Hey, China? The Internet called! It wants its traffic back.

Last Wednesday, Nov 17, the US China Economic and Security Review Commission released a wide-ranging report on China trade, capital markets, human rights, and other top issues.  Craig Labovitz has a good summary on his blog: Tucked away in the hundreds of pages of China analysis is a section on the Chinese Internet, including the…

0

The death of email? Hardly.

Well, I’ve currently got a bit of spare time at work so I thought I’d write up a blog post.  Last week, I alluded to Facebook’s new messaging platform and how it wouldn’t lead to the death of email.  The reason why it wouldn’t is because email isn’t intended to be instant communication. Well, fast…

1

What’s worse than paid for antivirus? Free antivirus

Recently, Microsoft started packaging its free antivirus software Microsoft Security Essentials with its Windows Update service.  This is a smart move, right?  Users who don’t have any A/V protection would now have something and therefore they could reduce their vulnerability footprint.  The Malicious Software Removal Tool is also free but it is not real time;…

8

Our latest outbound spam mitigation technique

One of the things that has kept me busy the past few weeks (read: months) is outbound spam – again!  No matter how many mitigations we put in place, it’s never enough. The current challenge that we are dealing with is compromised accounts.  Most of the time, but not always, this happens with educational institutions. …

1

Facebook’s new messaging platform

Yesterday, Facebook announced that they were introducing a new messaging platform.  You can read all about it on a blog post here.  Facebook is careful to point out that this is not a replacement for email; it is not email, so they claim.  So what is it? This messaging platform is basically a way to…

1

My prediction came true

Ugh.  Sometimes I hate to be right. Three and a half years ago, when I was being asked for my thoughts about what I thought the next big spam vector would be, I said that it would be on cell phones.  My theory was that cell phone providers would start giving away free services in…

2

A fitting proverb

Yesterday, I came across the following proverb: Where there are no oxen, the manger is empty, but from the strength of an ox comes an abundant harvest. Proverbs 14:4, NIV In context, this passage is saying that if you have an ox, you have to keep it somewhere and you keep it in the manger. …

0

Rethinking the term “false positive SLA”

This is a topic that I have written about before, but I will continue to write about it until I see a fundamental change in the industry. One of my hobbies, and it has been a hobby for years, is stock trading.  I like doing research on weekends and evenings and figuring good stocks to…

3

.com – the spammiest TLD

Following up from my post yesterday, I thought I would take a look at how spammy each particular TLD is.  At the moment, I only track 8 TLD’s – .cn, .ru, .com, .net, .org, .info, .biz and .name.  To check to see which one is the spammiest, I took all of our post-IP blocked mail…

0

.com – the riskiest TLD

A couple of weeks ago, NetworkWorld published an article indicating that the .com TLD was the riskiest TLD in terms of containing code that can steal passwords or take advantage of browser vulnerabilities to distribute malware.  Here’s an excerpt: Security vendor McAfee analyzed more than 27 million Web sites for its report, "Mapping the Mal…

0

Real life trust

Today, I had an interesting experience. I went to the bank today to deposit a couple of checks (or “cheques”, for my Canadian and UK readers).  I drove up to my bank, filled in the deposit slip, signed the back of checks, entered in the deposit envelopes into ATM and prepared to walk away.  But…

2

Measuring incremental efficacy and the value of statistics

Inspired by my previous post on measuring false positives, and spam effectiveness, I thought I’d take a look at how to measure incremental value. In our own organization, we are constantly tweaking things here and there.  If we push up the aggressiveness of this filter, we get a few more blocks.  If we decrease it,…

0

Video vignettes

Some of the folks associated with the Microsoft Security Intelligence Report were recently interviewed and filmed.  They are sharing their thoughts around the recent SIR as well as providing some discussions around botnets.  I thought that I would repost them here: Frank Simorjay, Senior Product Manager of the Trustworthy Computing Group     Tim Rains,…

0

Bredolab botnet infiltrated

I’m a bit behind on writing about this, but last week the Bredolab botnet was infiltrated and shut down by Dutch police.  From PC World: A massive takedown operation conducted by Dutch police and security experts earlier this week does not appear to have completely dissolved the Bredolab botnet, but it is unlikely to recover….

0

CAUCE and cyber crime

Joseph Menn recently wrote a follow up article to his book Fatal System Error.  The book tells the story of an individual in the security industry who made the mistake of working with the local police, investigating cyber crime over in Russia.  In response, the individual’s daughter was kidnapped and the investigator was told that…

1