After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing. more
Consider this scenario: you need a domain name for your site so you go to your favorite domain registrar's website and upon a quick search find that your third choice is actually available! You quickly pull your credit card and register the name. Everything is good and you can't wait to have your new domain start pointing to your site and represent your official email address. But not so fast -- some of the recent events are revealing that, these days, when you are registering a domain name there is one more critical thing you need to do: check under the hood! more
Jay Fink had an interesting little business. If you lived in California, you could give him access to your email account; he'd look through the spam folder for spam that appeared to violate the state anti-spam law and give you a spreadsheet and a file of PDFs. You could then sue the spammers, and if you won, you'd give Fink part of the money as his fee. more
Nowadays, with increasing digitalization and internet usage, email is a central communication tool. This holds true even despite the high popularity of instant messaging apps and social media. Email remains the favorite means of business communication worldwide, both in B2B and B2C. In 2019, 293.6 billion emails were sent and received. By 2025, this number will grow even more. It is predicted that we will send and receive 376.4 billion emails per day. In this scenario, implementing security features for email communications has become absolutely essential. more
Back in 2014, to foster innovation and to better the choice in domain names, ICANN introduced new generic top-level domains through its New gTLD Program. It was a monumental move that enabled businesses, individuals, and communities across the globe to mark their presence on the Internet. Allowing users to be present digitally in their chosen language (non-ASCII characters and scripts) gave opportunities to local businesses, civil societies, and governments to better serve their communities. more
If you have already adopted AI in your small or mid-size organization, congratulations. If not, the urgency of adopting should be a top priority. You will become a laggard and most likely obsolete given the supercycle of innovation we are currently in. Implementing AI is quite different from other organization-wide strategies because it involves highly specific characteristics and expert resource pools that SMBs might not be able to access. more
Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
Over at Word to the Wise, Laura Atkins has a post up where she talks about the real problem with ESPs and their lack of internal security procedures which resulted in the breach of many thousands of email addresses (especially Epsilon). However, Atkins isn't only criticizing ESP's lack of security but also the industry's response wherein they have suggested countermeasures that are irrelevant to the problem. more
It's easy to look at Amazon SES and sigh. Thousands of low-end customers sending mail from a shared IP pool? Amazon already knows that trick never works! Just one spammer will ruin the reputation of those IP addresses, resulting in ongoing delivery problems for everyone who uses the service. It is possible that Amazon can build the systems and human processes to keep spammers out; certainly sounds like they want to. more
In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more
Many news sources are reporting on how Google and other corporations were hacked by China. The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day. more
One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more
On Wednesday, Project Honey Pot filed an unusual lawsuit against "John Does stealing money from US businesses through unauthorized electronic transfers made possible by computer viruses transmitted in spam." Their attorney is Jon Praed of the Internet Law Group, who is one of the most experienced anti-spam lawyers around, with whom I have worked in the past. more
Well, it's a yearly tradition in the western hemisphere that at the end of the year, we compose a top 10 list of the 10 most