Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
RSS feed
|
Home
31 Dec 2014
The Spamhaus Project just published
a
long article about the botnets they've been watching during 2014.
As this chart shows, we're not making any progress.
(Yellow bars are bot controllers on compromised hosts, red bars are
dedicated controllers.)
See more ...
Stable link is https://jl.ly/Internet/sh2014.html
30 Dec 2014
Dave Crocker, author of many of the standards documents that e-mail depends on, and I
were at the M3AAWG meeting in Brussels in June when they asked us to
step into an impromptu video studio and talk about how e-mail has changed
over the past several decades, and whether we're winning the war on spam.
If you want to skip the muzak in the intro, we start talking at :48.
Stable link is https://jl.ly/Email/m3aawgvideo.html
17 Dec 2014
Two weeks ago I blogged about ICANN's astonishingly
lucrative domain auctions.
At that time, they'd raised $26.7 million.
Now, two auctions later, they're up to about $33 million.
See more ...
Stable link is https://jl.ly/ICANN/33mil.html
ICANN got over 1900 applications for new TLDs, and several hundred of those
applications were from different people who wanted the same names.
Since everything about the new TLDs is complicated, the rules for handling
name conflicts are complicated.
See more ...
Stable link is https://jl.ly/ICANN/50mil.html
13 Dec 2014
The recent huge security breach at Sony caps a bad year for big companies,
with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and
no doubt other companies who haven't admitted it yet.
Is this the new normal? Is there any hope for our private data?
I'm not sure, but here are three observations.
Systems are so complex that nobody understands them
This week Brian
Krebs reported on several thousand Hypercom credit card terminals that all stopped working
last Sunday.
Had they all been hacked?
No, they were doing exactly what they'd been programmed to do.
See more ...
Stable link is https://jl.ly/Internet/hopeless.html
10 Dec 2014
The current US Congress isn't very good at getting things done, which means
that they delay even their most essential activities to the last minute.
One of the more essential of their activities is appropriating the money
to run the government, so in keeping with recent practice, a continuing
resolution to fund the government through next year was published
yesterday (Tuesday), two full days before the previous resolution
runs out and the government would shut down.
Congressmen often attach riders to these "must pass" bills that they
could never pass separately.
This resolution
has a rider on page 214 that says:
(a) None of the funds made available by
this Act may be used to relinquish the responsibility of
the National Telecommunications and Information Administration during fiscal year 2015 with respect to Internet domain name system functions, including responsibility with respect to the authoritative root zone file and
the Internet Assigned Numbers Authority functions.
(b) Subsection (a) of this section shall expire on September 30, 2015.
Some observers have argued that this is no big deal, the transition probably wouldn't
be ready until next September anyway, it can go ahead then.
They are wrong. It will be a long, long time until the NTIA lets go of ICANN.
See more ...
Stable link is https://jl.ly/ICANN/trans2017.html
13 Nov 2014
A press
release from the EFF complains that some Internet service providers are
preventing their users from sending mail over a private encrypted channel,
which is bad.
While a few ISPs do that, the story is more complex.
See more ...
Stable link is https://jl.ly/Email/tlsfilter.html
31 Oct 2014
Someone was asking who has the largest set of spamtraps;
I opined that nobody knows, since the people will the biggest ones
don't discuss the details. Also, it's not a very useful metric. There are spammers who only send to
specific large ISPS, so, say, Google would know all about them, and other people wouldn't see them at all.
Also, different kinds of spamtraps get different kinds of spam. I have three general kinds:
- Addresses that were never valid, typically invented by broken scrapeware that grabbed message IDs or
mangled addresses from web sites
- Abandoned addresses and domains, that may have been valid a decade or more ago, but only get spam now
- A depressingly large number of addresses given to well-known companies who then leaked them to spammers.
I also get a fair amount to real addresses that aren't spamtraps, but that are caught by filters or by
hand.
I haven't analyzed the spam profiles in detail but they're clearly different. For example, one ESP
doesn't appear on most people's spam radar, but they send me a great deal of spam (relative to my overall modest
volume.) That appears to be because they have a lot of poor quality lists with repurposed addresses, from senders
booted from more selective ESPs, and they're constantly hitting role addresses that aren't spamtraps, but should
never be on anyone's lists.
Stable link is https://jl.ly/Email/spamflavor.html
13 Oct 2014
Every once in a while, when I come across a domain whose WHOIS
is particularly bad, I send it in to ICANN's WDPRS reporting
system. So here is the entire entry for the domain ename.net:
Domain Name : ename.net
Registrant :
kongdejing
Domain Name Server :
dns1.iidns.com
dns2.iidns.com
dns3.iidns.com
dns4.iidns.com
dns5.iidns.com
dns6.iidns.com
æ¥çå®æ´whois请å°:http://whois.ename.net/ename.net
For more information,please go to: http://whois.ename.net/ename.net
(If you visit that web site, it's not much more informative, other
than saying that the registrant is ENAME TECHNOLOGY CO., LTD.)
See more ...
