/ Most Commented

Thoughts on the Best Western Compromise

Aug 25, 2008

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more

Spam Fighters: Revenge is a Dish Best Left in the Freezer and Forgotten

Aug 21, 2008

There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers -- regardless of who else gets hurt along the way. In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites... This week, a company called SpamZa was hurriedly making a similar mistake... more

Lies, Damn Lies, and Anti-Spam Vendor Press Releases

Aug 21, 2008

There's a lot of chatter about a recent study purporting to show that 29.1% of internet users has bought something from spam. As ITWire reported, "Marshal were not only interested in how many people were purchasing from a spam source, but also what goods and services they were buying. Perhaps less surprisingly this revealed that sex and drugs sell well online." But at downloadsquad, Lee Mathews discovered the shocking truth: "the survey only involved 600 people." more

McCain Tech Plan: The Only Vision is Backward-Looking

Aug 15, 2008

So I've spent more time with the McCain tech plan today. At a time when this country is suffering economically and looking for fundamental change, it looks as if Sen. McCain is in the back office having lunch with a bunch of accountants. The heavy emphasis in the policy on tax cuts seems designed to appeal to people who equate lower taxes with progress. Haven't we already had years of that kind of approach? more

Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident?

Aug 13, 2008

It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more

Georgians Use Spam to Explain Their Situation

Aug 13, 2008

Call it outreach, call it propaganda or call it brilliance or even desperate measures, spammers (people) who favour the Georgian side in the recent conflict have been spamming using email, to get their point across. Depending on where in the world you are from, your ideological standpoint on Russia and your beliefs, when it comes to what email should be like, can be different and you may judge the action as you will. I call it spam. An Estonian colleague Viktor Larionov was quoted saying that whether there is a cyber war in Georgia or not, we know there is in fact a media war in play... more

Did Russian Cyber Attacks Precede Military Action?

Aug 12, 2008

The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more

ICANN Paints Itself Into a Corner

Aug 11, 2008

ICANN recently commissioned a report from a domain auction company to see whether it would be a good idea to auction Top-Level Domains (TLDs) that have multiple applicants. Remarkably, the domain auctioneers came to the conclusion that auctions are a great idea, which they surely are for some people. But are they a good idea for ICANN? And if ICANN admits they can't evaluate competing applications on their merits, how can they keep the process from turning into another speculative land grab? more

CNN Spam Outbreak Quickly Morphing Into a New Breed

Aug 10, 2008

This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more

ICANN to Auction New Generic Top Level Domains

Aug 09, 2008

ICANN has just published a paper from its contractor PowerAuctions LLC, regarding the use of auctions to award new Top Level Domains (TLD) strings in case of contention. I can understand what ICANN wants to avoid. In the past, it has been criticized for using the "beauty contest" model with the redelegation of the .net TLD... However, the auction model is based on the idea that whoever wins the auction will be able to recoup its investment on the sale... more

ACLU, Anti-Spam Laws, and the First Amendment

Aug 08, 2008

In an article published by the Technology Liberation Front, Cato Institute adjunct scholar Tim Lee dissects a recent argument by the American Civil Liberties Union (ACLU) regarding free speech & anti-spam laws. It's been interesting to watch the ACLU wrestle with anti-spam legislation. Their entire purpose is to work through the legal system to protect our civil rights, as defined in the First Amendment -- which is why I've been a card-carrying member since before I was old enough to vote... more

Is Anti-Virus Dead?

Jul 31, 2008

Each SANSFIRE, the Handlers who can make it to DC get together for a panel discussion on the state of information security. Besides discussion of the hot DNS issue, between most of us there is a large consensus into some of the biggest problems that we face. Two come to mind, the fact that "users will click anything" and that "anti-virus is no longer sufficient". These are actually both related in my mind... more

Study Finds 75% of Malicious Websites from Legitimate, Trusted Sources

Jul 29, 2008

New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. more

Advertising Pays for a Lot of Things… What Happens When the Ad Budget Dries Up in a Recession?

Jul 09, 2008

Doing some research on the effects of the Great Depression in the 1930s, I started wondering what happened to advertising during that period. Although I haven't turned up any detailed studies, I took a look at the various archives of advertising that allow Internet access to their exhibits, and noted the general move to less expensive, more localized advertising, and fewer adverts for more expensive goods. It made me wonder what will happen to online advertising if the current credit crunch starts to drive a worldwide recession... more

New Generic Top-Level Domains and Internet Standards

Jul 07, 2008

The recent decision by ICANN to start a new round of applications for new generic Top-Level Domains (gTLDs) is launching a round of questions on the IETF side about its consequences. One possible issue may be with vanity gTLDs like apple, ebay etc. Some expect that every Fortune 1,000,000 company will apply for its own TLD. My guess is rather the Fortune 1,000 for a start, but this does not change the nature of the issue, i.e. those companies may want to use email addresses like user@tld. more

Industry Updates

Illuminating ShadyPanda DNS Infrastructure Facts

Mining for DNS Maxims: Top 10 Malware of Q3 2025

Thumbing Through the DNS Traces of TamperedChef

IPv4 Prices Continue Downward Drift as Market Remains Resilient

DNS Spotlight: New MITRE ATT&CK Group Entrants as of October 2025

A New DNS Validation Method for Simplified Certificate Automation

Hard Data on DDoS, DNS, and the Race for Resilience

Going DNS Deep Diving Into GhostCall and GhostHire

.store and MrBeast Campaign Surpasses 500 Million Views Across Platforms

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

IPv4 Address Prices Continue Their Descent, But Demand Remains Resilient

Burrowing Into the Beamglea Campaign DNS Infrastructure

Chasing After RacoonO365 IoCs Using DNS and Domain Intelligence

Spelunking Into SVG Phishing: Amatera Stealer and PureMiner DNS Deep Dive

2025 .US Town Hall Registration Open: Explore Industry Trends & Policy Insights

View More