Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

June, 2008

  • Terry Zink: Security Talk

    Best looking phish I've seen in a long time

    • 14 Comments
    A month ago one of our spam analysts came across a Bank of America phishing spam.  The thing about this one is that it is one of the best I've seen in a long time: This is very legitimate-looking.  The logo is legitimate, it has correct grammar...
  • Terry Zink: Security Talk

    The problem of backscatter, part 3 - Legitimate bounces

    • 6 Comments
    When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. There are a few kinds of bounce notifications that a mail server can send: Recipient...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, part 2

    • 4 Comments
    2. Definitions The email industry needs to converge on a set of standards around metrics. Specifically, while we all think we know what we mean, what we don’t know is what others think they mean. So, let’s define them: Legitimate mail (ham...
  • Terry Zink: Security Talk

    Define before use should be an enforced rule in production code

    • 4 Comments
    This post is a bit of a rant... but just a bit. I've been at Frontbridge/Exchange Hosted Services for a while.  We were a startup in 2000 (long before my time) and like any startups, the way to get going quickly is to use LAMP technology - Linux...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 1

    • 3 Comments
    I just finished a series on spam metrics and I submitted to the CEAS in order to get it accepted such that I could speak at the conference this year. I put it together in two days.  Well, as it turns out, it was rejected. The reviews on it were anonymous...
  • Terry Zink: Security Talk

    The problem of backscatter, part 1

    • 3 Comments
    As the creator, editor and sole content contributor to this blog, I like to write about topics that are relevant to myself at the present moment.  For example, if we are dealing with a breakout of image spam, I will write a few posts about why image...
  • Terry Zink: Security Talk

    The problem of backscatter, part 2 - The legitimate case

    • 2 Comments
    Before getting into the problem of backscatter, let's look at how the system is supposed to work before spammers ruined it for everyone. Let's say that you want to mail a letter to your friend. You write the letter, put it in an envelope, and write...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, part 3

    • 2 Comments
    3. Measurements The first way to do this is by way of Catch Rate. Catch rate is defined by the following: Catch rate = = Spam correctly identified / (Spam correctly identified+missed spam) = TP / (TP+FN) This Catch rate gives us the effectiveness of a...
  • Terry Zink: Security Talk

    A Common Set of Metrics, part 5

    • 2 Comments
    6. Grey Mail For all of our discussions around spam and non-spam, there is still the issue of grey mail. What is grey mail? Do we include grey mail in our spam corpus? Should we include it in the non-spam corpus or omit it altogether? To begin with, let’s...
  • Terry Zink: Security Talk

    It's like an episode of 24 around here

    • 1 Comments
    From time to time, we have major spam emergencies.  Running a service, stuff invariably breaks.  We try our best to monitor stuff, but something always comes up that we weren't aware of.  Queues build up, perf monitors don't always get...
  • Terry Zink: Security Talk

    Top 50 Tech Visionaries

    • 1 Comments
    I came across an article in PC World about the top 50 Tech Visionaries.  I was only going to read a couple of them but ended up reading the entire thing.  I thought I'd repost 5 of my favorites and maybe add a couple of comments. Steve Jobs...
  • Terry Zink: Security Talk

    A Common Set of Metrics, part 4

    • 1 Comments
    4. Combining FPs and FNs Suppose we were evaluating two filters, Filter A and Filter B. Filter A has a catch rate of 91% but an FP rate of 5%. Filter B has a catch rate of 75% but an FP rate of 2%. Which is better? How can we combine the two metrics?...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 2

    • 1 Comments
    Continuing on in my rebuttals to the reviewers who refused my paper (which I believe is my right... if they can review it and refuse then I can disagree with their reasons for refusal), I'd like to move on to the second reviewer. The definitions given...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 3

    • 1 Comments
    Continuing on in my series of rebuttals to the reviewers of my paper, I'd like to respond to the third and final review. I agree with the author that a set of common metrics is paramount for being able to measure and compare current approaches, and use...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, Part 1

    • 0 Comments
    A few weeks ago I submitted a paper to the CEAS (Conference on Email and Antispam).  My paper was rejected but I thought I would reprint it here. I ended up writing this paper in two days.  I either had to write a 10-page paper or a 3-page one...
Page 1 of 1 (15 items)