone include:

• A new theme that updates Firefox’s familiar interface


• Built in Phishing Protection


• Enhanced search engine management and search suggestions for Google, Yahoo! and Answers.com


• Improvements to tabbed browsing, including the ability to re-open recently closed tabs


• Firefox will resume from where you left off after a system crash or browser restart


• Better support for previewing and subscribing to Web feeds


• Inline spell checking in Web forms


• The ability to create bookmarks with “Live Titles” for Web sites that offer microsummaries


• New Add-ons manager that simplifies management of extensions and themes.


• Support for JavaScript 1.7


• Extended search plugin format

Click on for a screen shot and download information.

You can download Firefox 2 Beta 2 builds for Windows, Mac OSX and Linux in several languages via this site. You can also track the progress to the final release here.

As we get close to the final availability of Internet Explorer 7, Microsoft is scrounging for a way to regain market share in the browser war. Recent polls have shown Firefox, Safari, and Opera gaining more ground while Internet Explorer (IE) is loosing share. To combat this, MS has announced that they will distribute IE7 as a high-priority update via Automatic Updates (AU) shortly after the final version is released for Windows XP (in Q4 of this year), “to help our customers become more secure and up-to-date.” Advanced security features include ActiveX Opt-in, a Phishing Filter, and Fix My Settings.

Nice marketing Microsoft, it’s ok you can just say that you a scared sh!tless after loosing a anti-trust battle in the EU and loosing multiple percentage points of market share each month to Mozilla, a company that started as a hobby and now makes tons of $$ from their forward thinking.

Read [IE Blog]
Via [Huddled Massess]