BuzzBlog: Anti-Phish Posse; Turning Patches Into Pitches

Saddle up with the Phishing Incident Reporting and Termination Squad -- corralling criminal Web sites and protecting the innocent. Plus, hackers weren't the only ones taking advantage of a recent

April 6, 2006

2 Min Read
Network Computing logo

Anti-Phish Posse Seeks Deputies Like the Wild West of yore, the Internet is lawless territory populated by varmints and desperados, and sometimes you have to make your own justice. That's why Internet citizens have banded together to form the Phishing Incident Reporting and Termination (PIRT) Squad. Its mission is to corral criminal Web sites and protect the innocent.

Organized by the Web site CastleCops and anti-spyware vendor Sunbelt Software, PIRT is recruiting volunteers to report new phishing scams. More experienced handlers will review the submissions and send reports to a variety of organizations, including the company being phished, anti-phishing toolbar companies, researchers, and ISPs hosting the phishing sites. You can saddle up at wiki. castle cops. com/ PIRT. According to the Web site it's the only community takedown organization of its kind. --Andrew Conry-Murray, [email protected]

Turning Patches Into Pitches

Hackers weren't the only ones taking advantage of Internet Explorer's recent "createTextRange()" vulnerability. As news of exploits surfaced in late March, security vendors eEye and Determina scored loads of free publicity by releasing unofficial patches days ahead of Microsoft's certified fix. Tech news hotspots CNet, SecurityFocus, The Register, Slashdot and TechWeb ran headlines on the patches, as did The Washington Post. The New York Times also carried CNet's coverage online.

The advisories that accompany the patches feature not-so-subtle pitches for their intrusion prevention products, including claims of pre-emptive protection against any and all exploits of the vulnerability. Researcher Ilfak Guilfanov enjoyed widespread press in January when he released an unofficial patch for a different IE vulnerability. Sharp-eyed marketers at eEye and Determina obviously were paying attention.

Blog Log:
"AT&T's latest 'local connectivity charge' appears to be a totally made up fee that allows them to raise rates up to $4 a month without actually saying they're raising rates. The problem isn't that these companies need to recover their costs, but that they do so in such a sneaky way.'"--Tech Dirt,

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights