Brian Krebs wins the Mary Litynski award

A little late, but I’ve been in sessions most of today. M3AAWG announced this morning that Brian Krebs won the 2014 Mary Litynski award. This award is given to people who work tirelessly to make the internet a better place.
I first had the pleasure of listening to Brian give the keynote address at a MAAWG conference many years ago. His ability to infiltrate some major spam operations and online forums for criminals is amazing. He’s also had retaliation attempts, including being SWATed and having heroin delivered to his house.
If you get a chance to hear Brian speak, I strongly encourage you to do so. His knowledge is outstanding and his speaking style is entertaining. I’ve learned a lot from Brian over the years and I’m pleased he won this award and that M3AAWG recognized his contribution to stopping abuse online.
M3AAWG press release

Related Posts

The J.D. Falk award 2013

M3AAWG awarded the second J.D. Falk award today in Montreal. The winner was Gary Warner from the University of Alabama.
Gary has been involved in fighting abuse and online crime since the 1990s. He developed the Center for Information Assurance and Joint Forensics Research at the University. This is an education program that not only teaches students about online threats and how to fight them, but collaborates with both industry experts and law enforcement.
You can check out Gary at his blog or on twitter.
 

Read More

Questioning standards

M3AAWG publishes documents summarizing and discussing current practices for stopping and preventing abuse. Some of these documents are focused on ISPs while others are focused on marketers. While M3AAWG is not directly nor officially a standards body, most of the documents have been written by members and reflect the best current practices for that document.
Members have been asked to leave the organization and some companies are denied membership because they are not in line with the organizational values. Some of these companies are ESPs or marketers, but some of these companies have been ISPs as well.
The standards written by M3AAWG are challenging for a lot of marketers to follow. These standards are written with the input of senders, but they all comply with the M3AAWG mission of stopping messaging abuse. Many ISPs believe that unsolicited email is abuse, thus M3AAWG standards say that all mail needs to be sent to recipients who request that mail. Purchasing lists, selling lists, and appending email addresses are all unacceptable activities for M3AAWG members.
I never really had much concern about the effectiveness of the M3AAWG process. Most of the big industry players are there and many of the ISPs have an aggressive anti-abuse attitude.
But last week I saw a blog post on a fairly major industry blog that listed a bunch of (made up, tasteless and sexist) things “overheard” at the recent M3AAWG conference (it’s been removed and I wouldn’t link to it anyway). The blog post made it look like no real work gets done at M3AAWG and that the attendees don’t work at the conference. I won’t claim that it’s a staid and quiet conference, but most attendees work very hard during the day.
The next day, the author tweeted:

Read More

Post-mortem on the Spamhaus DOS

There’s been a ton of press over the last week on the denial of service attack on Spamhaus. A lot of it has been overly excited and exaggerated, probably in an effort to generate clicks and ad revenue at the relevant websites. But we’re starting to see the security and network experts talk about the attack, it’s effects and what it tells us about future attacks.
I posted an analysis from the ISC yesterday. They had some useful information about the attack and about what everyone should be doing to stop from contributing to future attacks (close your open DNS resolver). The nice thing about this article is that it looked at the attack from the point of view of network health and security.
Today another article was published in TechWeekEurope that said many of the same things that the ISC article did about the size and impact of the attacks.
What’s the takeaway from this?

Read More