Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more
As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more
After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more
In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more
On Saturday Aug 7th, DNS provider DNS Made Easy was the target of a very large denial of service attack. As far as can be determined the total traffic volume exceeded 40 Gigabit/second, enough to saturate 1 million dialup Internet lines. Several of DNS Made Easy's upstream providers had saturated backbone links themselves. There are indications that not only DNS Made Easy suffered from this attack, but the Internet as a whole. more
In mid-March, the group dubbed by Wired Magazine 20 years ago as Crypto-Rebels and Anarchists - the IETF - is meeting in London. With what is likely some loud humming, the activists will likely seek to rain mayhem upon the world of network and societal security using extreme end-to-end encryption, and collaterally diminish some remaining vestiges of an "open internet." Ironically, the IETF uses what has become known as the "NRA defence": extreme encryption doesn't cause harm, criminals and terrorists do. more
As I blogged about several months ago, as did numerous other anti-spam bloggers, David Ritz was sued by Jeffrey Reynolds and a judge in North Dakota agreed with Reynolds. At the heart of the case was that Ritz engaged in anti-spam activities using techniques known only to a small subset of advanced computer users, and used these techniques maliciously against Reynolds... Back in the olden days of spam fighting, some anti-spammers used to use malicious techniques against spammers in order to shut them down... more
One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more
TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more
In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more
Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more
I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation. more
In a discussion about a recent denial of service attack against Twitter, someone asked, "Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?" Sure, but you're not going to like it. The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved... more
Many of you will have seen news stories that explained what was going on: a huge DDoS attack on the infrastructure of Dyn had taken down access to many large websites like Twitter. A great deal of digital ink has since been spilled in the mainstream press on the insecurity of the Internet of Things, as a botnet of webcams was being used. Here are some additional issues that might get missed in the resulting discussion. more
The latest Anti-Phishing Working Group (APWG) Global Phishing Survey, which analyzed over 100,000 phishing attacks in the first half of 2014, examines the progress that top level domains (TLDs) are making in responding to phishing attacks that use their TLDs. The report finds the .INFO domain has the lowest average phishing uptimes as compared to other TLDs, such as .COM and .NET. more