Friday, 29 February 2008

Spammers work for Desperate Social Networks

Hmm, email hitting spamtraps this morning for a social network called Friendsgroup.co.uk. Sounds suspicious, no?

Let's see:
  • Spam sent to email addresses that only exist to trap spam? CHECK
  • Spam comes from dynamic consumer ISP space? CHECK
  • Envelope sender forged? CHECK
  • Date: header a couple of hours in the future? CHECK
  • "Content-Transfer-Encoding: 7bit" but includes 8-bit characters? CHECK
  • Text mentions "double opt-in" CHECK
  • Spamvertized website operates out of Latvia, not the UK? CHECK
Update: I only had a quick look and can't see anything obviously dodgy with the site itself. My suspicion is that it exists to spread malware -- either by exploiting browser vulnerabilities or by making people download Trojans when they register.

It could alternatively be a come-on for a Russian Brides style scam.

Monday, 25 February 2008

Crypto vendor Identum bought by Trend Micro

It's official, so I can now write about it. Trend Micro and Identum today announced that Trend is buying Identum.

Identum is an encryption vendor, which does away with certificates -- which are difficult to manage -- in favour of encryption keys that are based on a user's "identity" -- typically the email address.

On the face of it, this is similar technology to Voltage Security's IBE, but with better performance, simpler administration, and arguably better security.

Identum chose not to offer a federated model. Instead, it's a service, based in a super-secure bunker in "an undisclosed location" (well, I could tell you where, but then I'd have to kill you).

Congratulations to Andy Dancer and the rest of the Identum crew for successfully getting this interesting technology out of Bristol University, incubated, and flipped.