Today’s SANS handler diary notes a SPAM storm is effecting the availability of mail servers at some companies in Canada.
Its always amusing to note spammer mistakes in formulating the email addresses. In this case it looks like they are using $firstname$randomword$lastname. That’s not going to work very well. 
The sheer volume, is causing some issue though.
The handler suggests that it is a best practice to reject email for bad addresses at your MTA, immediately after receiving the a bad RCPT TO. I agree that will prevent a whole lot of unnecessary mail processing. I am concerned though that in the absence of additional software, this will assist the spammer with address harvesting. If the bad guy can determine that you only accept valid addresses, and you don’t have a mechanism to kill directory harvesting attempts, they’ll be able to brute force valid addresses. Companies like Postini (Google) and MessageLabs have this sort of feature. I dont know about other MTAs.
Archive for August 2007
Bad Dream
The following post was originally written in June but not posted. I was stressing out about our Full Disk Encryption selection. I didn’t want to talk to the Snr Manager for a few days after this dream. I can laugh about it now.
I had a dream last night that I got fired. It was so real.
We were trying to deploy an update to some software that I’m not responsible for in real life. My Senior Manager said to install it on the server so all the clients would get the updates. I responded that didn’t make any sense, we would have to deploy to each client. In my dream, the Senior Manager said, “that’s it, you’re through” and asked a co-worker to help me clean up my office.
Think Before you Post
Think before you post. Its not just advice for bloggers like Whole Foods CEO John Mackey. New generations are growing up with an entirely different expectation on what needs to remain private.
While watching TV tonight, I saw a public service announcement (PSA) from cybertipline.com titled “Bulletin Board.” In this PSA, a girl puts here picture on a physical bulletin board but quickly finds that its not so easy to take something back once its been put out there.
Here’s the youtube copy.
More information is available at their website.
The cynical person might make jokes about how hokey this is. “So you’ve had the birds and the bees talk with your kid, but did you make sure they are practicing safe surfing.” I actually thought the PSA was great and was happy to see it get run on TV.
FDF Spam
F-Secure is reporting in their blog that they are seeing spam in FDF file attachments. FDF files will open in Adobe Reader. Spammers are using this as their latest attempt to bypass spam filters.
Savior or Target
Last month there was a data breach at a Fidelity National Information Services subsidiary. Today, I notice they have a job posting for a Project Manager in Security/Audit/Compliance.
So is this
a) coincidence
b) locking the barn door after the horses escape
c) someone got canned.
Similarly,a few weeks ago I saw a job for a deputy secretary for infosec at the U.S. Department of Veterans Affairs. They’ve been having issue after issue with data disclosure. One wonders if they are just hiring the person who will take the blame for the next incident.
EFS Assistant
I just noticed that Microsoft released a new tool called the EFS Assistant back in May.
One of the big drawbacks to using EFS is enforcing what folders are encrypted. It seemed like unless you wrote some convoluted script using cipher, what was encrypted was in the hands of the user. I prefer to leave as little security as possible in the hands of the end user.
There are still many drawbacks to using EFS, but this tool helps with one of those issues.
