I've helped with product development and product sourcing for some time here in Hong Kong. This means I've attended many tech trade shows and passed out countless business cards. Since these are Chinese businesses, this provides great tests for my SpamAssassin installation.

The latest trick that certain mainland spammers have taken up is creating Yahoo groups and then signing my email address up to receive the emails for their group. Yahoo Groups does not require an email confirmation for 3rd Party signup to the Yahoo Groups. The admins in news.admin.net-abuse.email knew this was a recipe ...

OpenID has officially been added to The List. Y'know, The List. The official list of things the kool kidz all mindlessly slag. Nokia, XML, W3C.

The proclamations go out far and wide that OpenID is a failure and OAuth is a resounding success. It is true that OAuth has found much wider adoption on the internet than OpenID, but there are a few reasons for that, which are more social and economic than technical.

OAuth is designed to simply provide authorization to third-parties to use another's ID system. It was implemented to replace the "password anti-pattern" of providing ...

In the June 2008 issue of Computerworld Hong Kong on page 14 (not yet online), there is a write-up of the Info-Security Conference 2008 that was held at the HKCEC on May 23. I'm disappointed I missed hearing Bruce Schneier speak, but what drove me crazy about the article was the opinions of IBM's Pierre Noel as quoted.

"Information security has more to do with risk management than network management," said Noel, who urged delegates to assess the value of the information, and what the potential impact on the organization would be if the information was compromised, before ...

-Yahoo! News posts news from IDG on Microsoft Fixes IE, DirectX Security Bugs

Desktop users will want to be sure to install the critical Internet Explorer and DirectX updates as soon as possible, said Amol Sarwate, vulnerability lab manager with security vendor Qualys. Some of the flaws addressed in these patches can be exploited in Web-based attacks where a criminal tricks the victim into visiting a malicious Web page and then takes advantage of the bug to install malicious software on the Windows PC.

No, we aren't talking about allowing malicious websites to download files to your designated download ...

Malware on legitimate web sites is a growth industry!

In a security report entitled A comparative look at the state of web security, May 2007-May 2008, released on Thursday, ScanSafe found 68 per cent of all internet-based malware was now being hosted on legitimate sites.

...

Techniques to compromise websites, including Iframe and SQL injection attacks, are becoming more ubiquitous, ScanSafe warned.

...

Landesman said: "Over the last year malware authors have moved away from direct attacks - attacks in which they directly interact with victims, via social engineering for example - to indirect attacks accomplished through compromised websites."

More people are becoming more ...

MIT's Technology Review posts a nice little graph of Where Spam Is Born based upon research from Team Cymru, a security research firm in Burr Ridge, IL.

The leader of the pack of spam being sent is China followed by Brazil, Turkey and the US. The graph also shows the number of stormworm bots per country and other bots per country. According to the research there are very few Stormworm or other bots in China, while India has the most Stormworm bots but ends up eighth on the origins of spam.

RedFoxOne in comments suggests that it's only ...

Akamai says China and USA are leading sources of cyber attacks.

According to the report, of all the attacks during the first quarter of 2008 31 percent were originated from China and US. China?s share in attacks was 17 percent followed by US 14 percent.

Other countries leading cyber attacks are Argentina, Brazil, India, Japan, South Korea, Taiwan and Turkey.

Most attacks were aimed at Microsoft Windows in the form of malwares, viruses and trojans. Around one-third of the attacks (30 per cent) targeted port 135, which is used for remote procedure calls in Windows.

And as noted as ...

Via Newsvine comes an AP story on a New report identifies dangerous Web domains.

McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information).

Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of ".cn" sites and 11.7 percent of ".info" sites that way.

A little more than 5 percent of the sites under the ".com" domain ? the world's most popular ? were identified as dangerous.

Ooops! But then the story provides a few items of interest ...

The AP has another story on Chinese tech espionage. Did Chinese hack U.S. official's laptop? As usual the details seem scarce on what actually happened. Stolen passwords? Stolen information on network layout? Trojan document?

U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce computers, officials and industry experts told The Associated Press.

...

In the period after Gutierrez returned from China in December, the U.S. Computer Emergency Readiness Team ...