Stable link is https://jl.ly/ICANN/ename.html
11 Oct 2014
I see that Afilias has reserved SLAVE.BLACK
as a premium domain, presumably to be auctioned to the
highest bidder. I'm trying to figure out what the
business model is.
(Some names, including a lot of offensive words, are
permanently reserved by ICANN, but this isn't one of them.)
Domain Name:SLAVE.BLACK
Domain ID: D53146846-LRMS
Creation Date: 2014-07-17T15:32:41Z
Updated Date: 2014-09-15T20:32:11Z
Registry Expiry Date: 2015-07-17T15:32:41Z
Sponsoring Registrar:Afilias (R720-LRMS)
Sponsoring Registrar IANA ID: 9999
WHOIS Server:
Referral URL:
Domain Status: inactive
Registrant ID:BLACK-Premium
Registrant Name:Afilias Limited
Registrant Organization:Afilias Limited
Registrant Street: 2 La Touche House
Registrant Street: IFSC
Registrant City:Dublin
Registrant State/Province:n/a
Registrant Postal Code:n/a
Registrant Country:IE
Registrant Phone:+1.2157065700
Registrant Phone Ext:
Registrant Fax: +1.2157065701
Registrant Fax Ext:
Registrant Email:support@afilias.info
Stable link is https://jl.ly/ICANN/blkopp.html
08 Oct 2014
For reasons that should be obvious, a lot of people are
thinking about ways to make e-mail more secure, and harder
to spy on.
The most likely scenario is an improved version of PGP or S/MIME, two
existing encrypted mail systems, that let people publish their encryption
key, which correspondents use to encrypt mail so that only the recipient
can read it. While this is a significant improvement in privacy, it has
the problem that spam filters at the ISP can't read the mail either.
See more ...
Stable link is https://jl.ly/Email/cryptospam.html
10 Sep 2014
About a year ago I blogged about the IETF WEIRDS working group
which was working on a more modern replacement for the hoary WHOIS service.
At the time I said it was making surprising progress.
Perhaps less surprisingly, the progress has been quite slow, but WEIRDS seems to
be close to finishing its work.
See more ...
Stable link is https://jl.ly/ICANN/weirds14.html
31 Jul 2014
Earlier this month I wrote about some
ill considered legal moves by an attorney
who imagined that ICANN could be forced to turn over the .IR domain in
a long running case against the Iranian government.
See more ...
Stable link is https://jl.ly/ICANN/irtld2.html
16 Jul 2014
The recent DMARC kerfluffle has brought
new attention to mail forwarders that send mail on behalf of
other people.
We've been giving a lot of thought to ways to tell nice forwarders
from nasty ones, so that mail systems can deliver mail from the nice
ones and filter the nasty ones.
It occurs to me that there are several scenarios for the way that forwarders
work, so I've collected them in a little chart.
See more ...
Stable link is https://jl.ly/Email/fwdthreat.html
06 Jul 2014
Press reports
say:
A United States court on Tuesday effectively awarded a group of American and Israeli victims of Iranian terror the rights to the .ir domain, the suffix used to identify Iranian websites, along with all of Iran's IP addresses.
While the court and the lawsuit are real, it is extremely unlikely that .IR is going
anywhere.
See more ...
Stable link is https://jl.ly/ICANN/irtld.html
26 Jun 2014
Aereo is (was?) a system with a large array of tiny TV antennas,
each of which is assigned to a customer who can pick a channel
and record it on a remote DVR system and/or stream it through
the Internet. TV networks claimed they had to pay for retransmission
like a CATV system.
The Supreme Court
decided
yesterday in the networks' favor.
I'm not a constitutional law scholar, but I play one on the net, so ...
See more ...
Stable link is https://jl.ly/Copyright_Law/aereo.html
03 Jun 2014
DMARC is an anti-phishing scheme that was repurposed in April to
try to deal with the fallout from security breaches at AOL and Yahoo.
A side effect of AOL and Yahoo's actions is that a variety of bad things happen
to mail that has From: addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's
own mail systems.
If the mail is phish or spam, that's good, but when it's mailing lists or
a newspaper's mail-an-article, it's no so good.
The mailing list community has been gnashing its teeth for the past month
trying to figure out the least bad ways to deal with the problem.
To keep track of all the ways of avoiding or limiting the damage, I've made a
page
on the ASRG wiki. (The ASRG is gone, but the wiki lives on.)
If I've missed anything, let me know and I'll update it.
Stable link is https://jl.ly/Email/undmarc.html
24 May 2014
Last week we heard of yet another
egregious
security breach at an online provider, as crooks made off with
the names, address, and birth dates of eBay users,
along with encrypted passwords. They suggest you change
your password, which is likely a good idea,
and you better also change every other
place you used the same password.
But that's not much help since you can't change
your name, address, and birth date, which are ever so handy for phishing and identity theft.
There is plenty
not to
like about the way that eBay handled it,
but a more important question is why we tolerate big allegedly sophisticated companies
treating our personal information so casually.
See more ...
Stable link is https://jl.ly/Internet/badsec.html
17 May 2014
Two weeks ago I wrote about
Yahoo's unfortunate mail security actions.
Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty.
See more ...
Stable link is https://jl.ly/Email/aoldmarc.html
28 Apr 2014
AOL finally
confirmed today
that crooks have stolen credentials and address books from some large number of
AOL users.
(They say 2%, but that's only the ones they know about so far.)
So we suggest you take some routine security precautions.
See more ...
Stable link is https://jl.ly/Email/aolchange.html
19 Apr 2014
Heartbleed,
for anyone who doesn't read the papers, is a serious bug in the popular
OpenSSL security library.
Its effects are particularly bad, because OpenSSL is so popular, used to
implement the secure bit of https: secure web sites on many of the
most popular web servers such as apache, nginx, and lighttpd.
A few people have
suggested that the problem is that OpenSSL is open source, and code this important
should be left to trained professionals.
They're wrong.
The problem is that writing and testing cryptographic software is really, really hard.
See more ...
Stable link is https://jl.ly/Internet/openssl.html
I used to say to our audiences: "It is difficult to
get a man to understand something when his salary depends
on his not understanding it!"
- Upton Sinclair, I, Candidate for Governor: And how I Got Licked, (1935), p. 109
In November, the Authors Guild suffered a
crushing defeat
in their long running suit against Google's book scanning project,
with a broad decision agreeing with Google that the scans are protected by fair use.
Not surprisingly, they're making a last ditch appeal to the Second Circuit.
While I see no realistic chance of them winning, not least because Judge Chin
who wrote that decision is now a well respected member of the court to which they
are appealing,
it's always interesting to see how they think they'll get the court to reverse.
Having read
their brief,
all I can say is, it's really strange.
See more ...
Stable link is https://jl.ly/Copyright_Law/agaltrel.html
07 Apr 2014
DMARC is what one might call an emerging e-mail security scheme.
It's emerging pretty fast, since many of the
largest mail systems in the world have already implemented it,
including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo.
See more ...
Stable link is https://jl.ly/Email/yahoobomb.html
26 Mar 2014
For a long time, the easiest way to look up the WHOIS
information for a domain has been to use whois-servers.net,
which has kept a list of a lot of WHOIS servers that you can look
up in the DNS. To look up something in, say blah.tld
you point your WHOIS program at blah.whois-servers.net.
Many open source WHOIS clients will do that automatically, or with
a flag.
But with all the new TLDs added every week, they're falling behind.
See more ...
Stable link is https://jl.ly/ICANN/wsspam.html
16 Mar 2014
ICANN has now accepted several hundred new top level domains (TLDs) and some of them are now open
for general registration.
I have sized up for zone file access, so I can download daily snapshots of most of the active zones,
and I'm making daily counts of the number of names in each zone.
See more ...
Stable link is https://jl.ly/ICANN/newsize.html
15 Mar 2014
Earlier this week Verisign sponsored a two day conference on name collisions in the DNS.
Despite the very short time frame in which it was organized, only a month from announcement
to meeting, there were some very good presentations.
I'll just hit some highlights here; all of the papers and slides are on their web site at
namecollisions.net.
See more ...
Stable link is https://jl.ly/Internet/collide.html
08 Mar 2014
Code is Law - Larry Lessig
MtGox finally
collapsed,
although for a reason I didn't anticipate: software bugs.
Something called "transaction malleability" allowed crooked MtGox users to trick
MtGox into believing that their withdrawals hadn't worked, so MtGox reissued them.
This continued over about three years, during which time the crooks stole about
700,000 bitcoins from the wallet where MtGox kept most of its customers'
deposits without them noticing.
See more ...
Stable link is https://jl.ly/Money/bitfatal.html
31 Jan 2014
One of the great divisions in the US (it's #2, with #1
being slavery and race)
is between the creditor class, historically
eastern bankers and industrialists, and the debtor class, historically
western farmers. The creditors want hard money, no inflation, and
preferably deflation. The debtors want cheap money, to make it easier to
pay their loans.
See more ...
Stable link is https://jl.ly/Money/bitcross.html
23 Jan 2014
One of the hottest topics in the email biz these days (insofar as
any topic is hot) is how we will deal with mail on IPv6 networks.
On existing IPv4 networks, one of the most effective anti-spam techniques
is DNSBLs, blackists (or blocklists) that list IP addresses that send only
or mostly spam, or whose owners have stated that they shouldn't be sending
mail at all.
DNSBLs are among the cheapest of anti-spam techniques since they can be applied
to incoming mail connections without having to receive or filter spam.
On my system about 85% of incoming IPv4 mail connections are handled by DNSBLS,
and I gather that number is pretty typical.
On IPv6, DNSBLs can't work the same way.
See more ...
Stable link is https://jl.ly/Email/v6fun.html
01 Jan 2014
In no parrticular order:
Anonymous frictionless transactions are not new and are not very interesting
See more ...
Stable link is https://jl.ly/Money/bitmore.html
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
CAUCE It turns out you don’t need a license to hunt for spam. 201 days ago
A keen grasp of the obvious Italian Apple Cake 759 days ago
Related sites
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
My
Mastodon feed
|