Former US counter terrorism director Richard Clarke has another article up in the New York Times entitled “ How China Steals Our Secrets .”  It’s similar to an article that I wrote about last week.  In it, he recounts how nearly all US companies...

The title of this post is a record for my longest post title ever.  But I had to get everything in there lest you think this blog post is only on one topic. The story of Stuxnet occurred in 2010 and it seems like forever ago.  And since that...

The Wall Street Journal has an article up today with an interview with outgoing head of the FBI’s cyber crime investigation Shawn Henry.  In it, he has a blunt assessment of the US’s capabilities when it comes to combatting online crime, especially...

This is an old story (where old > 2 weeks), but I still want to write about it. Nine months ago, I wrote a post where LulzSec decided, after 9 weeks of mischief, to call it quits .  This was in June, 2011. About three weeks ago, the FBI announced...

I was reading All Spammed Up’s recent post entitled Are Spam Filters really that Bad?   It is referring to the latest test to come out of Virus Bulletin where they measure the efficacy of a variety of antispam products: In the latest VBSpam comparative...

I’ve written a number of times in the past about which botnets send us the most spam.  Cutwail is always in the top 3. With the Zeus disruption, has this affected Cutwail at all?  Cutwail is not necessarily related to Zeus; as I said in my previous...

Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet.  When I say “botnet”, I use the term loosely because Zeus is not a botnet in the...

With all the hoopla surrounding DMARC, I thought I would take the time to see how SPF is functioning in real life, at least in our network. According to DMARC documentation, SPF and DKIM adoption is reaching critical mass (see page 5 of that link): Over...

Last week, Krebs on Security reported on how 50% of online pharmacies’ domains are registered on only two different registrars – Internet.bs (what a curious name) and Ukranian Names.  Internet registrar watchdog Knujon also released a report about...

Graylisting is an antispam technique that works by taking advantage of sender reputation.  Specifically, the lack of a good or bad reputation gives the sender a chance to prove themselves worthy of delivery.  The basic idea is that a good sender...

Following on from my previous post, what does the future of Internet abuse look like?  Here’s what I think: The proliferation of smaller devices will shift malware away from PCs to phones and tablets Crime will not go away.  The reason criminals...

A couple of months ago, I wrote about IBM’s predictions for 2016 , and one of those was that there would be no more spam.  As I look around at other predictions about the future, I say to myself “Self, what do I think will be the future of abuse...

A couple of weeks ago, I was checking email on my phone and I got a spoofed email from Stratfor saying that the CEO of the company stepped down.  I initially fell for it because I couldn’t see the formatting of the email, I only had a sub-optimally...

Following on from my previous post on Android threats (this post is based upon research of Google’s Bouncer feature), Google’s strategy to combat Maldroids is four-fold: Prevent security issues from occurring Minimize the impact of any security issues...

I’ve been doing some reading recently on Android threats, specifically some stuff by Eric Chien, Technical Directory of Security Technology and Response at Symantec.  Anything you read here is not stuff I’ve come up with myself, but rather, based...

I recently had a chance to read a report out of the University of California at San Diego by Chris Kanich (among others).  I also had a chance to hear him speak about the topic – Show Me The Money!  This post contains my notes with some photos...

Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet.  Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more...

I have way too many user accounts.  I can’t use the same password everywhere, but so many of these also force me to use different usernames.  I can’t remember them! I went to the web page for Morgan Stanley Smith Barney and I forgot my username...

Below is a 6-minute video, starring me (among others) about what it’s like to be a SpamCop.   When I filmed it, I remember thinking “Gee, this will be entertaining!”  But when I saw it on the big screen with everyone watching, I thought “Gee...

As a follow up to my previous post, I’d like to comment on the Reuters article where WikiLeaks is publishing hundreds of thousands of internal emails from security think tank Stratfor: WikiLeaks did not say how it had acquired access to the vast haul...

I admit, I was fooled. As I’ve written previously , private intelligence service Stratfor was hacked in December, my information was leaked and since then I’ve been getting spear phishing messages.  Yesterday, I got another one and I admit, I was...

Sometimes I hear people or read writers that say things about spam that are incorrect.  I thought I would clear those up in this blog post. December is spam season When the holidays roll around, people start warning other people to watch their inboxes...

If you’ve been to the MAAWG web page lately, you may have noticed that they have updated their name and logo: The big change is the expansion from a focus primarily on spam to spam, malware (on computers), and mobile malware. I wrote back in October 2009...

A couple of days ago, the New York Times reported on a study by Cascade Insights that measured the effectiveness of the spam filters in Gmail, Hotmail, and Yahoo Mail.  The results?  Hotmail and Gmail are about equal in terms of how good they...

The other day on pastebin , snippets of an email conversation were posted with members of the hacking group Anonymous discussing plans to conduct DOS attacks against the Internet’s root name servers: To protest SOPA, Wallstreet, our irresponsible leaders...