According to most reports, the amount of email spam is diminishing.

Experts credit the takedown of massive botnets like Rustock, a more educated user base and advancements in spam fighting technologies for this trend. However, even though one of the most annoying, and troublesome, threats to email accounts is on a downswing it doesn’t mean for one second that email is no longer a part of the IT infrastructure that is vulnerable to threats.

Understanding the different ways cyber criminals and script kiddies can use vulnerabilities in email clients and servers to attack a system will help any email administrator keep email services running smoothly, and the entire infrastructure safe from a great number of exploits that can do some serious damage. Continue reading Addressing Three Major Email Threats

Administrators confident about the safety of their data encrypted on company laptops should start squirming if a recent court decision passes muster in the United States.

The case involves a Colorado woman who has been ordered to open the encrypted drives on her laptop for federal investigators.

Unlike the cops on television shows and movies, who always seem to have a computer wizard on hand to decrypt a hard drive or crack a password, law enforcement authorities in Colorado, stymied by the encryption on a notebook in the possession of Romona Fricosu, simply went to a judge and asked him to order her to type in her password so they could see what was in the encrypted files.

In arguing against opening the files, Fricosu claimed doing so would violate her civil rights, in particular her Fifth Amendment rights against self-incrimination. Her reasoning was that the government, by forcing her to give up her password for decrypting the drive, were forcing her to incriminate herself if there were anything on the drive tying her to their criminal investigation of a mortgage scam. They believe Friscou is involved the scam that defrauded banks in the Colorado Springs area of some $900,000. Continue reading Government can force you to decrypt your data

Gates: Momentous security memo

For computer security experts, January 15 marked the anniversary of a red letter day. It was the 10th anniversary of the day that Microsoft decided to get serious about security.

On that day in 2002, a memo from Bill Gates to Microsoft employees declared the company would be entering a new era, an era of “Trustworthy Computing.”

“In the past,” Gates wrote, “we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software.”

“So now,” he continued, “when we face a choice between adding features and resolving security issues, we need to choose security.” Continue reading Microsoft's Trustworthy Computing program turns 10 years old

Gestures can replace passwords in Windows 8.

Why it has taken Microsoft so long to make password security more than an afterthought when it introduces a new operating system is anybody’s guess. Nevertheless, with Windows 8 it is making an effort to help users manage their passwords in an efficient and secure way.

Everyone has dozens of accounts they need for which they need to memorize passwords. Most people, though, only commit a few passwords to memory and just reuse them over and over again. A study in 2007, for example, found that the average Internet user had 25 accounts that required password access, but they only used six passwords to access their accounts.

Security pros decry the multiple use of passwords but there are plenty of sites on the web where if your password fell into the wrong hands, the consequences would be trivial. Reusing passwords for those sites should be acceptable. There are sites where unique passwords are a must, though, such as banking or credit card payment sites. Continue reading Windows 8 Offers New Password Features

BYOD can give administrators a headache.

More and more organizations are finding their employees using personal devices to access company data. Without some measure of control, those workers can create serious security problems for their employers.

As much as some administrators would like to block the use of personal devices in the workplace, that’s unlikely to happen for a number of reasons. For example, many employees are already using their own devices at work, as a recent survey by IDC shows. That poll found that 95 percent of workers use one personally purchased device on the job. Continue reading What should be in your BYOD policy?

Despite the claims of one CEO of a major global high tech company, many workers believe their internal email is important enough to scrutinize when they should be kicking back and being jolly during the holiday season.

In a poll of some 1000 people with full-time jobs in the United Kingdom, surveyors found that nearly half of the workers (46 percent) intend to check their office email either frequently (15 percent) or intermittently (31 percent) during yuletide. About a third of the sample (34 percent) said they’d totally resist the temptation to check their email during their stay at home during the festive period. Continue reading Santa's checking his list for Christmas, everyone else their email

This morning I noticed the flashing red light on my Blackberry alerting me to a new message. Since this device is connected to my work email account, I decided to give it a look to see what was so important that it couldn’t wait until Monday.

I was lucky that I did check it. The new message was actually from my personal email account and the contents of the message contained only one link and other people were also sent the same message.

I realized immediately that my personal email account was sending spam. I was upset with this because working with email and security, I write and train others on best practices. Not only this, but I follow them as well. I make sure that: Continue reading Yes, My Email Account Was Compromised

There’s an appealing logic to the notion that as technologies focused on a problem improve, the problem will diminish. That’s not always the case, however, and it may not be so when it comes to plugging email leaks.

Technologies don’t develop in bubbles. While improvements in Data Loss Prevention (DLP) technology are advancing, so are other technologies, technologies and trends that can offset or undermine those improvements. Continue reading March of technology will make plugging email leaks tougher than ever

How about a quick show of hands? How many of you, reading this, administer a corporate email system? Hmmm, looks like practically all of you, except for that guy in the back of the corner wearing the yellow t-shirt. Okay, not sure why you’re here, but I appreciate you reading nonetheless. Okay, next question. How many of you have a password policy that makes you change your corporate  password every month, for example?

You hear that? That’s the sound of crickets chirping as practically each and every one of you tries to avoid eye contact with everyone else, because most of you probably haven’t changed the password to your personal email account since you first set it up. Now consider how many things are tied to that email account. Password resets for your bank accounts, your credit card accounts, your Facebook, Twitter, and blog accounts; personal email accounts are treasure troves of information for attackers. A compromised personal email account is the perfect information source for an ongoing attack against a user because so many other accounts can be compromised without the victim being aware. And the majority of users will not change their password unless a system prompts them to.

Continue reading Google States What Needs To Be Said

Small and medium-sized businesses face many of the same threats that large companies do when it comes to their email systems. Some of the common problems that email administrators face are:

• Spam delivered via email
• Viruses and malware delivered via email
• Email messages that contain inappropriate content
• Information leaks. Continue reading 5 Tips for Better Email Security