BLOG

Tag: compromise

Anatomy of a successful phishing attempt

Earlier this year the Exploratorium was the victim of a phishing attack. They’ve posted an article on what happened and how they discovered and dealt with the issue. But they didn’t just report on the attack, they dissected it. And, as is appropriate for a organization with a mission of education, they mapped out what they […]

No Comments

August 2016: The Month in Email

August was a busy month for both Word to the Wise and the larger world of email infrastructure. A significant subscription attack targeted .gov addresses, ESPs and over a hundred other industry targets. I wrote about it as it began, and Spamhaus chief executive Steve Linford weighed in in our comments thread. As it continued, […]

1 Comment

Ashley Madison Compromise

Last month Brian Krebs reported that the Ashley Madison database was compromised. Ashley Madison is a dating site that targets married folks who are looking to have affairs. Needless to say, there is a lot of risk for users if their data is found on the released data. Today what is supposedly the Ashley Madison […]

No Comments

Compromises and phishing and email

Earlier this month, Sendgrid reported that a customer account was compromised and used for phishing. At the time Sendgrid thought that it was only a single compromise. However, they did undertake a full investigation to make sure that their systems were secure. Today they released more information about the compromise. It wasn’t simply a customer […]

No Comments

Arrests in ESP data breach

The FBI announced today arrests of three people in the ESP data breaches from the compromises of various ESPs a few years ago. Krebs on Security: Feds Indict Three in 2011 Epsilon Hack Department of Justice: Three Defendants Charged with One of the Largest Reported Data Breaches in U.S. History After stealing over a billion […]

1 Comment

Dealing with compromised user accounts

M3AAWG is on a roll lately with published documents. They recently released the Compromised User ID Best Practices (pdf link).

No Comments

AOL compromise

Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn’t provided any information as of yet as to what is going on.

4 Comments

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication. We know many of […]

No Comments

Target breach started from email

According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems. Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. […]

No Comments

Michele Bachmann Announces She’s Done

U.S. Representative Michele Bachmann (R-Minnesota) announced today that she’s not going to seek re-election in 2014. Last time around, the race between her and Minnesota businessman Jim Graves was very close. Mr. Graves lost by a very narrow margin. Graves had already announced his intention to take on Ms. Bachmann again next year. As the news […]

2 Comments
  • Vague reports of Yahoo problems

    A number of people, on different forums, have been asking if anyone is seeing a higher bounce rate than usual with Yahoo. Not sure exactly what's going on here. As I understand it, folks are talking with Yahoo about it. If I hear anything more, I'll share. For now, though, if you're seeing a small increase in Yahoo bounces (or other weirdnesses) others are seeing something odd, too.No Comments


  • Responsive design just got easier at Gmail

    Today Gmail announced they are supporting media queries in Gmail and Google Inbox. This should simplify the creation of emails for multiple platforms. The full list of supported rules can be found on the Google Developer Site.No Comments


  • Brief blogging break

    Sorry about the unexpected hiatus. I picked up a cold that really made me feel fuzzy and writing was an exercise in futility. I'll be back Monday. Meanwhile, Oracle bought another ESP (Bronto) when they bought NetSuite.  No Comments


Recent Comments

Archives