Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The sixth annual Counter-eCrime Operations Summit (CeCOS VI) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the shifting nature of cybercrime and the attendant challenges of managing that dynamic threatscape. more
In part 1, we explained that the DKIM "d=" value identifies the domain name which signed the message, which may be a different domain name from the author of the message. Tying the signing and author domains together will require an additional standard: Author Domain Signing Practices (ADSP). In IETF parlance, the "author domain" is the domain name in the From: header, so ADSP is a way for the author domain to publish a statement specifying whether any other domain name should ever sign a message purporting to be From: that author domain... more
One can read in an Associated Press article that the US State Department have their email system bogged down due to too many people use the Reply-All function in their email client. IT Departments have asked people to not use Reply-All and also threaten with disciplinary action. To me, that is the wrong path forward. more
How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create. more
Hoang v. Reunion.com sidesteps an eagerly anticipated legal dispute over the legality of commercial address book scraping and 'send-to-a-friend' emails, and also highlights the damage that can cascade when a federal Circuit Court woefully misreads a statute. more
Earlier this year, the New Zealand Department of Internal Affairs, the US Federal Trade Commission, and the Australian CMA broke up a large fake drug spam ring known as Herbal Kings, run by New Zealander Lance Atkinson. The NZ government fined him NZ$108,000 (about US$80,000) which, while a substantial fine, seemed pretty small compared to the amount of money he must have made. But today, at the FTC's request a US judge fined Atkinson US$15.5 million, and got his US accomplice Jody Smith to turn over $800,000, including over $500,000 in an Israeli bank. more
In November, Mark Mumma, who runs a little design firm at webguy.com, lost an appeal in the Fourth Federal Circuit. He'd filed suit against cruise.com and their parent Omega World Travel under CAN SPAM and an Oklahoma anti-spam law. Omega countersued for defamation. The court threw out Mumma's case, and allowed part of the defamation case to proceed. At first blush, this looks like a big win for spammers. more
On 24 and 25 February 2011 the European Commission, DG Home Affairs, organised a meeting on cyber crime in cooperation with the US government, Department of Justice, with representatives of the law enforcement community, registries and registrars. The basis of the discussion was the RAA due diligence recommendations (hence: the recommendations) as presented by LEAs in the past years during ICANN meetings. The meeting was constructive, surprising and fruitful. I give some background, but what I would like to stress here is what, in my opinion, could be a way forward after the meeting. more
Or, to be more precise, it sure looks like they do. I wrote on another post on a publicly available spam tool, and I mentioned that I came across a page that allowed people to verify whether or not an email address is actually live. The question naturally arises: do spammers clean up their email contact lists based upon whether or not the address is legitimate? Spammers would have an incentive to do this... Do we actually observe spammers changing their sending patterns? I believe that we have evidence that they do. more
Last week, I read Ed Falk's blog post where he commented on a possible solution to the spam problem. He himself was commenting on a study done by researchers out of the University of California where they discovered that credit card transactions for stuff bought in spamvertisements are handled by three companies: one in Azerbaijan, one in Denmark and one in the West Indies. Presumably, if security experts and law enforcement went after these companies, spammers would have their financial supply cut off. No money = no incentive to spam. more
There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach. more
Not so long ago, the notion of introducing laws and other regulatory responses to address cyber security issues was regarded with significant hesitation by governments and policy makers. To some extent, this hesitation may well have stemmed from a general perception by those who do not work directly in the field that the world of cyber security is somewhat of a 'dark art'. More recently, however, there has been a substantial shift in this attitude, with proposals to regulate a range of cyber security related matters becoming increasingly numerous. more
In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more
The CAN SPAM act has been in place for five and a half years. Compatible state laws have been in place nearly as long. Anti-spam laws in the EU, Australia, and New Zealand were enacted years ago. But the number of significant anti-spam lawsuits is so small that individual bloggers can easily keep track of them. Considering that several billion spams a day are sent to people's inboxes, where are all the anti-spam lawsuits? more
e360 initially filed suit against Comcast early in 2008. They asserted a number of things, including that Comcast was fraudulently returning "user unknown" notices and that they were certified by ReturnPath. Comcast filed a countersuit alleging violations of CAN SPAM, violations of the computer fraud and abuse act, as well as a number of other things including abuse of process. In April of 2008 the judge ruled in favor of Comcast and dismissed e360's case, while allowing the countersuit to proceed. more
A World-Renowned Source for Internet Developments. Serving Since 2002.