Founding partner of anti-spam consultancy & software firm Word to the Wise
Joined on November 23, 2009
Total Post Views: 70,651
About |
Steve Atkins is a founding partner of the anti-spam consultancy and software firm Word to the Wise. I develop high-performance ticketing software for ISP abuse desks and ESP feedback loop handling. I also work with MAAWG and the IETF to develop the next generation of email protocols, and help email senders to understand and deploy them. I also provide technical and forensic assistance to lawyers and law enforcement in email and other internet related cases.
Prior to founding Word to the Wise, Steve was a system architect for UltraDNS, a distributed DNS service serving a number of top level domains and large companies and prior to that a microprocessor designer.
Except where otherwise noted, all postings by Steve Atkins on CircleID are licensed under a Creative Commons License.
The history of long distance communication is a fascinating, and huge, subject. I'm going to focus just on the history of network email -- otherwise I'm going to get distracted by AUTODIN and semaphore and facsimile and all sorts of other telegraphy. Electronic messaging between users on the same timesharing computer was developed fairly soon after time-sharing computer systems were available, beginning around 1965 -- including both instant messaging and mail. more
There are quite a lot of NTP-amplified denial of service attacks going around at the moment targeting tech and ecommerce companies, including some in the email space. What does NTP-amplifed mean? NTP is "Network Time Protocol" - it allows computers to set their clocks based on an accurate source, and keep them accurate. It's very widely used - OS X and Windows desktops typically use it by default, and most servers should have it running. more
URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things... Making URLs shorter was their original role, and it's why they're so common in media where the raw URL is visible to the recipient -- instant messaging, twitter and other microblogs, and in plain text email where the "real" URL won't fit on a single line. From the moment they were invented they've been used to trick people to click on links to pages they'd rather not visit... more
Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more