According to most reports, the amount of email spam is diminishing.

Experts credit the takedown of massive botnets like Rustock, a more educated user base and advancements in spam fighting technologies for this trend. However, even though one of the most annoying, and troublesome, threats to email accounts is on a downswing it doesn’t mean for one second that email is no longer a part of the IT infrastructure that is vulnerable to threats.

Understanding the different ways cyber criminals and script kiddies can use vulnerabilities in email clients and servers to attack a system will help any email administrator keep email services running smoothly, and the entire infrastructure safe from a great number of exploits that can do some serious damage. Continue reading Addressing Three Major Email Threats

You may have read the stories about how Atos Origin, a French IT services company, is looking to make their offices an email-free workplace by the year 2013 to eliminate what they call email pollution.

By turning to collaborative social medial tools, such as the Atos Wiki, employees have already seen a 20% reduction in “email pollution” six months after this initiative went into practice.

Volkswagen has also attempted to cut back on after hour’s emails being sent to and from employees Blackberrys in a similar effort. However, while cutting back on emails like Atos is trying to do may seem trend setting, it hardly seems to be a realistic goal.

Not only because of how many workplaces have become reliant on emails to get work done, but rather how these people use email to get work done.

As we all know, emails are not only used to deliver electronic messages. People in office buildings all over the world have found ways to “hack” their email accounts to do much more than send and receive messages. Continue reading 5 Creative Uses For Email

This morning I noticed the flashing red light on my Blackberry alerting me to a new message. Since this device is connected to my work email account, I decided to give it a look to see what was so important that it couldn’t wait until Monday.

I was lucky that I did check it. The new message was actually from my personal email account and the contents of the message contained only one link and other people were also sent the same message.

I realized immediately that my personal email account was sending spam. I was upset with this because working with email and security, I write and train others on best practices. Not only this, but I follow them as well. I make sure that: Continue reading Yes, My Email Account Was Compromised

Small and medium-sized businesses face many of the same threats that large companies do when it comes to their email systems. Some of the common problems that email administrators face are:

• Spam delivered via email
• Viruses and malware delivered via email
• Email messages that contain inappropriate content
• Information leaks. Continue reading 5 Tips for Better Email Security

Over the years, Microsoft has taken its lumps when it comes to security however as a company, they have taken some pretty impressive strides to make sure that their products are more secure.

However, their security efforts have not been limited to just their products. They have launched several educational campaigns aimed at helping users better secure their computers and networks. Continue reading Email Security Best Practices from Microsoft

If there’s one rule that’s been drummed into the heads of all email users, it’s “don’t open executable files in email attachments.” But what if an email recipient doesn’t know they’re opening an executable file because its name has been cleverly disguised using Unicode?

Unicode is an international standard used to create a unique number for every character used by computers regardless of program, platform or language. Continue reading Clever Coding Conceals Malware in Email Attachments

Malware writers are constantly challenging an email administrator’s domain with their malicious mischief, but a recent trend should be very troubling to system defenders. That trend shows an increase in nasty apps that attacks the Master Boot Record of a computer running Windows.

The Master Boot Record (MBR) is the first thing your computer accesses when you turn it on. Why are these threats to it scarier than others? One reason is they launch their pernicious programs while a computer is in that twilight zone between power-on and the loading of Windows. A machine is particularly vulnerable during that time because many of its defenses are dormant until Windows loads into memory. Continue reading Be Prepared for Master Boot Record Attacks

The recent spike in security breaches resulting from meticulously planned and executed spear phishing attacks may have forced email administrators to start thinking of topics that they may never have considered previously, such as the repercussion of a hacked Exchange Server account, or the reasons why hackers would be interested in attacking your email server.  Indeed, you may have already read Securing Your Microsoft Exchange 2010 Server, and have duly implemented the various hardening measures that I’ve linked to in that article. Continue reading Simple Penetration Testing Strategies for Your Exchange Server

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

Continue reading 5 Simple Mistakes When it Comes to Email Security

While the Oak Ridge National Laboratory’s may be famous for its role in the Mahanttan Project, recent cyber attacks have brought the Department of Energy’s research center back into the news again. According to Barbara Penland, a spokesperson for the lab, Internet service and access to external email was brought down by the lab as part of preventative measures to secure the network’s sensitive data against a spear phishing attack launched against the lab on April 7^th.

The attack targeted lab employees disguised as a message sent by the Human Resources Department that contained a link exploiting a vulnerability in Internet Explorer. Microsoft has claimed that this vulnerability was fixed on April 12^th, one day after Oak Ridge noticed the attack against them.

Continue reading What we can Learn from the Oak Ridge Attack