According to most reports, the amount of email spam is diminishing.

Experts credit the takedown of massive botnets like Rustock, a more educated user base and advancements in spam fighting technologies for this trend. However, even though one of the most annoying, and troublesome, threats to email accounts is on a downswing it doesn’t mean for one second that email is no longer a part of the IT infrastructure that is vulnerable to threats.

Understanding the different ways cyber criminals and script kiddies can use vulnerabilities in email clients and servers to attack a system will help any email administrator keep email services running smoothly, and the entire infrastructure safe from a great number of exploits that can do some serious damage. Continue reading Addressing Three Major Email Threats

Administrators confident about the safety of their data encrypted on company laptops should start squirming if a recent court decision passes muster in the United States.

The case involves a Colorado woman who has been ordered to open the encrypted drives on her laptop for federal investigators.

Unlike the cops on television shows and movies, who always seem to have a computer wizard on hand to decrypt a hard drive or crack a password, law enforcement authorities in Colorado, stymied by the encryption on a notebook in the possession of Romona Fricosu, simply went to a judge and asked him to order her to type in her password so they could see what was in the encrypted files.

In arguing against opening the files, Fricosu claimed doing so would violate her civil rights, in particular her Fifth Amendment rights against self-incrimination. Her reasoning was that the government, by forcing her to give up her password for decrypting the drive, were forcing her to incriminate herself if there were anything on the drive tying her to their criminal investigation of a mortgage scam. They believe Friscou is involved the scam that defrauded banks in the Colorado Springs area of some $900,000. Continue reading Government can force you to decrypt your data

Gates: Momentous security memo

For computer security experts, January 15 marked the anniversary of a red letter day. It was the 10th anniversary of the day that Microsoft decided to get serious about security.

On that day in 2002, a memo from Bill Gates to Microsoft employees declared the company would be entering a new era, an era of “Trustworthy Computing.”

“In the past,” Gates wrote, “we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software.”

“So now,” he continued, “when we face a choice between adding features and resolving security issues, we need to choose security.” Continue reading Microsoft's Trustworthy Computing program turns 10 years old

Gestures can replace passwords in Windows 8.

Why it has taken Microsoft so long to make password security more than an afterthought when it introduces a new operating system is anybody’s guess. Nevertheless, with Windows 8 it is making an effort to help users manage their passwords in an efficient and secure way.

Everyone has dozens of accounts they need for which they need to memorize passwords. Most people, though, only commit a few passwords to memory and just reuse them over and over again. A study in 2007, for example, found that the average Internet user had 25 accounts that required password access, but they only used six passwords to access their accounts.

Security pros decry the multiple use of passwords but there are plenty of sites on the web where if your password fell into the wrong hands, the consequences would be trivial. Reusing passwords for those sites should be acceptable. There are sites where unique passwords are a must, though, such as banking or credit card payment sites. Continue reading Windows 8 Offers New Password Features

This morning I noticed the flashing red light on my Blackberry alerting me to a new message. Since this device is connected to my work email account, I decided to give it a look to see what was so important that it couldn’t wait until Monday.

I was lucky that I did check it. The new message was actually from my personal email account and the contents of the message contained only one link and other people were also sent the same message.

I realized immediately that my personal email account was sending spam. I was upset with this because working with email and security, I write and train others on best practices. Not only this, but I follow them as well. I make sure that: Continue reading Yes, My Email Account Was Compromised

Organizations that want to see that their employees have the tools to get their jobs done often allow them to use their own devices to do it. While that policy can set the teeth of many administrators on edge, it’s fast becoming a fact of life in the workplace.

One of the prime culprits behind the popularity of BYOD—Bring Your Own Device—is Apple’s iPhone. Not only did it become a favorite among the rank and file workers in many companies, but also among the top brass in many of them, too. That made it difficult for IT departments to keep the smartphones from invading their domains. Continue reading Why the iPhone should be the BYOD of choice for administrators

Whenever a new cool technology is introduced into a consumer smartphone, for every “wow” it sparks from an early adopter, an “ouch” is elicited from a system administrator. That appears to be the case with Siri, the “personal assistant” in the latest model of Apple’s iPhone, the 4S.

The 4S was introduced on October 5 and has proven to be extremely popular, with four million units sold during the first weekend it was available to consumers. Some of those consumers, however, are going to find that their shiny new toys are going to be mobilis non gratus when they try to connect them to their corporate networks. That’s because some organizations consider the smartphones a security risk.

At the root of the problem is Siri. It allows you to use your voice to issue commands and posit queries to the phone. For instance, you can say, “Where can I eat pizza around here?” And Siri will respond with a map with nearby pizza joints tagged on it. Or, without any training, you can ask it to call someone from your address book while you’re driving your car so you don’t have to touch the phone. Continue reading iPhone's Siri could pose threat to email security

Have you checked the spam flowing into your organization lately? Microsoft has, and it has reported its findings in its Security Intelligence Report for the first half of this year.

The report, which is based data collected from 600 million computers worldwide, noted that pharmacy spam remains a favorite of junk emailers. An analysis of telemetry data from Microsoft customers who process tens of billions of messages a month using the company’s Forefront Online Protection for Exchange (FOPE) shows that 28 percent of all spam is non-sexual pharmacy junk. By comparison, sexual pharma spam is at the low end of the spectrum at 3.1 percent.

Behind pharma junk are non-pharmacy product ads (17.2 percent), 419 or “Nigerian” scams (13.2 percent), financial services (8.9 percent) and gambling (6.1 percent). Continue reading What spam is in your inbox? Microsoft breaks it down.

Over the years, Microsoft has taken its lumps when it comes to security however as a company, they have taken some pretty impressive strides to make sure that their products are more secure.

However, their security efforts have not been limited to just their products. They have launched several educational campaigns aimed at helping users better secure their computers and networks. Continue reading Email Security Best Practices from Microsoft

When the U.S. CAN SPAM Act was passed eight years ago, critics of the measure doubted it would put a dent in the flow of Internet junk mail. They were right, but few would have predicted that many spammers would use the law as a subterfuge for their pesky activities. They do that with “snowshoe spam.”

It’s called that because it exploits the principal used by snowshoes to prevent their wearer from sinking into deep snow. They do that by distributing a walker’s weight over a larger area of snow. Snowshoe spam keeps junk e-mail from being sunk by a system’s spam defenses by spreading the spew across multiple IP addresses.

That can be particularly effective against an email system’s volume filters. Those filters monitor the origin of email. If a large volume of email with the same content is coming from an IP address, those filters will start blocking the email and treat it as spam. By using multiple IP addresses, spammers can keep the volumes on any single IP address low enough to submarine the thresholds used by the volume filters. Continue reading Junk mail law contributes to expansion of 'Snowshoe Spam'