If a phish or spam comes into your company with a From address of your company’s domain, recipients may be more likely to take action. That quick decision can lead to compromised computers. Coca-Cola found itself the victim of a hack when an email masqueraded as Coca-Cola’s chief executive, sending an email to Paul Etchells, Coca-Cola’s deputy president …
Continue reading ‘Preventing Phishing the Company From Your Domain’ »
Just a housekeeping note. For those of you who prefer to follow blogs via email instead of RSS feeds or via twitter, I’ve enabled that ability. If you’d like to do that, on the home page, on the right hand side, look under the “keeping up” section. I have a link for twitter, the rss …
Over the weekend, email marketing firm Epsilon revealed that it had been hacked and that some of their client customer lists had been stolen. Names and email addresses were stolen. With the link between your email address and the particular client of Epsilon, it is now much easier to create a targeted phishing email. Phishing emails …
Continue reading ‘Epsilon Breach will Lead to Phishing Season Security Companies Predict’ »
Magazine publisher Conde Nast received a email from a company with a name similar to their regular printers asking them to update their payment information. Conde Nast dutifully began sending their monthly payments electronically to a bank account in Houston Texas. $8 million was collected before the printers contacted the publisher to ask why they hadn’t been paid. Surprisingly the …
Continue reading ‘Magazine Publisher Phished for Millions’ »
Back in February 2008, I suggested to the Sendmail admins that we look into opportunistic TLS. Like all encryption there is a performance hit. Unlike S/MIME or PGP the encryption is only during transit between links. Additionally there is no guarantee that all links will be encrypted. Hence the word opportunistic. While you don’t want to …
A couple of my friends had their webmail accounts compromised and I got pharma spam from them over the weekend. One had a Hotmail account and another a Yahoo account. I’m not sure whether they should be mocked more for using accounts at those domains or for getting compromised. Restoring Access If this happens to you and you’re really …
A lot of copiers now have the ability to scan documents and email the result as a PDF. I’ve never quite understood why people don’t take the time to change the default subject line. On a Xerox it is something like “Scan from a Xerox WorkCentre” to something a bit more descriptive. Worse yet, I’ve …
We’re seeing emails with the subject “phone calls” and “setting for your mailbox are changed” getting detected as bloodhound.exploit.290. That’s a generic detection for a Adobe Reader PDF exploit.
Are out of office (OOF) messages a security risk or a useful tool? (Microsoft uses the acronym OOF for Out of Facilitiy. I’ll be using that rather than OoO for out of office). I’ve felt that the anti-OOF forces are the kind of ludite people who still agitate for a return to text only email. …
The Microsoft Exchange team wrote a blog back in 2006 summarizing the need to email message limits. Email size limits help protect you against denial of service attacks. Intentional or not Internal sender or external, a large message can consume all available resources. The problem can be aggravated by Antivirus for Exchange. It only has …