Category : Email Security
What does Email Security mean to you?
When it comes to securing your organization’s email, you want to protect all aspects of email flow: inbound, local-to-local, and outbound. (Sep 01, 2010)
6 Ways to Reduce Your Costs with a Virtual Machine Solution
In his post, Six major trends for Email Security Companies, Mike discusses the trend of virtualization and the cloud. In case you still need convincing, here are 6 ways to reduce your IT costs through optimization of resource utilization: (Aug 31, 2010)
Word of the Week: Phishing
This week's Word of the Week is Phishing. What exactly does it involve and how can you prevent unsuspecting people from becoming victims of it? According to Wikipedia, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames,passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. (Aug 26, 2010)
“You can’t fix stupid”
HostExploit people named Demand Media the worst ISP in the world because of the number of botnet control centers they host and the sheer volume of junk that spews from its network. They reportedly host an estimated 7,400 infected websites. (Aug 19, 2010)
The 6 major trends for Email Security companies: ignore these at your risk!
There are currently very large forces at play in our industry. The issues, technology, competition, infrastructure, deployment and market are changing at such a rate that will leave many companies behind, while creating enormous opportunities for others. (Aug 13, 2010)
Stop Social Spam on Twitter
My last article was on stopping and getting rid of Comment and Registration spam on WordPress. Today, I’d like to cover another Social Spam topic: Twitter. You can bet all social networks are a target, and Twitter is no different. Here are a couple tips to minimize and get rid of the Twitter spam such as Direct Message (DM) spam. (Aug 03, 2010)
Spear Phishing: Is Your Boss a Whale?
Spear and whale phishing 1have been around for a while now, but recent social engineering efforts are focusing more on company executives. An example is this type of email: it certainly looks legit at first glance; even the phone number and address – right down to the floor number – are correct. But take a closer look at the URL used in the links: the real site has no relation to puzzlejs-mailing.com. (Jul 29, 2010)
My spam is different from your spam!
The type of spam you receive depends on many things, including your behavior on the net, how you use your email address, your position in a company and much more. As a software company executive I receive a very particular stream, one that is probably very different than what most people receive. Well, at least that's what our Security Operations team tells me. (Jul 22, 2010)
Surfing on Web 2.0: Where Innovation Meets Cybercrime
Yesterday, I logged into Facebook. I usually never use my account there (I am not a Facebook fan), but once in a while I’ll spend some time on it. For the first time, after entering my credentials, a “security” page appeared stating that unusual activities have been witnessed on my account. I then had to answer some questions, choose the names of some tagged friends, and reset my password. I have no idea what happened or how my account got compromised. (Jul 20, 2010)
Get rid of Social Spam on WordPress (Comment & Registration Spam)
The hot topic of the past few years certainly has been Social Networking and the Web 2.0! So, you started a blog on your own domain, have spent a lot of time writing relevant quality content, performing SEO, integrating into social networks to distribute your news. Now, your site is starting to get decent exposure from Search Engines and Social Networks, traffic is building up and so is spam. This damn spam. After being spammed for years through email, now you also get it on your blog. Of course, spammers have identified this new source. It offers basically the same potential as email (and actually an even better potential), so they want to be there as well. There is spam whose purpose is SEO (improve backlinks), some others are about phishing, identity theft, or malware. Let's see how to get rid of all this noise once and for all. (Jul 16, 2010)
Organized Cybercrime
A month ago I read a fascinating book called McMafia 1by Misha Glenny 2. Glenny, a former BBC world correspondent, presents a terrifying yet eye opening look at how organized crime has progressed with Globalization over the last few decades. Glenny covers all the major illicit activities from global drug trafficking networks, to prostitution and human trafficking. One chapter in particular is dedicated to the future of organized crime and the fastest growing sector, cybercrime. (Jul 13, 2010)
Privacy vs. Data Leakage: What’s More Important to You?
In an earlier post, I discussed why your business needs Policy Management and the different causes of Data Leakage. In today’s post, I will take a closer look at one of the causes of data leakage protection and how it can be prevented: let’s look at the case of the Disgruntled Employee. (Jul 08, 2010)
Why Your Business Needs Policy Management
Instead of being reactive to scandals and managing them after the fact, organizations should take a proactive role and protect data leakage before it happens, to prevent the loss of secrets that are revenue generating. However, most companies are still under-protected and focus their security budgets on compliance and protection of custodial data (customer personal information) rather than internal information such as corporate/product strategy, or financial reports which directly affect the bottom line. (Jun 17, 2010)
Honest, I don’t want an email security appliance!
