With all the hoopla surrounding DMARC, I thought I would take the time to see how SPF is functioning in real life, at least in our network. According to DMARC documentation, SPF and DKIM adoption is reaching critical mass (see page 5 of that link): Over...

Following on from my previous post on Android threats (this post is based upon research of Google’s Bouncer feature), Google’s strategy to combat Maldroids is four-fold: Prevent security issues from occurring Minimize the impact of any security issues...

A couple of weeks ago, I was checking email on my phone and I got a spoofed email from Stratfor saying that the CEO of the company stepped down.  I initially fell for it because I couldn’t see the formatting of the email, I only had a sub-optimally...

The title of this post is a record for my longest post title ever.  But I had to get everything in there lest you think this blog post is only on one topic. The story of Stuxnet occurred in 2010 and it seems like forever ago.  And since that...

Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet.  Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more...

I recently had a chance to read a report out of the University of California at San Diego by Chris Kanich (among others).  I also had a chance to hear him speak about the topic – Show Me The Money!  This post contains my notes with some photos...

I’ve been doing some reading recently on Android threats, specifically some stuff by Eric Chien, Technical Directory of Security Technology and Response at Symantec.  Anything you read here is not stuff I’ve come up with myself, but rather, based...

A couple of months ago, I wrote about IBM’s predictions for 2016 , and one of those was that there would be no more spam.  As I look around at other predictions about the future, I say to myself “Self, what do I think will be the future of abuse...

Following on from my previous post, what does the future of Internet abuse look like?  Here’s what I think: The proliferation of smaller devices will shift malware away from PCs to phones and tablets Crime will not go away.  The reason criminals...

Graylisting is an antispam technique that works by taking advantage of sender reputation.  Specifically, the lack of a good or bad reputation gives the sender a chance to prove themselves worthy of delivery.  The basic idea is that a good sender...

Last week, Krebs on Security reported on how 50% of online pharmacies’ domains are registered on only two different registrars – Internet.bs (what a curious name) and Ukranian Names.  Internet registrar watchdog Knujon also released a report about...

Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet.  When I say “botnet”, I use the term loosely because Zeus is not a botnet in the...

I’ve written a number of times in the past about which botnets send us the most spam.  Cutwail is always in the top 3. With the Zeus disruption, has this affected Cutwail at all?  Cutwail is not necessarily related to Zeus; as I said in my previous...

I was reading All Spammed Up’s recent post entitled Are Spam Filters really that Bad?   It is referring to the latest test to come out of Virus Bulletin where they measure the efficacy of a variety of antispam products: In the latest VBSpam comparative...

This is an old story (where old > 2 weeks), but I still want to write about it. Nine months ago, I wrote a post where LulzSec decided, after 9 weeks of mischief, to call it quits .  This was in June, 2011. About three weeks ago, the FBI announced...

The Wall Street Journal has an article up today with an interview with outgoing head of the FBI’s cyber crime investigation Shawn Henry.  In it, he has a blunt assessment of the US’s capabilities when it comes to combatting online crime, especially...