Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    Accurate metrics

    • 8 Comments
    This past week, I started coming up with some new metrics on how to measure our effectiveness, specifically, our spam effectiveness. The way Hotmail does it is use a metric called Spam-in-the-inbox, or SITI for short.  It is a measure of the proportion...
  • Terry Zink: Security Talk

    The disadvantages of being a Program Manager

    • 1 Comments
    As a Program Manager in spam filtering in Exchange Hosted Services, there are plusses and minuses.  The advantages are described here .  But it's not all fun and games.  There are some drawbacks. Program managing means following up on the...
  • Terry Zink: Security Talk

    Watch your mistakes, limit their effects

    • 3 Comments
    As a stock trader, my trading style has evolved over time.  However, the one thing that I have always been good at is limiting my mistakes.  Book after book I read tells me that I should always cut my losses short and never let a small loss...
  • Terry Zink: Security Talk

    Missed my shot again!

    • 3 Comments
    In my other post, I mentioned that I missed my chance to see a famous American politician visit the Microsoft campus. Well, it turns out that it happened again! This morning, I came to work and was meeting some people in the hallway around 10 am and...
  • Terry Zink: Security Talk

    The advantages of being a PM

    • 6 Comments
    Here at Microsoft, we quite regularly see people rotating in and out of various divisions.  A new person will join and another person will leave.  Recently we had another anti-spam manager join the group.  Since I've been in the antispam...
  • Terry Zink: Security Talk

    Guest blogging on Forefront

    • 23 Comments
    So I am now a guest blogger on Forefront's Security blog (link in my links section).  Forefront is another division within Microsoft that provides security solutions for Enterprise. This afternoon, they came around and took some video footage of...
  • Terry Zink: Security Talk

    Sender authentication part 32: TMA Explained

    • 4 Comments
    As I said earlier, I needed to come up with an authentication mechanism that protected the From: or Sender: address in the message headers. But, I did not want to replace SPF with SenderID. So, I came up with another solution which I call TMA. I would...
  • Terry Zink: Security Talk

    Sender authentication part 31: TMA

    • 0 Comments
    I'd now like to post something about the inspiration for this whole series on authentication.  I'm not done with DomainKeys, I still have to post a little bit on DKIM and one other authentication mechanism, and then this series will be done. ...
  • Terry Zink: Security Talk

    And speaking of Facebook...

    • 1 Comments
    Today, Microsoft reported buying a small stake in Facebook worth $240 million, with the deal valuing Facebook at $15 billion.  That is an incredible amount of money for a website that wasn't making money. Of course, we could have argued that when...
  • Terry Zink: Security Talk

    Missed my shot

    • 3 Comments
    This morning at the main Microsoft Campus, I missed my chance to go and hear Hillary Clinton speak. As my American readers will know, and some of my international readers, Hillary Clinton is campaigning for the Democratic nomination to run for president...
  • Terry Zink: Security Talk

    Naughty Facebook... they just spoofed me!

    • 5 Comments
    The other day a friend of mine sent me a notice on Facebook about how Optimus Prime wanted to send me a message. I didn't bother opening up the email or listen to the message or do whatever it is that this application wanted me to do. However, yesterday...
  • Terry Zink: Security Talk

    Do spammers change their tactics based upon recipient verification? Yes, they do.

    • 3 Comments
    Or, to be more precise, it sure looks like they do. In my other post on the publicly available spam tool, I mentioned that I came across a page that allowed people to verify whether or not an email address is actually live.  The question naturally...
  • Terry Zink: Security Talk

    New spam outbreak: mp3 spam

    • 5 Comments
    There is a new spam outbreak that hit today, spam in mp3's.  The filenames of the spam varies, and includes some of the following: Emotional ties, for example: dadsong.mp3, oursong.mp3, weddingsong.mp3 Well-known artists and songs, for example: santana...
  • Terry Zink: Security Talk

    Google maps vs Live maps

    • 7 Comments
    This post is not spam related, but I'd still like to talk about it. For the longest time, I always used Google maps as my map-interface of choice whenever I wanted to search for a location.  I thought that it had the best user interface. I think...
  • Terry Zink: Security Talk

    Publicly available spam tool

    • 9 Comments
    A colleague alerted me to a spamming tool available on the web at the following web URL: http://verify-email. org It's a page that allows someone to enter in an email address and it will tell you whether or not that email address is live. In essence...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 2

    • 3 Comments
    Last September, I was transitioned out of my role as a spam analyst to a spam... analyst. Except rather than looking at actual spam, I was doing a lot more analyzing of spam trends. I compiled piles of reports and investigated all of the numerous issues...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1b

    • 1 Comments
    Further to my other posts, in addition to handling false positives and processing spam (usually abuse submissions but not always), as a spam fighter we also handle IP blocklist delisting requests. For those of you who have ever run a blocklist, you will...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1a

    • 2 Comments
    Following on from my previous post, I thought I'd go into a bit of detail about how we go about creating spam rules. Actually, to be more accurate, I'll go into detail about how I used to create spam rules, as I stopped going through our abuse submission...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1

    • 2 Comments
    I was recently thinking about what a person who fights spam (like me) does all day.  In other words, what is a day in the life of a spam analyst like? The question for me is two-fold, because the stuff I do now is quite different than when I first...
  • Terry Zink: Security Talk

    When 99% isn't good enough

    • 9 Comments
    The other day, I was taking a look at some of our traffic statistics.  One of the challenges that I have is determining what our catch rate is.  We know how much traffic we see (more or less), we know how much we catch with blocklists and we...
  • Terry Zink: Security Talk

    Sender authentication part 30: The canonicalization process

    • 3 Comments
    Canonicalization is the process of preparing a message for signing. This process is necessary because of the way email is handled in transit by various mail servers. For example, some mail relayers handle white space and line wraps just fine, others do...
  • Terry Zink: Security Talk

    Sender authentication part 29: Some DomainKeys examples

    • 5 Comments
    Let's plow through a few real life examples. Here's an actual DomainKey Signature: Example 1 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.au; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version...
  • Terry Zink: Security Talk

    Sender authentication part 28: DomainKey headers in the message

    • 0 Comments
    This post will again be a paraphrase of that which is found in RFC 4870 . Now that we have seen how public keys are stored in DNS, we will next look at how a signing server generates the message signature. The signature of the email is stored in the ...
  • Terry Zink: Security Talk

    Sender authentication part 27: Public key notation in DNS

    • 1 Comments
    Now that we have an overview of how DomainKeys works, we're going to look at how a service using DomainKeys generates a DomainKeys signature. When a receiving email server gets the message and sees that there is a DomainKeys header, it has to retrieve...
  • Terry Zink: Security Talk

    Even spammers take vacations

    • 1 Comments
    There's an old saying that goes "Crime doesn't take a vacation."  Whenever I say that in my head, it's always in Chief Wiggum's voice for some reason. However, Wiggum was wrong, crime does take a vacation.  Over the week including...
Page 39 of 47 (1,169 items) «3738394041»