How to measure False Positive rates

As someone who is in charge of our spam filtering here in Microsoft Forefront (i.e., I’m on the spam team and one of my tasks is to improve the service, but it’s not me all by myself), there are two critical pieces of information: What’s our spam catch rate? What’s our false positive rate? I’m…

0

Is the term “cyberwarfare” overstating the case?

At the Virus Bulletin conference last month, Andrew Lee from ESET gave a talk entitled “Cyberwar: Reality or Weapon of Mass Distraction?” In it, Lee talks about how the term “cyberwar” is thrown around a lot these days. However, he disagreed with the use of the term because it uses inflationary language and overstates the…

0

The Top Spamming Countries

A little over a week ago, Sophos published a blog post about the countries that sent the most spam in the third quarter of 2012. They found that India was number one on the list with 16% of the spam, followed by Italy at number two with 9% and the US at number three with…

2

The modern face of mobile malware

At the Virus Bulletin Conference last month in Dallas, Grayson Milbourne and Armando Orozco presented a talk entitled XXX Malware Exposed: An in-depth look at the evolution of XXX Malware. I have renamed it in this blog post to mobile malware because the techniques that malware writers are doing are not unique to any one…

0

A couple of unsurprising tidbits on passwords

Digital Trends published an article yesterday entitled What’s the Worst Password of 2012? Retaining the number one spot as the least secure password for yet another year, people that continue to use the phrase “password” as their personal password remain at the highest risk when it comes to hacking. Detailed in SplashData’s annual report, the…

0

Evaluating anti-virus products with field studies

Did you ever wonder how people get malware onto their computer? Or how effective real life A/V software is on zero-day malware? Or just malware in general? Current A/V evaluations have some drawbacks: They are based on automated tests and therefore are not representative of real life They do not account for user behavior They…

0

How should large financial institutions use hosted filtering?

This post is an opinion piece that reflects what I think are best practices. Should large financial institutions use hosted email services? Services like ours (Forefront Online Protection for Exchange, FOPE)? Why am I even asking this question? I ask this question from a security perspective. The advantages of moving to hosted services are plenty:…

0

Will cyberwar create new rules of engagement? And will there be a draft?

I read an interesting article on ReadWriteWeb yesterday entitled New Cyberwar Rules Of Engagement: Will The U.S. Draft Companies To Fight? by Brian Proffitt. In it, Proffitt reports on a speech given by CIA director Leon Panetta to business leaders in New York City last Thursday (Oct 11). Panetta discussed how for the first time…

0

The pros and cons of Bring Your Own D(evice|estruction)

At the Virus Bulletin conference this past September in Dallas, Righard Zwienenberg from ESET gave a presentation entitled BYOD. BYOD stands for Bring Your Own Device, but he reframed the acronym to “Bring Your Own Destruction”, that is, he alluded to the security implications of bringing your own device. BYOD is the latest trend sweeping…

0

Measuring the cost of cybercrime

Last week at Virus Bulletin in 2012, Tyler Moore of Southern Methodist University (SMU) gave a talk entitled "Measuring the cost of cyber crime.” It was a study done in collaboration with multiple individuals in multiple countries. The study sought to answer this question – How much does cyber crime cost? Up until this point,…

1

Do tech-savvy readers practice what they preach?

While at the Virus Bulletin conference in Dallas last week, Sabina Raluca Datcu and Ioana Jelea of BitDefender gave a presentation entitled “Practise what you preach: a study on tech-savvy readers’ immunity to social engineering techiques.” In this talk, presenters spoke about a study they conducted – do tech savvy people actually have better security…

0

A Plan for Email over IPv6, part 5 – Removals, Key differences and standards

What happens if spammers get on the whitelists? The question arises – what happens if a spammer gets onto the whitelist? Maybe they have compromised an IP address of a good sender. Or maybe they snuck onto the list. What should be done if this is the case? A whitelist model makes abuse tracking easier….

0

A Plan for Email over IPv6, part 4 – Population of the whitelists

Population of the whitelists How do email receivers go about populating whitelists? The whole strength of email is that you can hear from people you’ve never heard from before; new people outside your normal circle can talk to you. But the whole weakness of email is that you can hear from people that you’ve never…

0

A Plan for Email over IPv6, part 3 – A solution

A solution How do we deal with it? Eventually, the Internet community will come up with a permanent solution for email over IPv6 but in the meantime, a transition model is required. The use of IPv6 whitelists is an interim solution. Rather than using IP blocklists to reject mail from known bad IP addresses, email…

0

A Plan for Email over IPv6, part 2 – Why we use IP blocklists in IPv4, and why we can’t in IPv6

IP Blocklists Blocklists are populated in a number of different ways. Some use spam traps to capture email to email addresses that have never been used publically, others use statistical algorithms to judge that a sender is malicious or compromised. Once the data is acquired, blocklist operators populate their lists in two ways: They list…

0