Vendors have their own very special reasons for pushing email security appliances, instead of virtual machines or straight software installations. You may find that their reasons do not always align with your own. (Jun 14, 2010)
Angelina Jolie wants to be my friend: The pitfalls of social media
I guess writing this blog brings some perks after all. I’ve been nominated to ‘represent [my] professional community’ for every possible Who’s Who list, Facebook invitations are coming in fast and furious, I’m getting offered all kinds of free product subscriptions, and, judging from my message content, I think my 15 minutes of fame have finally arrived! (Jun 09, 2010)
Are Canadian spammers above the law?
I certainly hope not. Ever heard about that guy, Adam Guerbuez? Using some scripts, he sent over 4 million spams through Facebook’s Wall in 2008. After being sued by Facebook under the CAN-SPAM act, he was found guilty (Guerbez didn’t even bother showing up for the trial) and was charged a 873M$ fine. That turns out to be about a BILLION Canadian Dollars. (May 28, 2010)
SURBL: The catch of the day
There it is again: another email in your Inbox from an obscure financial institution, requesting that you click on the available link and be redirected to an unknown, unsecured website. Prompted for personal details or your credit card number, you hesitate to enter this information thinking something seems fishy. (May 19, 2010)
Your mail server might not be the cause of delivery problems
Most support people have seen every mail server configuration possible, and others that would have been considered impossible. No matter whether the operating budget is very tight, mega-sized or somewhere in between, people often try to throw everything onto a single server, including the kitchen sink. Well, that kitchen sink is often the cause of email blockage, rather than the actual mail server program. Even a honking new machine with mega-sized specs can have performance problems if it becomes bloated with unnecessary and/or resource hogging apps. (May 03, 2010)
April Email Security News: McAfee update error impacts many systems
A summary of links to articles that I have found interesting in the last few weeks. Includes my own commentary. (Apr 30, 2010)
Six items often overlooked when purchasing an email security solution
As discussed in an earlier post , the battle against spam is an ongoing one and requires you to do your due diligence when selecting an email security solution to protect one of your business’ most important assets: email. (Apr 26, 2010)
My catch-rate is better than yours… nah, nah!
Have you seen how some email security vendors seem to focus almost exclusively on their catch-rate and false-positive rates? Okay. So everyone in the industry does 99%+ catch-rate and less than 0.5% false positives,we do it, they do it. Woopdeedooo, let’s do the happy dance! And that’s the only thing many vendors will push for. Features? Blah. Easy to use? Blah. Support? Double blah (many outsource it offshore anyway). (Apr 14, 2010)
Anti-Social Networking
Web 2.0 is leading us to operate and collaborate more through our web browsers than ever before. Consequently, sites like Facebook, Twitter, LinkedIn and MySpace are being used more aggressively for everything from chatting to marketing. Spammers are loving this. (Apr 07, 2010)
Policy Compliance: Keep it Simple, Stupid!
Are you getting pressured to provide some sort of regulatory compliance rules to your business that will affect your network configuration, your email flow and your end users? Do you have to deal with SOX or HIPAA or GLBA, or ‘Oh Lord, not another Acronym’ regulation (we’ll call it the OLNAA) whose apparent sole purpose is to complicate your life? (Mar 24, 2010)
Let’s Virtualize Email Security!
Virtualization. Virtual Machine. Virtual Appliance. We keep on hearing these words over and over: they’ve been a recurring topic for a few years now. And it’s growing to the point where the Microsoft vs. Google fight now has a new contender: Microsoft vs. VMware. So, what’s all the buzz about? (Mar 19, 2010)
Looked at our site or downloaded our software? Then allow us to harass you!
Some companies take their marketing tools a little too far. Download their software for a trial, or even just visit their website, and you just opened the door to daily email and phone calls from aggressive sales staff pushing their wares. I know the market is competitive, but can we please let the customer make their decision in peace? (Mar 12, 2010)
Who’s minding the store at WHOIS?
WHOIS (for those unfamiliar with it) is a system that provides free public access to domain name registration. Every domain name has to be registered with the following information: the registrant’s name, an administrative contact, a technical contact, and the name servers associated with each domain name. It’s all about traceability. (Feb 17, 2010)
“Love is in the air” ...or is it?
Ah, Valentine’s Day, the time of year when suddenly everyone is starry-eyed and declaring their love for one another. Our eagerness to please our loved ones tends to make us a little more vulnerable. And this makes us perfect prey to scammers who pounce on these vulnerabilities to spread their viruses and scams. (Feb 11, 2010)
Do you have what it takes to be an Email Security Reseller?
