Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

March, 2012

  • Terry Zink: Security Talk

    How much money do spammers make?

    • 0 Comments
    I recently had a chance to read a report out of the University of California at San Diego by Chris Kanich (among others).  I also had a chance to hear him speak about the topic – Show Me The Money!  This post contains my notes with some photos...
  • Terry Zink: Security Talk

    Think SPF is widely deployed? Think again.

    • 3 Comments
    With all the hoopla surrounding DMARC, I thought I would take the time to see how SPF is functioning in real life, at least in our network. According to DMARC documentation, SPF and DKIM adoption is reaching critical mass (see page 5 of that link): Over...
  • Terry Zink: Security Talk

    The pros and cons of graylisting

    • 0 Comments
    Graylisting is an antispam technique that works by taking advantage of sender reputation.  Specifically, the lack of a good or bad reputation gives the sender a chance to prove themselves worthy of delivery.  The basic idea is that a good sender...
  • Terry Zink: Security Talk

    Internet pharmacies and bad registrars

    • 0 Comments
    Last week, Krebs on Security reported on how 50% of online pharmacies’ domains are registered on only two different registrars – Internet.bs (what a curious name) and Ukranian Names.  Internet registrar watchdog Knujon also released a report about...
  • Terry Zink: Security Talk

    Argh! Spoofed email got me again!

    • 1 Comments
    A couple of weeks ago, I was checking email on my phone and I got a spoofed email from Stratfor saying that the CEO of the company stepped down.  I initially fell for it because I couldn’t see the formatting of the email, I only had a sub-optimally...
  • Terry Zink: Security Talk

    Former US counter-terrorism director speculates who was behind the Stuxnet attack, and talks about China’s role in espionage

    • 1 Comments
    The title of this post is a record for my longest post title ever.  But I had to get everything in there lest you think this blog post is only on one topic. The story of Stuxnet occurred in 2010 and it seems like forever ago.  And since that...
  • Terry Zink: Security Talk

    Predicting the future of abuse, part 2

    • 0 Comments
    Following on from my previous post, what does the future of Internet abuse look like?  Here’s what I think: The proliferation of smaller devices will shift malware away from PCs to phones and tablets Crime will not go away.  The reason criminals...
  • Terry Zink: Security Talk

    Has the Zeus disruption affected spam at all?

    • 0 Comments
    I’ve written a number of times in the past about which botnets send us the most spam.  Cutwail is always in the top 3. With the Zeus disruption, has this affected Cutwail at all?  Cutwail is not necessarily related to Zeus; as I said in my previous...
  • Terry Zink: Security Talk

    The Top 3 Emerging Threats on the Internet

    • 0 Comments
    Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet.  Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more...
  • Terry Zink: Security Talk

    What Android threats look like

    • 0 Comments
    I’ve been doing some reading recently on Android threats, specifically some stuff by Eric Chien, Technical Directory of Security Technology and Response at Symantec.  Anything you read here is not stuff I’ve come up with myself, but rather, based...
  • Terry Zink: Security Talk

    Predicting the future of abuse

    • 0 Comments
    A couple of months ago, I wrote about IBM’s predictions for 2016 , and one of those was that there would be no more spam.  As I look around at other predictions about the future, I say to myself “Self, what do I think will be the future of abuse...
  • Terry Zink: Security Talk

    Spam catch rates drop

    • 0 Comments
    I was reading All Spammed Up’s recent post entitled Are Spam Filters really that Bad?   It is referring to the latest test to come out of Virus Bulletin where they measure the efficacy of a variety of antispam products: In the latest VBSpam comparative...
  • Terry Zink: Security Talk

    Microsoft disrupts the Zeus infrastructure

    • 0 Comments
    Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet.  When I say “botnet”, I use the term loosely because Zeus is not a botnet in the...
  • Terry Zink: Security Talk

    How Google is fighting back against Android threats

    • 1 Comments
    Following on from my previous post on Android threats (this post is based upon research of Google’s Bouncer feature), Google’s strategy to combat Maldroids is four-fold: Prevent security issues from occurring Minimize the impact of any security issues...
  • Terry Zink: Security Talk

    Top Anonymous/LulzSec hacker caught

    • 0 Comments
    This is an old story (where old > 2 weeks), but I still want to write about it. Nine months ago, I wrote a post where LulzSec decided, after 9 weeks of mischief, to call it quits .  This was in June, 2011. About three weeks ago, the FBI announced...
  • Terry Zink: Security Talk

    U.S. Outgunned in Hacker War

    • 0 Comments
    The Wall Street Journal has an article up today with an interview with outgoing head of the FBI’s cyber crime investigation Shawn Henry.  In it, he has a blunt assessment of the US’s capabilities when it comes to combatting online crime, especially...
Page 1 of 1 (16 items)