James Hoddinott posts, over on the Cloudmark blog, about another arrest associated with hackers infecting machines with a trojan that steals personal information. There are so many security risks out there, and these messages have been hammered home recently. Home users are at risk from trojans, some spread by spam and some spread by advertising networks. Corporate users are at risk from all of...
The Department of Justice and the FBI took aggressive action against the Coreflood botnet this week. They not only seized domain names and some hardware, they also received permission to actively respond to infected machines. This TRO allows the government to intercept and respond to infected computers. This essentially cuts off the botnet at it’s knees. I haven’t heard any comments...
There are a lot of different perspectives on Feedback Loops (FBLs) and “this is spam” buttons across the email industry. Some people think FBLs are the best thing since sliced bread and can’t figure out why more ISPs don’t offer them. These people use use the data to clean addresses off their lists, lower complaints and send better mail. They use the complaints as a data...
I’ve been seeing a lot of discussion on various fora recently about increased delivery issues at Hotmail. Some senders are seeing more deferrals, some senders are seeing more mail in the bulk folder. Some senders aren’t seeing any changes. This leads me to believe that Hotmail made some adjustments to their filtering recently. Given some senders are unaffected, this appears to be a...
Stefano over at emailmarketingblog.it translated our blog post about Epsilon into Italian: Epsilon e la sicurezza dei dati sensibili: calma e sangue freddo.
There’s been a lot of media coverage and online discussion about the Epsilon data breach, and how it should be a big wake-up call to email recipients to change their behavior. There’s also been a lot of panic and finger-pointing within the email industry about What Must Be Done In The Future. Most of the “you must do X in response to the data loss” suggestions are coming...
Steve mentioned the email he received yesterday from one of the companies that was compromised by the Epsilon attack and how difficult it was to determine if this was a real email from Marriott or a phish. It’s not just over email where the companies are doing badly. Citibank appears to be attempting to notify me about the breach, but are doing it in a way that is indistinguishable from...
After Epsilon lost a bunch of customer lists last week, I’ve been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen – not least because it’ll be interesting to see where this data ends up. Yesterday I got mail from Marriott, telling me that “unauthorized third party gained access to a number of Epsilon’s accounts...
Last week there was a rather detailed post on the attack at RSA. It is well worth a read because I think many of the techniques employed in the RSA attacks have been or will be employed against ESPs. Early in the article, the author asks a question. These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations...
I’ve seen a number of people and blogs address the recent breaches at some large ESPs make recommendations on how to fix things. Most of them are so far from right they’re not even wrong. One group is pointing at consumers and insisting consumers be taught to secure their machines. But consumers weren’t compromised here. Another group is pointing to senders and insisting senders...
RSS - Posts