Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    New spam outbreak: mp3 spam

    • 5 Comments
    There is a new spam outbreak that hit today, spam in mp3's.  The filenames of the spam varies, and includes some of the following: Emotional ties, for example: dadsong.mp3, oursong.mp3, weddingsong.mp3 Well-known artists and songs, for example: santana...
  • Terry Zink: Security Talk

    Google maps vs Live maps

    • 7 Comments
    This post is not spam related, but I'd still like to talk about it. For the longest time, I always used Google maps as my map-interface of choice whenever I wanted to search for a location.  I thought that it had the best user interface. I think...
  • Terry Zink: Security Talk

    Publicly available spam tool

    • 9 Comments
    A colleague alerted me to a spamming tool available on the web at the following web URL: http://verify-email. org It's a page that allows someone to enter in an email address and it will tell you whether or not that email address is live. In essence...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 2

    • 3 Comments
    Last September, I was transitioned out of my role as a spam analyst to a spam... analyst. Except rather than looking at actual spam, I was doing a lot more analyzing of spam trends. I compiled piles of reports and investigated all of the numerous issues...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1b

    • 1 Comments
    Further to my other posts, in addition to handling false positives and processing spam (usually abuse submissions but not always), as a spam fighter we also handle IP blocklist delisting requests. For those of you who have ever run a blocklist, you will...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1a

    • 2 Comments
    Following on from my previous post, I thought I'd go into a bit of detail about how we go about creating spam rules. Actually, to be more accurate, I'll go into detail about how I used to create spam rules, as I stopped going through our abuse submission...
  • Terry Zink: Security Talk

    What does a spam fighter do all day? Part 1

    • 2 Comments
    I was recently thinking about what a person who fights spam (like me) does all day.  In other words, what is a day in the life of a spam analyst like? The question for me is two-fold, because the stuff I do now is quite different than when I first...
  • Terry Zink: Security Talk

    When 99% isn't good enough

    • 9 Comments
    The other day, I was taking a look at some of our traffic statistics.  One of the challenges that I have is determining what our catch rate is.  We know how much traffic we see (more or less), we know how much we catch with blocklists and we...
  • Terry Zink: Security Talk

    Sender authentication part 30: The canonicalization process

    • 3 Comments
    Canonicalization is the process of preparing a message for signing. This process is necessary because of the way email is handled in transit by various mail servers. For example, some mail relayers handle white space and line wraps just fine, others do...
  • Terry Zink: Security Talk

    Sender authentication part 29: Some DomainKeys examples

    • 5 Comments
    Let's plow through a few real life examples. Here's an actual DomainKey Signature: Example 1 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.au; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version...
  • Terry Zink: Security Talk

    Sender authentication part 28: DomainKey headers in the message

    • 0 Comments
    This post will again be a paraphrase of that which is found in RFC 4870 . Now that we have seen how public keys are stored in DNS, we will next look at how a signing server generates the message signature. The signature of the email is stored in the ...
  • Terry Zink: Security Talk

    Sender authentication part 27: Public key notation in DNS

    • 1 Comments
    Now that we have an overview of how DomainKeys works, we're going to look at how a service using DomainKeys generates a DomainKeys signature. When a receiving email server gets the message and sees that there is a DomainKeys header, it has to retrieve...
  • Terry Zink: Security Talk

    Even spammers take vacations

    • 1 Comments
    There's an old saying that goes "Crime doesn't take a vacation."  Whenever I say that in my head, it's always in Chief Wiggum's voice for some reason. However, Wiggum was wrong, crime does take a vacation.  Over the week including...
  • Terry Zink: Security Talk

    Sender authentication part 26: DomainKeys in a nutshell

    • 1 Comments
    Now that we understand how digital signatures work, let's take a look at DomainKeys. Like SPF and SenderID, DomainKeys is a mechanism of sender authentication. DomainKeys uses public key encryption to authenticate messages. It works in the following way...
  • Terry Zink: Security Talk

    Facebook spamming me with annoying ads

    • 0 Comments
    Has anyone noticed those annoying ads on Facebook? It's in my News Feed, I have a couple of notices from my friends and then an ad to join an Awesome Club and suit up! I don't mind having ads at the top of the screen, but come on Facebook, leave them...
  • Terry Zink: Security Talk

    Some stats on SPF, DomainKeys and DKIM

    • 0 Comments
    I'm taking a quick timeout from my series on explaining Sender Authentication to post some quick stats on authentication. I took an 8-hour snapshot of our logs to collect some statistics. I started tracking how often senders use SPF, DomainKeys and DKIM...
  • Terry Zink: Security Talk

    Found some spammers today with SPF records set up

    • 4 Comments
    I came across some spam in my inbox today. This company was pushing pump-and-dump stock spam for a medical company. I saw that the company passed an SPF check. That's odd, I thought. A spammer passing an SPF check? So, I decided to check out the SPF records...
  • Terry Zink: Security Talk

    Sender authentication part 25: Digital signatures

    • 0 Comments
    We've seen encryption, secret key encryption and public key encryption. Public key encryption allows a sender to encrypt the contents of the message and have only the intended recipient read it. They do this by encrypting with the public key and decrypting...
  • Terry Zink: Security Talk

    Sender authentication part 24: Public key encryption

    • 1 Comments
    The basic idea behind secret key encryption is the following: You don't have to keep the algorithm a secret. You do need to keep the key a secret. To increase the security of the contents, you lengthen the size of the key. This is all well and good, except...
  • Terry Zink: Security Talk

    Sender authentication part 23: Secret key encryption and one-way functions

    • 2 Comments
    We saw in my previous post that substitution ciphers are a method of encoding a message such that its contents are unintelligible (much like the ramblings of many of the presidential candidates), and they are fairly easy to break with computers that can...
  • Terry Zink: Security Talk

    Sender authentication part 22: Introduction to encryption

    • 3 Comments
    It's been a long time since I took the unit on encryption in my 4th year Telecommunications class in university, but I did quite well in it (I believe I got 5/5 on the assignment). For you see, the concept of encryption is relevant to our next section...
  • Terry Zink: Security Talk

    In transit

    • 0 Comments
    My posting has been on-again, off-again lately because I am in the process of moving from Canada down to Seattle. I hope to begin more regular posting (once every two days or so) shortly.
  • Terry Zink: Security Talk

    New spamming tactic?

    • 11 Comments
    Over the past couple of days, we've seen either the beginning of a new botnet tactic, or we changed something on our networks that is causing network problems. The shift in tactics is the amount of time that a bot will connect to our service, we issue...
  • Terry Zink: Security Talk

    Phishing vs Spoofing

    • 1 Comments
    One of things I've noticed amongst the public is the confusion between the terms phishing and spoofing . The two are not synonymous. Phishing attacks generally use spoofing as a strategy but spoofing attacks are not necessarily phishing. Spoofing is impersonating...
  • Terry Zink: Security Talk

    Where has all the pdf spam gone?

    • 4 Comments
    I'm checking our statistics on the amount of pdf spam we're seeing, and after Aug 20 (last week) it seems to have disappeared. It hasn't disappeared entirely, of course. But my spam rules that targeted this stuff have gone from a couple million hits per...
Page 39 of 47 (1,157 items) «3738394041»