Whirlwind that is M3AAWG

It’s been a great conference, and it’s only about half done. As is common at these conferences, I write down lots of things we should do and need to publish. The difference is now that we are growing I may have the time to put the polish on them and get them published.
Today’s keynote discussed the economics of botnet mitigation. Michel van Eeten from Delft University of Technology presented information compiled from some different datasets about botnets.
Good news
Botnet infection rates are relatively stable. They’ve not spiraled out of control like some people were predicting.
Interesting news
More than 50% of bot infections are contained on 50 ISPs in the entire world.
Bad news
Centers set up specifically to fix botnet infections don’t really have a big impact on infection cure rate.
Good news
ISP actions and walled gardens do have an impact on infection cure rates.
The biggest take away from the session is that ISPs are critical in both protecting from infection and helping users cure infection once it happens.

Related Posts

Mary Litynski Award winner Jayne Hitchcock

This morning the Messaging, Mobile and Malware Anti-Abuse Working Group announced the winner of the Mary Litynski Award.
Congratulations to Jayne Hitchcock of WHO@ for her work over the last 2 decades fighting online abuse and cyberstalking.
I’ve never actually met Jayne, but I do remember following her story in the late 90s. She started off trying to protect people from being scammed by Woodside Literary Agency. In return for her work to inform and protect people the principals of Woodside set out on a multi-year harassment campaign against her.
This was in the late 90s and the Internet was very new. There weren’t any laws. There weren’t really abuse desks. We had to protect each other. Law enforcement didn’t know what to do with problems. There weren’t any laws against harassment online. The word “cyberstalking” was created by a reporter when describing what was happening to Jayne.
Jayne has been a force for good online and she and her volunteers help people who are victims of abuse online and cyberstalking. She’s been instrumental in getting anti-cyberstalking laws passed and helping law enforcement understand why online abuse is an issue and that it should be addressed.

Read More

Back from M3AAWG

Last week was the another M3AAWG meeting in San Francisco. The conference was packed full of really interesting sessions and things to learn. Jayne’s keynote on Tuesday was great, and brought up a lot of memories of just what it was like to be fighting spam and online abuse in the mid to late 90s. It’s somewhat amazing to me that many of the people I first met, or even just heard about are still actively working to fight abuse and make the Internet safer.
Wednesday was another great keynote from Facebook, discussing security. Facebook is committed to sharing threat information and has started the ThreatExchange website as a hub for sharing data among large companies.
One thing that was amusing was during one talk someone mentioned YubiKey for managing logins. They said many people were sharing long strings of random keys that sometimes happen because someone has accidentally triggered the one time passcode. YubiKey is awesome, if sometimes ccccccdkhjnbitklrrtnhjrdfgdlhektfnfeutgtdcib inscrutable.
As has become a bit of a M3AAWG tradition lately, Wednesday was also kilt day. There may be pictures. For those of you planning to go to Dublin, Wednesday will be kilt day as well.
The conference was great, but ended on a bit of a down note. We received word that Wednesday night a long time friend, Ellen R., passed away due to complications from a stroke. The conference held a moment of silence for her at the end. Ellen was a friend as well as a colleague. She was around on IRC when we started this crazy experiment called Word to the Wise and was always helpful and insightful. She volunteered with, and then worked for, Spamcop and then volunteered with Spamhaus. Ellen will be very missed.
I started off the conference remembering all the friends I made back in the late 90s and ended it remembering and missing those who are no longer around. Email has been one amazing journey, and doesn’t look like it’s going away anytime soon.

Read More

2016 Mary Litynski Award

The Mary Litynski Award is presented by M3AAWG to people who have done extensive work outside the public eye over a significant period of time. At the Dublin conference the award was presented to Rodney Joffe. A lot of other people will talk about Rodney’s accomplishments, including his role in the founding of Genuity, his work with the DMA in the early days of spam, his efforts against SMS spam and his efforts to secure the Internet infrastructure. But I have a much more personal perspective.
Rodney was seminal in changing my life and career path. Back in 1999, Rodney asked Steve to look into some DNS creativity he was testing. A few months later, Rodney invited Steve to join a new company he was founding based on that DNS creativity. We moved out the the Bay area and Steve started working for UltraDNS in early 2000.
Moving out to the Bay Area triggered my career shift into anti-spam and anti-abuse. I started working at MAPS (now Trend Micro) in their experimental consulting service division. We were the “carrot” end of the equation, where our job was to help companies minimize the abuse coming out of their networks.
After MAPS went through a round of layoffs in 2001, Rodney started recommending me as an email consultant to some of his connections in the marketing world. This work was a success and directly led to the founding of Word to the Wise and everything that flows from that.
M3AAWG has published a video where Rodney discusses his role in the history of spam and some of the other things he’s done to fight junk advertising (both fax and SMS spam). He sued junk faxers in small claims court. He was instrumental in getting SMS spam covered under the TCPA. He wrote the first global opt-out list supported by both the DMA and the ISPs and proved that global opt-out would never work. He literally pulled the plug on spamming customers.
Rodney says he’s “Not smart, just the guy who carries the bags of money and helps the smart people get things done.” I certainly don’t believe that is true. He has done things on the global scale to make the Internet a safer place for end users. But my appreciation is much more personal. I will forever be grateful to him for starting us on this path and the help and advice he gave us so many years ago.

Read More