Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    Google maps vs Live maps

    • 7 Comments
    This post is not spam related, but I'd still like to talk about it. For the longest time, I always used Google maps as my map-interface of choice whenever I wanted to search for a location.  I thought that it had the best user interface. I think...
  • Terry Zink: Security Talk

    If you give stuff away for free, people will abuse it

    • 7 Comments
    In what is starting to sound like a broken record, one of my favorite companies, Google, is being abused by spammers - again. First we found spam blogs in Blogspot, then we found spam coming from Gmail users, and now I have found a third abuse - spammers...
  • Terry Zink: Security Talk

    Improving Backscatter detection with Boomerang

    • 7 Comments
    One of the features we have been working on in Office 365/Exchange Online Protection (EOP) is called Boomerang which is a mechanism to better detect backscatter spam. Image taken from here . What is Backscatter? Backscatter spam occurs...
  • Terry Zink: Security Talk

    An update on DKIM-on-IPv4 and DMARC in Office 365

    • 7 Comments
    If you’re wondering when Office 365 is going to release inbound validation for DKIM-on-IPv4 and DMARC support, I have an update for you. We are currently evaluating DKIM-on-IPv4 everywhere in the service but are fixing the remaining bugs Today, we stamp...
  • Terry Zink: Security Talk

    Are there any anti-spam conferences coming up?

    • 7 Comments
    I was reading an article by Neil Schwartzman, brought to my attention by John R. Levine on the Planet Antispam blog, entitled Trench Warfare in the Age of The Laser-guided Missile . In the article, Schwartzman brings up the point that spammers and virus...
  • Terry Zink: Security Talk

    EU fines Microsoft record $1.3 billion

    • 7 Comments
    Originally from Yahoo Finance : BRUSSELS, Belgium - The European Union fined Microsoft Corp. a record $1.3 billion Wednesday for the amount it charges rivals for software information. EU regulators said the company charged "unreasonable prices"...
  • Terry Zink: Security Talk

    What happens on Facebook stays on Facebook

    • 7 Comments
    I have read some blog posts by other writers about the "questionable" email practises of tagged.com (wherein they login to your email address book and spams everyone in it, encouraging them to sign up for their own page).  I agree with the other writers...
  • Terry Zink: Security Talk

    Was a CAPTCHA broken?

    • 7 Comments
    A couple of weeks ago, I blogged that some outfit in Russia claimed to have broken Yahoo's CAPTCHA for creation of new email accounts.  Someone posted a reply in the comments with a link to an article that this was unlikely.  Yet, in the past...
  • Terry Zink: Security Talk

    Yahoo's CAPTCHA security reportedly broken

    • 7 Comments
    I read about a week ago that Yahoo's CAPTCHA security has reportedly been broken, and those of us with email accounts should be expecting an upsurge in spam from Yahoo.  To summarize the issue, before you sign up for a Yahoo account, they make you...
  • Terry Zink: Security Talk

    Support for anonymous inbound email over IPv6 in Office 365

    • 7 Comments
    Office 365 now supports anonymous inbound email over IPv6. In this case, “anonymous” means: The sending IPv6 address originates outside the service and is not in any customer’s settings (that is, not in any customer-specified connector...
  • Terry Zink: Security Talk

    Some patterns for spam in my inboxes

    • 7 Comments
    I am lately seeing some odd patterns for spam in my various inboxes. In my Frontbridge account, I regularly see spam from Gmail and never Hotmail. In my Gmail account, I regularly see spam from Gmail but rarely anything else. In my Yahoo account, I regularly...
  • Terry Zink: Security Talk

    Sender authentication part 19: How spammers evade SPF

    • 7 Comments
    How would a spammer get around SPF? One way is the method used by Spammer-X in his book Inside the Spam Cartel . Spammer-X is a retired spammer (so he says) and goes into a lot of the details in his book. I'll give a review when I'm done this series on...
  • Terry Zink: Security Talk

    Recovering a hacked Hotmail account

    • 7 Comments
    From time to time, I get asked about what to do if your Hotmail account credentials are stolen and is being used to send out spam.  Here is a paraphrased response that someone from the Windows Live Safety team said on an internal thread, but it applies...
  • Terry Zink: Security Talk

    Review Part 2: Spam Kings

    • 6 Comments
    I'd like to continue on in my review of the book Spam Kings and make some more comments, particularly regarding the antispammers. One thing that I really liked about the book is learning the history of some of the spam tools.  I was never a participant...
  • Terry Zink: Security Talk

    Save the inbox, save the world

    • 6 Comments
    One of the differences that webmail services like Hotmail has is the ability that it does not deliver mail to the end-client, users have to login to their accounts and view their mail on the web (unless, of course, they POP their mail). Exchange Hosted...
  • Terry Zink: Security Talk

    Personal dilemma

    • 6 Comments
    My girlfriend works a later shift and often times, she and her co-workers bring in food or order it in.  Potlucks, or Thai food, that sort of thing.  Well, today, they had spam and eggs. You read that right – not ham and eggs but spam and eggs...
  • Terry Zink: Security Talk

    New spam rules of engagement finally starting to sink in

    • 6 Comments
    Having been a spam fighter for over two years, and having watched spam evolve very quickly over the previous six months, it is now sinking in to me that the methodology in which we used to use to fight spam is no longer valid. Whereas before we had a...
  • Terry Zink: Security Talk

    Nanobots and fighting spam

    • 6 Comments
    One of my favorite fiction writers is Michael Crichton.  His books often center around technology and how when humans try to control or influence the physical environment, things go awry.  In Jurassic Park, humans recreated dinosaurs and attempted...
  • Terry Zink: Security Talk

    Security risks at a big box retailer

    • 6 Comments
    Even though things like phishing and spoofing and hacking are what we normally think of when we consider electronic security risks, sometimes the simple things are what cause the biggest problems. I was recently in a big box retailer picking up some stuff...
  • Terry Zink: Security Talk

    Sender Authentication part 1: The basics of sending email

    • 6 Comments
    This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works. I remember back in my 4th year of university when we learned how to send "fake" email...
  • Terry Zink: Security Talk

    Sender authentication part 7: Shortcomings of SPF

    • 6 Comments
    SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server.  It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded...
  • Terry Zink: Security Talk

    Stopping bots from abusing webmail

    • 6 Comments
    One of the problems of bots is that they sign up for free webmail accounts (like Hotmail, Yahoo or Gmail) and then use them to send out spam.  These services will throttle their outbound mail, that is, cut off the sender if they exceed a certain...
  • Terry Zink: Security Talk

    Spam filters and foreign spam, part 3 - ASCII

    • 6 Comments
    If everyone spoke English, and spammers only sent spam from bots, spam filtering would have a relatively simple task (relatively speaking, of course). But, that simply isn't reality. The biggest shift in spamming over the past 18 months or so is the use...
  • Terry Zink: Security Talk

    Why does all popular software become bloated?

    • 6 Comments
    Over the weekend, I read an articled entitled Superior Alternatives to Crappy Windows Software .  This is not to suggest that Windows is crappy, but that there are applications that run on Windows that are lousy.  There are a lot of points that...
  • Terry Zink: Security Talk

    Why change the FP metrics?

    • 6 Comments
    In the comments in my other post on the other side of accurate metrics, a fellow blogger writes the following: In my experience every vendor who quotes a FP figure bases it on the total number of inbound messages (including those that get 5xx-rejected...
Page 3 of 48 (1,179 items) 12345»