Friday, 22 June 2007

The DHS is a Wonderful Organization

DHS logoSo I hear the U.S. Department of Homeland security has been having one or two problems with its computer security:
A subcommittee of the Committee on Homeland Security ... expressed "shock and disappointment" that the DHS had reported as many as 844 security incidents in fiscal years 2005 and 2006. The incidents occurred on IT networks at DHS headquarters, and those belonging to Immigration and Customs Enforcement, Customs and Border Protection (CBP) and the Federal Emergency Management Agency.

The security issues ... included one in which a password dumping utility was found on two DHS servers. In addition, Trojans and other malicious programs were found on numerous agency servers, and classified mail was found to have been sent out over insecure networks.
Trojans? Unencrypted sensitive email? Oh, big fat hairy deal. C'mon, this is nothing that you couldn't find in most organizations of that size. It's hardly DHS's fault.

Give them a break. In fact, give them all a big pay rise -- especially those nice officers who work the immigration and customs desks at America's fine airports (and the ones who sit in Canada, too). I do like them a lot, and look forward to my time chatting with them every time I visit the U.S.

They are all, without exception, wonderful people, and anyone who says otherwise is probably some sort of terrorist.

Wednesday, 20 June 2007

A (Partial) Spammer Taxonomy

I was recently asked by a journalist, "So who are these spammers, anyway?"

There are many different types of spammer. Here are some examples:
  • Affiliates of vendors of products that can cause embarrassment (e.g. pills and porno). Such spammers get paid by commission on sales. Some of the products may be genuine; many are fake or of dubious quality. See Why You Shouldn't Buy from Spammers
  • Criminal gangs intent on driving up the price of a stock. They will have bought the shares before sending the spam and then sell their shares when the price rises. This is known as "stock kiting" or a "pump and dump scam." See Pump'n'dump: it's all About the Timing, Baby
  • Advance-fee fraudsters. They write pretending to have access to a large amount of money and need your help to transfer it to another country. They offer a percentage of the money for your help. Often originates in Nigeria. Also known as a "419 scam." See Evidence of 419 Scam Targeting Using Google
  • Companies that don't respect unsubscribe requests. See ZD are Spammers!
  • Companies that, after you sign up for newsletter "A" also send you information about topic "B." This is known as "List repurposing." See Techweb Spams me; Am I Impatient?
  • Legitimate companies who have bought lists of email addresses in good faith from liars. They are told that the names on the list are willing to receive unsolicited email, but actually the list is just names harvested from Web pages or stolen from address books. Such companies should perform better due diligence, but often don't.

Monday, 18 June 2007

See you at Inbox/Outbox this Week?

I'll be keynoting again and sitting on the Spamhaus panel. I'm also running an extra session about sender authentication (i.e., SPF and DKIM).

Everything's repeated both days, except the panel, which is only on Tuesday.

If you can't find me, text me on +447789200701 (assuming you want to ;-)