Box of Meat

RIP JD Falk

Thu, 17 Nov 2011 11:28:00 -0800

The email and anti-spam communities lost one of their leading lights last night. JD was a passionate defender of email end users. He will be greatly missed by all of us.

For some of the many tributes go to the site above or to this from CAUCE, an organization JD helped found.

http://www.cauce.org/2011/11/jdfalk.html

Christopher Soghoian in the New York Times: Without Computer Security, Sources’ Secrets Aren’t Safe With Journalists

Thu, 27 Oct 2011 11:30:05 -0700

Christopher Soghoian in the New York Times: Without Computer Security, Sources’ Secrets Aren’t Safe With Journalists:

“Brave journalists have defied court orders and have even been jailed rather than compromise their ethical duty to protect sources. But as governments increasingly record their citizens’ every communication — even wiretapping journalists and searching their computers — the safety of anonymous sources will depend not only on journalists’ ethics, but on their computer skills.”

threatpost: Walking Among Security Giants

Thu, 27 Oct 2011 10:38:05 -0700

threatpost: Walking Among Security Giants:

“Security is a comparatively young discipline, and that relative youth means that many of the men and women responsible for pioneering the field are not only still here, but are still actively working, writing, speaking and sharing their knowledge and experiences with anyone willing to read or listen. This will not always be the case.”

Consumerist: Protect Your Brand From Becoming A .XXX Domain

Thu, 27 Oct 2011 08:08:06 -0700

Consumerist: Protect Your Brand From Becoming A .XXX Domain:

“There’s an opt-out that you can apply for that lets you block your registered trademark from being in the pool of available .xxx domains and prevent third-parties from exploiting your carefully crafted brand identity. The fee is $199-$350 depending on your registrar. The block lasts for 10 years.”

John Levine in CircleID: The Mainsleaze Blog

Wed, 26 Oct 2011 15:23:05 -0700

John Levine in CircleID: The Mainsleaze Blog:

“Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume.

The new MainSleaze blog…is all mainsleaze all the time, and she’s having no trouble finding plenty of examples.”

The Next Web: The first email was sent 40 years ago this month

Wed, 26 Oct 2011 13:20:05 -0700

The Next Web: The first email was sent 40 years ago this month:

“It’s become a firm fixture of everyday life, loathed by some but essential to nearly all of us, and yet its future is far from certain. Email is forty years old this month, with the first message having been sent in October 1971.”

Krebs on Security: Who Else Was Hit by the RSA Attackers?

Mon, 24 Oct 2011 09:20:29 -0700

Krebs on Security: Who Else Was Hit by the RSA Attackers?:

The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.

Ars Technica: Dennis Ritchie: the giant whose shoulders we stand on

Fri, 14 Oct 2011 07:50:06 -0700

Ars Technica: Dennis Ritchie: the giant whose shoulders we stand on:

“Ritchie, the creator of the C programming language and co-developer of the Unix operating system passed away on October 8 at the age of 70, leaving a legacy that casts a very long shadow.”

Cloudmark The Federal Government and Email Security

Thu, 13 Oct 2011 09:53:05 -0700

Cloudmark The Federal Government and Email Security:

“Being able to trust email from federal agencies is highly important to them, not merely for communication among agencies but also between the government and its constituents.”

Brian Solis: Social Media Customer Service is a Failure!

Thu, 13 Oct 2011 07:55:05 -0700

Brian Solis: Social Media Customer Service is a Failure!:

“Most companies proclaim to be ‘listening’ in the space but very few have changed or implement processes or products based on this listening. Huge ROI can be gained just by measuring changes that stem from listening. It’s sad to say, but the only changes I have seen are those due to large or threatening groundswells. And in my view, change was only made to silence the noise.”

Ars Technica: Computer virus hits US Predator and Reaper drone fleet

Fri, 07 Oct 2011 15:32:06 -0700

Ars Technica: Computer virus hits US Predator and Reaper drone fleet:

“Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.”

(Isn’t this the opening scene of some bad old spy novel? -BoM)

AllTwitter: Why Mass Following on Twitter Doesn’t Work

Fri, 07 Oct 2011 07:52:06 -0700

AllTwitter: Why Mass Following on Twitter Doesn’t Work:

“Twitter finds much of its strength in the fact that you can refine who you follow, choosing to only follow family, or people in your niche, or your customers. By diluting this with agreeing to follow those who have mass followed you, you will likely lose interest in Twitter.”

Dark Reading: Are Users Too Dumb For Security Awareness Training?

Thu, 06 Oct 2011 10:03:05 -0700

Dark Reading: Are Users Too Dumb For Security Awareness Training?:

“Too many security pros blame users for failing to remember the fundamentals that security awareness training teaches, but the real problem is that these programs just aren’t very good”

Talking Points Memo: The Government and ISPs At Odds Over Fighting Botnets

Wed, 05 Oct 2011 08:06:05 -0700

Talking Points Memo: The Government and ISPs At Odds Over Fighting Botnets:

“Both the U.S. government and the country’s internet service providers (ISP) agree that botnets are among the greatest threats facing Web users.

But they can’t yet agree on what to do about it, because the ISPs aren’t exactly the biggest fans of a government document calling for them to establish voluntarily, industry-wide standards for detecting and fighting threats.”

Word to the Wise: Spammers and Google

Tue, 04 Oct 2011 14:12:05 -0700

Word to the Wise: Spammers and Google:

“It seems spammers are buying very, very old lists scraped from usenet and inviting everyone on those lists to join them on Google+.”

Ned Batchelder: Stopping spambots with hashes and honeypots

Tue, 04 Oct 2011 10:22:05 -0700

Ned Batchelder: Stopping spambots with hashes and honeypots:

“Rather than stopping bots by having people identify themselves, we can stop the bots by making it difficult for them to make a successful post, or by having them inadvertently identify themselves as bots. This removes the burden from people, and leaves the comment form free of visible anti-spam measures.”

Errata Security: October is Cybersecurity Awareness Month -- or is it?

Mon, 03 Oct 2011 15:07:05 -0700

Errata Security: October is Cybersecurity Awareness Month -- or is it?:

‘Last year, the president declared October to be “Cybersecurity Awareness Month”. But, October has already been Breast Cancer Awareness Month for the pat 25 years.

So which is it? Cybersecurity or Breast Cancer?’

Wired: How Two Scammers Built an Empire Hawking Sketchy Software

Mon, 03 Oct 2011 13:12:05 -0700

Wired: How Two Scammers Built an Empire Hawking Sketchy Software:

“…thanks to a series of lawsuits and criminal complaints filed over the past several years, combined with interviews with former company insiders, it’s possible to reconstruct a picture of how scareware gets made—and how it made multimillionaires out of two misanthropic hucksters.”

threatpost: The Inside Story of the Kelihos Botnet Takedown

Fri, 30 Sep 2011 08:46:05 -0700

threatpost: The Inside Story of the Kelihos Botnet Takedown:

“Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks.

Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure. We worked closely with Microsoft’s Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system.”

The Last Watchdog: Trust in the Internet falters after DigiNotar, Comodo hacked

Thu, 29 Sep 2011 16:56:05 -0700

The Last Watchdog: Trust in the Internet falters after DigiNotar, Comodo hacked:

“Digital certificates enable consumers to submit information that travels through an encrypted connection between the user’s web browser and a website server. The certificate assures the web page can be trusted as authentic. But the unprecedented attacks against CAs shows how fragile that trust can be.”