With the final Industry Committee review of C-27, Canada's anti-spam legislation, set for Monday afternoon, lobby groups have been increasing the pressure all week in an effort to water down many of the bill's key protections. Yesterday, the Canadian Marketing Association chimed in with an emergency bulletin to its members calling on them to lobby for changes to the bill. While the CMA was very supportive of the bill when it appeared before the committee in June, it now wants to kill the core protection in C-27 - a requirement for express opt-in consent. more
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case. more
I received a spam message the other day that went to my Junk Mail Folder. I decided to take a look at it and dissect it piece by piece. It really is amazing to see how spam crosses so many international borders and exploits so many different machines. Spammers have their own globally redundant infrastructure and it highlights the difficulties people have in combating the problem of it. more
Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
The DKIM standard has been out for two years now, and we're starting to see some adoption by large mail systems, but there's still a lot of misunderstanding about what DKIM does and doesn't do... Any a mail system can add a signatures to the messages it handles, and spammers can sign their mail, too. A DKIM signature contains, stripped down to its basics, the domain of the signer and a checksum of the message. more
Average level of spam in the second quarter of 2009 has risen by 53 percent, as compared to the first quarter of this year, according to latest report from Google's email security and archiving services group, Postini. The report foresees unpredictable pattern of drops and spikes for the rest of the year... more
Recent study indicates that US continues to widen its lead as the number one country when it comes to hosting phishing sites. According to the latest Brandjacking Index just released by MarkMonitor, US-hosted phishing sites grew by ten percent from last quarter -- up from 36 percent to 46 percent. Canada is now at second position with 4.7 percent of all phishing attacks, followed by the Russian Federation (4.5 percent), France (4 percent), and Denmark (4 percent). more
CAUCE just posted a blog entry about C-27; we will be speaking to the Industry, Science, and Technology committee reviewing the bill this afternoon. The meeting will be webcast starting at 15:30 eastern... more
Spam levels have increased by 5.1% since last month, reaching heights of 90.4%, according to latest report from Symantec's MessageLabs Intelligence... The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink, says the report. "Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the emails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains." more
As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more
A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more
Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more
A World-Renowned Source for Internet Developments. Serving Since 2002.