And that problem is security. Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk. There will always be people who comply with data requests, but I expect more customers to be...
People are your weakest link
Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication. We know many of our customers individually and...
This month in email: February 2014
After a few months of hiatus, I’m resurrecting the this month in email feature. So what did we talk about in February? Industry News There was quite a bit of industry news. M3AAWG was in mid-February and there were actually a few sessions we were allowed to blog about. Gmail announced their new pilot FBL program. Ladar Levinson gave the keynote talking about the Lavabit shutdown and his new...
Lavabit and darkmail
The M3AAWG keynote address today was a talk from Ladar Levinson about the shut down of Lavabit mail service after receiving demands from the NSA to hand over their SSL keys. @maawg tweeted different quotes from the session. There is a conflict between privacy and security, and these are questions we need to resolve. Ladar talked about his potential new service called darkmail, which pushes...
Brian Krebs wins the Mary Litynski award
A little late, but I’ve been in sessions most of today. M3AAWG announced this morning that Brian Krebs won the 2014 Mary Litynski award. This award is given to people who work tirelessly to make the internet a better place. I first had the pleasure of listening to Brian give the keynote address at a MAAWG conference many years ago. His ability to infiltrate some major spam operations and...
Target breach started from email
According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems. Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. I’m not...
Target acquires email addresses, exposing more customers to data breaches
As most folks now know hackers broke into Target systems last December and stole financial and other data from 110 million customers. Target has been responding to this breach reasonably well. They’ve been notifying customers that were affected and they’re providing credit monitoring for affected individuals. They seem to be totally on top of protecting their customer’s data and...
When did you check your security last?
A few years ago security and breach protection was all the topic of the day in the email space. There were some high profile break ins at ESPs and data companies and everyone was looking at their security. Companies were vocal and public about their security enhancements. Many in the email industry even used the term “advanced persistent threats.” Security seems to have taken a back...
Post-mortem on the Spamhaus DOS
There’s been a ton of press over the last week on the denial of service attack on Spamhaus. A lot of it has been overly excited and exaggerated, probably in an effort to generate clicks and ad revenue at the relevant websites. But we’re starting to see the security and network experts talk about the attack, it’s effects and what it tells us about future attacks. I posted an...
No room for cowards
Brian Krebs was the keynote speaker at a MAAWG meeting a few years ago. He is a tech journalist that knows and understands the dark underworld of online crime. Yesterday, his website was taken down by a dDOS attack and the Fairfax County SWAT team was called to his house by someone. Brian does work that is risky. His contributions to what we know about online crime are extremely valuable. His...