So, you want to be an email security reseller? Sure, here's the form, here's the discount you'll get, here's where you sign...Not so fast! (Feb 10, 2010)
Less Linux, more Windows
I’ve always been a pro-Linux type of guy. I started using Unix back in 1992 (SunOS) and then onto Slackware, Red Hat, Ubuntu. Linux offered so many more features, security, power to do anything and a reliability Windows couldn’t dream of at the time. Linux was a true multitasking OS, had a firewall, and all internet clients and servers one may want or need: pop3, smtp, http, ftp, ssh. All these were virtually impossible to do on MS-DOS or Windows, and I’m not even talking about the various crashes and ridiculous uptimes of the early Microsoft platforms. Since then, and up until a few months ago, it’s always been clear to me: reliability and security on Linux; office work, graphical user interface and leisure on Windows. (Feb 05, 2010)
Incompetent email security spam filters cause historic business to change name
The Beaver is, at 90 years old, Canada’s second oldest magazine. Founded in 1920 and named after Canada’s symbol and fur-trading history, the Hudson's Bay Company publication is devoted to popularizing Canadian history, aiming to make Canadians more aware and appreciative of their heritage. Two weeks ago, the venerable magazine had to change its name to Canada’s History because its newsletter and emails were being trapped by spam filters around the world. (Jan 29, 2010)
What is a Honeypot in Email Security Terms?
A Honeypot is, by definition, a decoy or a trap whose purpose is to detect and identify unauthorized use in order to prevent breaches. In Email Security, a Honeypot is a SMTP server setup to process a single domain (or multiple domains) to gather emails all day long. (Dec 18, 2009)
One phish, two phish, red phish, blue phish
Typical phishing messages purport to originate from various financial institutions, delivery services, Facebook, and so on, all with the aim of getting you to click the enclosed link and disclose some personal information that can be abused. (Dec 16, 2009)
What, me worry?
Incidents of cybercrime via malware and exploits are on the rise, but if this recent poll is to be believed, people are still too blasé about their Internet security. The Unisys Security Index: Global Summary report 1 revealed the following: “Concerns over security in everything from online shopping and banking to safety from computer viruses, as well as national security along with personal and financial security, were significantly down over what was recorded half a year ago for populations in the United States, the United Kingdom, Germany, Belgium, Brazil, Netherlands, Spain, Australia and New Zealand. (Nov 18, 2009)
Anti-Spam, Hacking and Virus Security: How Will Smartphones Survive?
With a double-digit market growth rate, non-existent protection and super-fast communications based on a variety of protocols and media, Smartphones clearly are a future target of choice for hackers and spammers. How will they survive, and at what cost? (Nov 13, 2009)
The Future Of Email Security: Where Do We Go From Here?
There’s no denying that anti-spam filters are imperative in the fight against junk mail and malware, but no single solution is fool-proof. Employing anti-spam and virus filters, stronger passwords, encryption, and so on, are not enough to win the battle against the ever-increasingly sophisticated attackers. (Nov 04, 2009)
Drive by Downloads
This is a term I’m seeing more and more frequently in security-related web posts and, frankly, I thought it was fairly new. After doing some research, however, I found an article entitled, Anatomy of a “Drive-by-Download,” that was written in 2004 (!) by Eric L. Howes. Where have I been all this time? (Oct 21, 2009)
Three Reasons Why Cloud Computing May Not Be For You
Email Security. Love it or hate it, it needs to be addressed. Many small businesses often don’t have the money or resources to invest in installing and maintaining a secure mail system, and consequently look to outsource this very important aspect of their business. Email is a mission-critical application, forming the backbone for most organizations’ day-to-day business activities. So why not offload the security aspect of your email so you can focus on your actual business? (Oct 14, 2009)
10 Best Spam Subject Lines
Spam definitely comes in all shapes and sizes. We asked you to submit your best subject lines and after much deliberation we came up with the top ten list (and it was no easy feat!)
10 "a stone for making tortillas, a mortar for grinding red pepper."
9 "A cell phone glitch accidentally making millionaires" (Oct 09, 2009)
Top 5 Things to Distrust About Email
These are all very basic rules that a savvy person already knows. But if everyone already knows them, why are there so many scammers out there and how are they able to make so much money? (Sep 23, 2009)
First Michael, now Patrick. Celebrity deaths yield new spam campaigns
So how does a celebrity's death result in more spam? Spammers take advantage of our thirst for information and know that we will be Googling for the latest news and gossip. (Sep 16, 2009)
Spam’s future from the New School of Information Security
Will Spam ever stop? Some thoughts on spam economics from the New School of Information Security.
Adam Shostack (currently at Microsoft in the role of security program manager and with whom I worked on a security audit of the service delivery platform at Radialpoint) and Andrew Stewart recently published The New School of Information Security. (Sep 11, 2009)
