Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    The problem of backscatter, part 2 - The legitimate case

    • 2 Comments
    Before getting into the problem of backscatter, let's look at how the system is supposed to work before spammers ruined it for everyone. Let's say that you want to mail a letter to your friend. You write the letter, put it in an envelope, and write...
  • Terry Zink: Security Talk

    The problem of backscatter, part 1

    • 3 Comments
    As the creator, editor and sole content contributor to this blog, I like to write about topics that are relevant to myself at the present moment.  For example, if we are dealing with a breakout of image spam, I will write a few posts about why image...
  • Terry Zink: Security Talk

    Best looking phish I've seen in a long time

    • 14 Comments
    A month ago one of our spam analysts came across a Bank of America phishing spam.  The thing about this one is that it is one of the best I've seen in a long time: This is very legitimate-looking.  The logo is legitimate, it has correct grammar...
  • Terry Zink: Security Talk

    Define before use should be an enforced rule in production code

    • 4 Comments
    This post is a bit of a rant... but just a bit. I've been at Frontbridge/Exchange Hosted Services for a while.  We were a startup in 2000 (long before my time) and like any startups, the way to get going quickly is to use LAMP technology - Linux...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 3

    • 1 Comments
    Continuing on in my series of rebuttals to the reviewers of my paper, I'd like to respond to the third and final review. I agree with the author that a set of common metrics is paramount for being able to measure and compare current approaches, and use...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 2

    • 1 Comments
    Continuing on in my rebuttals to the reviewers who refused my paper (which I believe is my right... if they can review it and refuse then I can disagree with their reasons for refusal), I'd like to move on to the second reviewer. The definitions given...
  • Terry Zink: Security Talk

    My paper on spam metrics, part 1

    • 3 Comments
    I just finished a series on spam metrics and I submitted to the CEAS in order to get it accepted such that I could speak at the conference this year. I put it together in two days.  Well, as it turns out, it was rejected. The reviews on it were anonymous...
  • Terry Zink: Security Talk

    Top 50 Tech Visionaries

    • 1 Comments
    I came across an article in PC World about the top 50 Tech Visionaries.  I was only going to read a couple of them but ended up reading the entire thing.  I thought I'd repost 5 of my favorites and maybe add a couple of comments. Steve Jobs...
  • Terry Zink: Security Talk

    A Common Set of Metrics, part 5

    • 2 Comments
    6. Grey Mail For all of our discussions around spam and non-spam, there is still the issue of grey mail. What is grey mail? Do we include grey mail in our spam corpus? Should we include it in the non-spam corpus or omit it altogether? To begin with, let’s...
  • Terry Zink: Security Talk

    A Common Set of Metrics, part 4

    • 1 Comments
    4. Combining FPs and FNs Suppose we were evaluating two filters, Filter A and Filter B. Filter A has a catch rate of 91% but an FP rate of 5%. Filter B has a catch rate of 75% but an FP rate of 2%. Which is better? How can we combine the two metrics?...
  • Terry Zink: Security Talk

    It's like an episode of 24 around here

    • 1 Comments
    From time to time, we have major spam emergencies.  Running a service, stuff invariably breaks.  We try our best to monitor stuff, but something always comes up that we weren't aware of.  Queues build up, perf monitors don't always get...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, part 3

    • 2 Comments
    3. Measurements The first way to do this is by way of Catch Rate. Catch rate is defined by the following: Catch rate = = Spam correctly identified / (Spam correctly identified+missed spam) = TP / (TP+FN) This Catch rate gives us the effectiveness of a...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, part 2

    • 4 Comments
    2. Definitions The email industry needs to converge on a set of standards around metrics. Specifically, while we all think we know what we mean, what we don’t know is what others think they mean. So, let’s define them: Legitimate mail (ham...
  • Terry Zink: Security Talk

    A Common Set of Antispam Metrics, Part 1

    • 0 Comments
    A few weeks ago I submitted a paper to the CEAS (Conference on Email and Antispam).  My paper was rejected but I thought I would reprint it here. I ended up writing this paper in two days.  I either had to write a 10-page paper or a 3-page one...
  • Terry Zink: Security Talk

    Comment spam: Spammers vs morons

    • 11 Comments
    This post is a bit of a rant. On this particular blog, all of my commenters are quite intelligent.  You all provide good content and I try my best to respond to most of the comments.  The times I don't is because the connection screws up and...
  • Terry Zink: Security Talk

    How many arrows in the quiver is enough? Part 2

    • 1 Comments
    The second major disadvantage of multiple antispam strategies is the overall cost of maintaining multiple filtering strategies. We have a spam team of less than 10 people. I'd wager to say that most antispam organizations have a similarly sized team....
  • Terry Zink: Security Talk

    How many arrows in the quiver is enough?

    • 0 Comments
    Spammers use a variety of tactics in order to push their payload through to the end user.  In return, anti-spam companies have a variety of tools in their arsenal in order to combat spammers.  At one point, we, in the industry, need to ask ourselves...
  • Terry Zink: Security Talk

    MySpace: taking steps to clamp down on application spam

    • 1 Comments
    One of the annoying things about Facebook is that whenever I want to install an application, or respond to a friend's application, I have to install it, check 5 different checkboxes and then ask if I want to send the notification to all my friends. ...
  • Terry Zink: Security Talk

    Gmail has an interesting idea to thwart spammers

    • 7 Comments
    A reader sent me a link to a list of points that make Gmail really great.  I'm not sure whether or not these points are enough to convince me that Gmail is fantastic, but I admit that it does do some things well (Hotmail does a few things well, also...
  • Terry Zink: Security Talk

    Spam patterns

    • 1 Comments
    Over the past couple of weeks, I have seen a particular spam pattern hitting my Yahoo inbox. Krissy@alleninfo013.info Elodia@dataex621.info In other words, it follows the regular expression: [A-Z][a-z]+\@[a-z]+\d{3}\.info For those of you who can't read...
  • Terry Zink: Security Talk

    Yahoo has a false positive problem and then rolls it back

    • 1 Comments
    JD Falk of Box of Meat has a post that describes a problem Yahoo had with one of its new email security features. The article states that the problem arose when Yahoo decided to stop any emails going through the servers, which it runs for its partner...
  • Terry Zink: Security Talk

    Sample stats on botnets

    • 2 Comments
    A few months ago there was a research presentation presented on computer security.  It touched upon botnets and the presenter gave some data.  Below are some summary results based on a 9-day down-sampled spam trace from Hotmail. There were 294...
  • Terry Zink: Security Talk

    Sanford Wallace gets sued again

    • 1 Comments
    Accused spammer Sanford Wallace has been sued... again.  And he has had a major judgment made against him... again.  This time, it's to the tune of $230 million. From the Associated Press: NEW YORK (AP) - A notorious "Spam King" and...
  • Terry Zink: Security Talk

    Hard to see, the future is

    • 1 Comments
    About 15 months ago I started work on a project that measures our spam effectiveness.  Just last week the first part of it finally went live, end-to-end.  It was a long time coming but we finally got it done.  If you're wondering what took...
  • Terry Zink: Security Talk

    The importance of botnets in computer security

    • 1 Comments
    Several of the characteristics of botnets are not only significant in and of themselves, but are emblematic of some of the unique challenges that cyberwarfare as a whole presents. This is part of a series run by Stratfor with some additional commentary...
Page 34 of 47 (1,157 items) «3233343536»