Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    Was a CAPTCHA broken?

    • 7 Comments
    A couple of weeks ago, I blogged that some outfit in Russia claimed to have broken Yahoo's CAPTCHA for creation of new email accounts.  Someone posted a reply in the comments with a link to an article that this was unlikely.  Yet, in the past...
  • Terry Zink: Security Talk

    The advantages of being part of a large anti-spam company

    • 2 Comments
    Sometimes I moan about the difficulties of being part of large company in the time it takes to get things done, but it has its advantages. As part of a small company, stuff is often done ad hoc.  People write spam rules, write little scripts to do...
  • Terry Zink: Security Talk

    Stock spam and bear markets

    • 2 Comments
    If you're a stock trader at all, it'll come as no surprise to you that over the past three months we've been in a correction.  If the definition of a bear market is a drop of 20%, then from peak to trough we have seen a bear market in the Nasdaq...
  • Terry Zink: Security Talk

    A couple of more thoughts on the David Ritz case

    • 2 Comments
    I thought I'd post a couple of more thoughts on the David Ritz case.  There are a couple of points in the judgment that are simply bizarre: Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include...
  • Terry Zink: Security Talk

    Summary of the David Ritz case

    • 4 Comments
    As I wrote in an earlier post, a judge in North Dakota recently ruled against David Ritz.  Ritz is an anti-spammer who was sued by Sierra Corporate Design, Inc.  The full judgment is here , I will attempt to summarize it.  The basis of...
  • Terry Zink: Security Talk

    Piles of stock spam from Gmail last couple of days

    • 2 Comments
    In the last few days, I have started receiving piles of stock spam from Gmail touting the ticker symbol RQST.PK.  I see these spams in my Gmail account, my Frontbridge account and now my Yahoo account. I still get spam from Hotmail, but it's confined...
  • Terry Zink: Security Talk

    Maybe the North Dakota judge should watch more South Park...

    • 3 Comments
    A couple of weeks ago, a judge in North Dakota ruled against anti-spammer David Ritz for conduct against Sierra, Inc, allegedly an enterprise that spams.  In a future post, I'll comment on the case.  But for the time being, the key point to...
  • Terry Zink: Security Talk

    Microsoft offers to buy Yahoo

    • 9 Comments
    Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo's then-share price. Leaving aside the question of whether or not this is a good deal, and what Microsoft's true motivations are...
  • Terry Zink: Security Talk

    Strange legal requirements

    • 8 Comments
    Some of this stuff I couldn't make up if I tried... With all the hoopla about the David Ritz case (which I will blog about in a future post), I thought I'd remark about a very strange legal requirement about filtering mail.  As usual, this unreasonable...
  • Terry Zink: Security Talk

    Presenting at TechReady

    • 1 Comments
    One of Microsoft's marketing events is something called TechReady.  It's an internal event for marketing to go around and learn about the various solutions that the company has.  This year, there is going to be a joint effort between Exchange...
  • Terry Zink: Security Talk

    Some patterns for spam in my inboxes

    • 7 Comments
    I am lately seeing some odd patterns for spam in my various inboxes. In my Frontbridge account, I regularly see spam from Gmail and never Hotmail. In my Gmail account, I regularly see spam from Gmail but rarely anything else. In my Yahoo account, I regularly...
  • Terry Zink: Security Talk

    Outbound filtering - part 7

    • 1 Comments
    I thought I had laid this series of posts to rest, but instead I'm going to resurrect it for one more post. I had another meeting about how we in Exchange Hosted Services are going to implement outbound spam filtering.  I presented my slightly complicated...
  • Terry Zink: Security Talk

    Yahoo's CAPTCHA security reportedly broken

    • 7 Comments
    I read about a week ago that Yahoo's CAPTCHA security has reportedly been broken, and those of us with email accounts should be expecting an upsurge in spam from Yahoo.  To summarize the issue, before you sign up for a Yahoo account, they make you...
  • Terry Zink: Security Talk

    Outbound filtering - part 6

    • 1 Comments
    At this point, I hope I have made my point that the question of outbound filtering is non-trivial.  I'm not particularly keen on treating inbound mail the same as outbound mail (ie, scan, filter, deliver or quarantine) because of the time delay. ...
  • Terry Zink: Security Talk

    Outbound filtering - part 5

    • 1 Comments
    There is yet another option I learned about yesterday. Option 3 - Provide a self-service portal Rather than quarantining outbound spam messages, provide an immediate self-service portal for users to release their message. The way it works is this: the...
  • Terry Zink: Security Talk

    Outbound filtering - part 4

    • 1 Comments
    There are other options for dealing with outbound mail.  Let's take a look at another one. Option 2 - Treat outbound mail the same as inbound mail Another option for outbound mail filtering is to treat inbound mail nearly the same as outbound mail...
  • Terry Zink: Security Talk

    Outbound filtering - part 3

    • 1 Comments
    There's a great deal of discussion surrounding policy and outbound spam.  What do we do with messages marked as spam and how do we treat the organization as whole? Option 1 - Keep track of the mail disposition and cut off the entire organization...
  • Terry Zink: Security Talk

    Outbound filtering - part 2

    • 3 Comments
    In my previous post, I mused about what it takes to do outbound spam filtering.  If customers use us for outbound mail and start relaying spam, it damages our reputation and credibility.  Ergo, we need to come up with a solution wherein we don...
  • Terry Zink: Security Talk

    Outbound filtering - Part 1

    • 4 Comments
    We are nearing the end of the dev cycle of our next release and the plans naturally start to look forward to our next release.  Don't get me wrong, there's still a ways to go in our current release.  We have to hit code complete on January 31...
  • Terry Zink: Security Talk

    Anti-spam service is not just about filtering

    • 2 Comments
    As part of a Hosted Service, sometimes I have to give credit where credit is due to other people within our department. Our latest release has a feature called Message Trace Real Time Reporting.  Basically, whenever somebody sends a message through...
  • Terry Zink: Security Talk

    Follow up - how many IPs could we potentially block?

    • 3 Comments
    This is a follow up to my previous post .  I recently looked up an old version of the PBL and decided to count up how many IPs they were blocking.  By my calculations, if we expand CIDR ranges, the PBL blocks nearly 390 million IPs. Actually...
  • Terry Zink: Security Talk

    Just how many IPs are spamming, anyhow?

    • 6 Comments
    Yesterday, one of our architects popped into my office and we had a brief discussion about blocklists.  The topic shifted to how many IPs we have banned over the years. The total number of available IPv4 IP addresses is 2 32 , or 4,294,967,296 different...
  • Terry Zink: Security Talk

    End-of-year wrap-up

    • 1 Comments
    Well, here we are on New Year's Eve.  I'd like to reflect a bit on this blog about the past year: I succeeded in my goal of learning Unix better.  This, as you may recall, was a New Year's resolution.  While I hardly consider myself an...
  • Terry Zink: Security Talk

    Response to Trust-based messages

    • 1 Comments
    In my other post in a Q&A excerpt with Dave Crocker by Investor's Business Daily, I'd like to now respond to some of my selected quotes. Crocker: You have to create what I call a trust overlay to the existing e-mail system. Existing senders and receivers...
  • Terry Zink: Security Talk

    Some early stats on TMA

    • 1 Comments
    We finally got around to deploying all of our new features from our latest release.  As I explained a couple of months ago, I created a hybrid of SPF and SenderID in response to customer demand.  I called it TMA, or Terry's Message Authentication...
Page 36 of 46 (1,140 items) «3435363738»