I had a feeling that some people stayed up all night on Sunday waiting for the planned, and announced, al Qaeda cyber-jihad to begin.

Thankfully, like the Great Pumpkin, it might just be a figment of the imagination.

We found some interesting points this week from Marcus Sachs, SANS Internet Storm Center director and a former White House cybersecurity advisor on whether or not cyber-terror is a reality. His point: Sunday’s threat was overblown in the press, but al Qaeda and other terrorist groups do use the internet to communicate and raise money.

“This whole cyber-terrorism thing has always bothered me, especially since every time some nut decides that the ‘next attack’ is going to be against an online target, the press goes into hyper alert mode. Folks, let’s get serious about this for a few minutes. I know that this is politically incorrect, but the odds of a terrorist group ‘terrorizing’ the internet with cyber-bullets and e-bombs are about as small as the odds of the Morse Code coming back as a primary means of communication. It’s not zero, but it’s also not much more than zero…

The terrorists use the internet for the same thing everybody else does - communicating with each other. They also use it to raise money through criminal activity, then launder it via one of the many electronic payment systems. Ever look at the spam and phishing junk mail you receive? It’s not just the Russian Business Network operating in the shadows. With the internet providing near-perfect communications and a seemingly endless supply of money why would a terrorist group want to blow it up?”

Maybe it’s time for a sigh of relief. The much rumored “cyber-jihad,” scheduled for Sunday, never took place.

Most security researchers dismissed, or at leas downplayed, the threat in the days leading up to the scheduled Nov. 11 event, but I’d bet there was – and likely is – at least one person working for the federal government taking the threat seriously.

F-Secure’s Mikko Hypponnen has a write-up on the company blog, stating, “Cyberterrorism is not a problem. But it does make for cool movie scripts.”

And Peter Coogan at Symantec Security Response filed this post, listing the tale of the tape between e-Jihad vs. Storm Worm. Guess who won?

Here’s a hint, from Coogan’s post:

“Comparing the e-jihad and Storm techniques mentioned above clearly shows that the ‘cyber terrorists’ in this case are well behind the cyber criminals.”

We’d be lying to you if we were to use the words “Mac trojan” and “epidemic” in the same sentence.

While an in-the-wild trojan was found for OS X last month, and now it doesn’t appear to be alone, it’s also not fair to say Mac exploits are everywhere – at least not yet.

Here’s a link to F-Secure’s blog, where they detail a number of variants found in the wild recently.

Johannes Ullrich, on the SANS Internet Storm Center diary, on reports (including ours) that al Qaeda-trained cyberattackers are playing a e-jihad on Nov. 11:

“So in short: stay calm, focus on best practices and you don’t have to do anything special on Nov. 11. If your systems are secure, they will be fine. If they are not secure, they will get hacked no matter if it’s cyber jihad or the script kiddie from next door.

In the past, political attacks like this resulted in some more or less manual DoS attacks. Expect things like calls for supporters to reload particular ‘offensive’ websites, or use the ping command to flood them. In some cases, supporters may be asked to install trojans. But chances are that the usual criminals will just take advantage of this and use it as a trick to install the regular criminal bots.”

Johannes might be right. The site that reported the coming e-jihad, DEBKAfile, has been known to get things wrong. We’ll know one way or the other on Sunday.

An important reminder from Randy Abrams, director of technical education at ESET:

If you’re panning on giving to the Red Cross or other charities to help people dislocated by the California fires (and I hope you are), it’s important to note that scammers want to take advantage of your good intentions.

Here’s a routine trick:

“First of all, do not respond to email messages soliciting donations, even from legitimate charities. These messages often are not sent by the charity itself. If you get an email from The American Red Cross and you wish to donate to this respected organization, do not use any information in the email as it may have been sent by a scammer that will redirect you to their fake Red Cross website. Instead, look up the phone number for the Red Cross, or open your browser yourself and type in http://american.redcross.org.”

Or, for more information on what is, or what is not, a legit charity organization, visit http://www.charitynavigator.org/.

We have some instant reaction to the hacking of the Colorado Rockies’ online ticket system from Larry Seltzer at PC Magazine.

I have to admit, one of the first thoughts that crossed my mind when I first heard of this incident was, “Hmmmmm, isn’t Boston a security researcher-rich city?”

Seltzer also raises the possibility that the attack wasn’t an attack at all, but an attempt to hog tickets.

Mega-hype = increased attention from hackers.

Researchers have proven that one since late July, since when the iPhone has been pulled apart by what must be the largest number of researchers ever interested in a mobile device.

And why not? The iPhone, after all, is a mini-computer – and one from a company known for not having the best relationship with the research community.

Renowned hacker H.D. Moore published some iPhone exploit code over the weekend. Here it is, if you want to take a look.

And please keep in mind, most experts have recommended fighting iPhone insecurity with policy, allowing the device only a very short leash within corporate environments.

Spamming, in most cases, is illegal. So it’s worth wondering what other bad deeds spammers are wrapped up in.

That’s why recent reports describing a spammer’s death were so intriguing.

However, according to McAfee researchers, the event was actually a hoax – and the website announcing the death was registered on Oct. 11, hours before the reports appeared on it.

“Plus, neither Russian sites nor Google have ever heard of this particular spammer (which would be impossible as he is depicted as one of the most prolific). And there is no trace of this murder case in the news, on TV or on the web. In a word – it is definitely a hoax.”
- Igor Muttik, McAfee Avert Labs Blog, Oct. 12, “Two dead spammers? Again.”

Alex Eckelberry, Sunbelt Software president and CEO, said on his company’s blog that the hoax site may be a ploy to infect visitors with malware.

“I wouldn’t encourage visits to this hoax site. There’s no malware on it and you’re not going to get infected. But given where this thing is hosted (and the fact that it is tracking visits), why bother? (If you’re seriously paranoid, you might even go so far as to use TOR to anonymize yourself.)”

Some interesting stuff today on Sunbelt Security’s blog about the fed shutdown of the California “ca.gov” websites this week.

For one, Sunbelt’s CEO and President Alex Eckelberry said today that the Marin County site is still not completely clean, and Madera County has experienced some hacks of its own.

Scroll down a bit, and you’ll see that Eckelberry highlighted a few emails sent to Marin County officials before the shutdown, warning them of the hackings.

On the fed shutdown itself:

“So, was shutting down the entire system overkill? Of course. It was complete overkill. But, on the other hand, it’s a wake up call: Keep your site clean. And for Pete’s sake, please heed the warnings of security researchers when they send you email.”

Yesterday we brought you news that Gmail is open to a filter-insertion technique that can allow attackers to forward mail with attachments to other addresses. Google confirmed that flaw yesterday.

But it looks like Petko Petkov isn’t the only researcher out there looking into Google flaws.

On Wednesday, Billy (BK) Rios posted on his blog that Google may be putting its own servers at risk because of a cross-domain exposure flaw associated with Google Documents.

Here’s a snippet:

“Google Documents basically allows you to upload your documents (a.k.a. content) to a Google server. Once you’ve uploaded the document, Google has essentially “taken ownership” of the document (content). There are ways to minimize the risks associated with taking ownership of content, and it seems that Google has taken some measures to sanitize for XSS… but it seems that their focus on XSS may have caused them to miss a different type of cross domain exposure.”

Rios’ blog also features proof-of-concept code.