Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

BuzzBlog: Anti-Phish Posse; Turning Patches Into Pitches

Anti-Phish Posse Seeks Deputies Like the Wild West of yore, the Internet is lawless territory populated by varmints and desperados, and sometimes you have to make your own justice. That's why Internet citizens have banded together to form the Phishing Incident Reporting and Termination (PIRT) Squad. Its mission is to corral criminal Web sites and protect the innocent.

Organized by the Web site CastleCops and anti-spyware vendor Sunbelt Software, PIRT is recruiting volunteers to report new phishing scams. More experienced handlers will review the submissions and send reports to a variety of organizations, including the company being phished, anti-phishing toolbar companies, researchers, and ISPs hosting the phishing sites. You can saddle up at wiki. castle cops. com/ PIRT. According to the Web site it's the only community takedown organization of its kind. --Andrew Conry-Murray, [email protected]

Turning Patches Into Pitches

Hackers weren't the only ones taking advantage of Internet Explorer's recent "createTextRange()" vulnerability. As news of exploits surfaced in late March, security vendors eEye and Determina scored loads of free publicity by releasing unofficial patches days ahead of Microsoft's certified fix. Tech news hotspots CNet, SecurityFocus, The Register, Slashdot and TechWeb ran headlines on the patches, as did The Washington Post. The New York Times also carried CNet's coverage online.

The advisories that accompany the patches feature not-so-subtle pitches for their intrusion prevention products, including claims of pre-emptive protection against any and all exploits of the vulnerability. Researcher Ilfak Guilfanov enjoyed widespread press in January when he released an unofficial patch for a different IE vulnerability. Sharp-eyed marketers at eEye and Determina obviously were paying attention.

  • 1