Threat Intelligence |
Sponsored by |
|
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
The security vendor-phobe at the head of the conference bangs on the podium with his shoe declaring that "The greatest threat comes from within! (buy our product for your network's salvation)." Fear as a marketing strategy can never be underestimated. Particular when the fear is of the misunderstood. Media helps stoke the flames of fear-marketing with stories of fired or disgruntled IT staff who reportedly effectuate their revenge on former employers by bricking systems. more
In the midst of "Cyber Monday", the day traditionally seen as one of the year's busiest days for online shopping, it is only appropriate to examine the importance DNS plays for online economies. With DNS being at the heart of Internet connectivity it is easy to understand why DNS is important to the growing health of economies whose online health in dollars and euros rest in the billions. more
I'm sure many of you are familiar with the targeted ESP phishing attack that has been ongoing for almost a year now and has led to multiple known ESP system breaches. Return Path was recently a victim of this same attack... In short, a relatively small list of our clients' email addresses was taken from us, meaning those addresses are now the targets of the phishing campaign that are intended to compromise those client systems. more
An industry professional at Abusix is the backbone behind a proposal to improve and create better mitigation of abuse across different global internet networks. Basically, this introduces a mandatory "abuse contact" field for objects in global Whois databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally - as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc. should closely follow this. more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
Following up from my post yesterday, I thought I would take a look at how spammy each particular TLD is. At the moment, I only track 8 TLD's - .cn, .ru, .com, .net, .org, .info, .biz and .name. To check to see which one is the spammiest, I took all of our post-IP blocked mail and determined how many times those messages occurred in email, and how many times that email was marked as spam... more
A couple of weeks ago, NetworkWorld published an article indicating that the .com TLD was the riskiest TLD in terms of containing code that can steal passwords or take advantage of browser vulnerabilities to distribute malware... It is unclear to me what they mean by TLD's being risky. The number of domains, 31.3% of .com's being considered risky, what does this actually mean? Is it that 31% of .com's are actually serving up malware or something similar? If so, that seems like a lot because for many of us, nearly 1 in every 3 pages that most people visit would be insecure... more
According to recent news reports, the administration wants new laws to require that all communications systems contain "back doors" in their cryptosystems, ways for law enforcement and intelligence agencies to be able to read messages even though they're encrypted. By chance, there have also been articles on the Stuxnet computer worm, a very sophisticated piece of malware that many people are attributing to an arm of some government. The latter story shows why cryptographic back doors, known generically as "key escrow", are a bad idea. more
A couple of days ago, Threatpost posted an article indicating that the United States is the most bot-infected country... I think that Microsoft's mechanism of measuring bot infections is a good one, not necessarily because it is the most accurate but because it represents the most complete snapshot of botnet statistics. Because Microsoft Windows is installed on so many computers worldwide and because so many users across the world call home to the MSRT, Microsoft is able to collect a very large snapshot of data. more