From time to time, I hear security vendors make claims that make no sense. In fact, let's not mince words: I sometimes hear security vendors lie. There, I said it. This week on Security Levity, I want to talk about one such example...

I saw an interesting article in New Scientist this morning: "To beat spam, turn its own weapons against it". I thought I'd talk a little about it in this week's Security Levity...

read more | 4 comments

This week on Security Levity, a sneaky trick that some spammers are trying, in an attempt to stay on the right side of the law. When we think of 'spammers', we usually picture an offshore group of criminal individuals, pushing fake pills from websites that are outside the direct reach of U.S. law. But there's another group of spammers, who are closer to home...

read more | 8 comments

This week on Security Levity, how some Internet users are fighting back against scam artists. This is a followup to two of my previous blog posts: about Nigerian 419 scams and Chinese domain registration fraud.

read more | 3 comments

Over the last two weeks of Security Levity, we've looked at how DNS blocklists (DNSBLs) evolved from the spam filtering equivalent of primordial ooze, and how they became reputation services. This week I want to look at where we're going: what's the future for sender reputation?
(If you missed any earlier posts in this series, here's part 1 and here's part 2.)

I'm interrupting my scheduled series on reputation to bring you a public service message. This week on Security Levity, a reminder to beware of all kinds of phishing attack: not just bad guys pretending to be your bank...

Last time on Security Levity, I talked about blocklists, particularly DNS blocklists (DNSBLs). This time, I'll talk about how the industry moved to reputation services and how they differ from traditional DNSBLs.

In the next three Security Levity posts, I want to talk about 'sender reputation' and how it's used to filter spam and other undesirable email. What is reputation, what's a reputation service, and how is it different from good old-fashioned blocklists?

This week in Security Levity, I want to talk about domain registration fraud. We're seeing various patterns of come-on for this type of fraud. I'm going to describe two such spam samples today.

read more | 4 comments

This week on Security Levity: the growing threat of Mac malware. Let's look at just one example. Earlier this year, security researcher Jerome Segura from Paretologic, a Commtouch Security Alliance member, discovered a new Mac OS X malware variant: OSX/Jahlav-C.

In a previous Security Levity post, I was asked a question that often comes up. A commenter wondered how is it that spammers can send spam from "my" email address? And is that something we should be worried about?

read more | 14 comments

This week on Security Levity... spam laws around the world. Many of us know about the U.S. federal law regulating spam, known as the CAN-SPAM Act, or at least we think we do. But what about the laws internationally? Here are a few notable international spam laws...

read more | 1 comment

This week on Security Levity... how China views Web filtering. It should be no surprise that the Chinese government is sensitive about certain forms of speech. We in the West may not like it, but...

This week on Security Levity... the second in a series of posts about spam in different cultures. This time: Nigeria, home of the 419 scam. We've all received advance-fee fraud come-ons: typically, badly-worded invitations to help a bank teller "liberate" money from a forgotten bank account. The basic idea is to gradually draw you into a web of lies, play on your greedy appetite for easy money, and then hit you for some "expenses"... or worse.

read more | 13 comments