Threat Intelligence |
Sponsored by |
|
One of my pet peeves is the headline "n %" of email is spam, it is inherently misleading, and conveys no useful data. I guess it makes for great newspaper headlines then! On our servers looking at one email address for 4 hours, we saw 208 attempted connections for SMTP traffic referring to this email address. ...One can't measure spam in relation to the amount of genuine email, because the amount of genuine email is not connected to the amount of spam... more
The latest post on DearAOL's blog, by EFF activist coordinator Danny O'Brien, is titled "The Shakedown Begins". In short, Danny receives email from overstock.com on an AOL mailbox -- email that he apparently paid overstock $29.95 to receive. And that email arrives with Goodmail certification that AOL recognizes and flags as such. Danny seems to think this is not the sort of email that should be certified by Goodmail, and that AOL should not suddenly turn on Goodmail certification. Suddenly? more
Apparently, at this stage, it is only a proposed ruling. But I am no lawyer. This story has been discussed before, when Spamhaus, which is located in the UK, was sued in the US by a spammer. They refused to come before the court as "they do no business in Illinois, and are located in the UK...After this court ruling, Spamhaus.org was under a DDoS attack, in my opinion for the purpose of preventing users from reaching the information it provided about the court ruling. This was done along-side a Joe Job, sending fake email appearing to come from Spamhaus's CEO... more
Why shouldn't there be a .gadi TLD? Why not one for Microsoft? This post is not about alternate roots or why they are bad, this post is about something else. We do need to go over some background (from my perspective) very quickly though. ICANN has a steel-fist control over what happens in the DNS realm. They decide what is allowed, and who gets money from it. Whether it's VeriSign for .com or any registrar for the domains they sell. They decide if .gadi should exist or not. ...What I am here to discuss is why Microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world's DNS. more
A couple of days ago the BBC reported that a document called the Information Operations Roadmap (PDF) had been declassified and that it contained some pretty interesting stuff. The American dominance over the Internet, recently manifested by its unwillingness to hand over some of the critical control to UN-organizations, may have another side to it. more
Without commenting on the particulars as they relate to Goodmail -- especially since I am on the advisory board for Habeas, a competitor -- let me note that public discussion is largely missing the nature of the current Internet mail realities and the nature of the ways we can deal with them. There are two articles in the current issue of the Internet Protocol Journal, of which I wrote one, that provide some useful background about this reality. Simply put, Internet mail needs to sustain spontaneous communications... more
Cindy's piece on the EFF website seems to be a bit of a pastiche, with elements taken out of various articles (some outright wrong, some merely misinformed) that have been doing the rounds of the media for quite a while now about Goodmail. She started off comparing AOL and Goodmail with the old email hoax about congress taxing email. That same line was used in a CircleID post by Matt Blumberg, CEO & Chairman of Returnpath... Various other quotes from different places - Richard Cox from Spamhaus on CNN for example. However a lot of the quotes in those articles are being based on wrong or out of context assumptions, starting with one that goes "AOL is going to remove all its existing whitelists and force people to use Goodmail". more
In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
Another paper from the Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work. more
Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more
I got a letter the other day from AOL postmaster Carl Hutzler, about how the Internet community could get rid of spam, if it really wanted to. With his permission, here are some excerpts. "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution)." more
Several people emailed me about the actual things the senator said and why he is off-base. I decided to listen to his speech again, and write down the points I believe are critical. Senator Stevens who everyone is dissing on for his speech on Net Neutrality in my book spoke nothing less than brilliant. I will also tell you, in my opinion, exactly why... He nailed down the subject into the point that matters: Business. It's about profit. more
The following provides and introduction to a study by Venugopalan Ramasubramanian and Emin Gun Sirer, called "Perils of Transitive Trust in the Domain Name System". The paper presents results from a large scale survey of DNS, illustrating how complex and subtle dependencies between names and nameservers lead to a highly insecure naming system... "It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. We recently performed a large scale survey to answer some basic questions about the legacy DNS." more
One of the best sources of information about sites on the web is the Whois database. A trio of patent applications from Go Daddy, published last week at the US Patent and Trademark Office, explores whether adding additional information to the Whois database might help reduce spam, phishing, and other fraudulent practices and improve search engine results. The patent filings from Go Daddy would add reputation information to the published Whois data to let others use it for a number of reasons, including enabling search engines incorporate it into their ranking mechanisms. ...The patent application from Google focuses upon fighting web spam using a wide range of data, including that associated with domain names. ...We can't really be certain that Google is presently using this information, but there are some indications that they may be... more
A World-Renowned Source for Internet Developments. Serving Since 2002.
