Concerned citizens and privacy groups have been up in arms of late after hundreds of people have claimed they received unsolicited spam email from the White House.
The mass email written by senior presidential adviser David Axelrod contained a heavily biased message that defended President Obama’s health care proposals and encouraged supporters to help rebut criticism circulating on the Internet.
Opponents of President Obama’s health care plan who received this and other spam messages from the White House have argued that they never signed up to receive email from the White House, and have been outspoken with their concerns regarding their privacy. After a few days of silence in regards to the email list, the White House finally released an official statement to Fox News on Sunday which stated:
“The White House e-mail list is made up of e-mail addresses obtained solely through the White House Web site. The White House doesn’t purchase, upload or merge from any other list, again, all e-mails come from the White House Web site as we have no interest in e-mailing anyone who does not want to receive an e-mail,” the statement said. “If an individual received the e-mail because someone else or a group signed them up or forwarded the e-mail, we hope they were not too inconvenienced.”
Some recipients of the spam have said that they have never even browsed to the official White House Web site. The White House claims that the email may have been sent to such unwilling recipients as a result of on-line petitions from advocacy groups. On-line petitions can contain both the name and email address of the those who sign the petition, and the White House may have added the email addresses from submitted petitions to the White House distribution list.
The White House has stated that it’s Web site managers will seek out and block on-line petitions so that those who wish to receive email from the White House may sign up to do so on an individual basis only.
by Jeremy Nigh on June 30, 2009
Michael Jackson’s death last week left a mourning fan base of gargantuan proportions. Fans of the “King of Pop” (one of which this writer is not) have expressed their grief and sentiments through email, youtube, twitter, and various other social and Internet-related media in a way rarely seen before. But for many, their state of sadness has left them vulnerable to email and web-based attacks.
It’s no secret that spammers and malware creators can always be counted on to deliver a bevy of non-benevolent business when a phenomenon such as this reveals itself. At only 50 years old, nobody (least of all the average spammer) expected MJ to die so suddenly. Subsequently, Micheal Jackson email scams got off to a slow start, but over the past weekend attacks have ramped up significantly. Have a look at an actual Mailprotector quarantine page to see some of the spam we’ve stopped over the past 3 days:
A quick Mailprotector quarantine search for the words "Michael Jackson" yields quite a few results.
It’s not really surprising. Spammers have always had a propensity to follow the buzz of current trends and hot news stories. They’ve learned what works, and focusing on current events works very well for them. The Michael Jackson death story is the latest “easy target” scenario, but be forewarned that spammers never stop looking for creative ways to get to your inbox, so it’s important to take proper measures to ensure you’re protected from the Bad stuff.
The best way to keep safe is to use an email security service (such as Mailprotector) that provides an exchange spam filter, which tells spam messages to Beat It before they even get to your email server. If such a service is not an option for you, however, you can always take the common-sense approach to protect yourself:
- Always be very careful to only open email from trusted senders
- Never click links in emails that seem even remotely suspicious
Better safe than sorry is always the way to go when dealing with potentially harmful email. The Michael Jackson spam attacks will subside, but if history is any indicator the next spam-inducing current event is just around the corner, and for those of us in the email security industry it promises to be one heck of a Thriller.
I don’t think it matters which political side you lean to, we can all be saddened by the affects of South Carolina Governor Mark Sanford’s actions on his family. Having lived in SC just about all of my life I’m deeply upset by what he’s done to the image of South Carolina around the nation and the world. I don’t intend to delve into the personal or political fallout of Sanford’s revelation yesterday but there could be some email security implications worth exploring.
We know that The State newspaper in Columbia has had email purportedly between Governor Sanford and this Argentinian woman since as early as December of last year. The paper says that it did not publish the story because there was no way to corroborate the authenticity of the messages. While there are many important specifics we don’t know, The State says it was sent the emails “from the governor’s personal e-mail account by an anonymous person.”
Given this revelation, its easy to see why The State held the story. Let’s take a look at a couple of email basics:
- An email is just like a letter in the sense that you can write whatever you want on the return address and there is no way to determine if that information has any relation to the real sender. (Yes, we do have some newer options to help like SPF and domain keys but they aren’t foolproof and you have to be in control of the receiving server to use these tools).
- Sending a regular email message is just like sending a postcard. If anyone at the post office (or in this case any person in control of any router at any ISP that the data stream is routed through) wants to flip it over and read the back, they can.
- If you have truly sensitive information, it should be encrypted using TLS or another email encryption technology.
- Even if you encrypt a message, if someone has username and password access to your email client they’re going to be able to read your mail.
Now, lets pick our story back up. If The State was sent these messages by an anonymous person, the authenticity of the messages would be no more reliable than the credibility of the person producing them as he or she could have easily forged the information and created them out of thin air. So, it seems reasonable for The State to have sat on the story with no other corroborating data.
But, how did they get Gov. Sanford’s email messages in the first place? By “personal email account” we’re going to have to assume this was not an email account under control of the SC State Government since all of those messages would be subject to archiving and state disclosure requirements as well as under the control of an IT administration department. We assume the Governor must have known this and was using some other email account.
Given this assumption we have to conclude that the ‘anonymous’ person was either 1) a rouge admin at an ISP (seems highly unlikely) or 2) someone with close personal knowledge of the situation that had access to Governor Sanford’s email. I’ll have to leave that with you to ponder until we know more about ‘anonymous’. In the mean time, here are a few email security tips to safeguard the content of your email:
- Always use TLS encryption on your email server. If you don’t host your own, be sure your provider uses TLS to transmit your messages across the Internet.
- If you connect to your email server using a web client, make sure you use a secure connection such as SSL (look for the ‘https’ in the address bar of your browser)
- If you connect with a client such as Outlook make sure you are using a secure connection as well.
And finally,
- Whatever you do, don’t use “password”, “pass” or your username as your password. Create a password that is a combination of numbers, letters and symbols.
by Tim Sullivan on June 19, 2009
While there are many causes for bottlenecks that keep applications from running at top speed, Processor Magazine list some tips to maintain performance. One of the tips listed was from our CEO, David Setzer, who recommends “living in the clouds”:
“A typical cloud-based security application does not require user interaction. There is no need for user training. IT does not have to install it on workstations. There is no downtime on the user’s workstation,” he says. The result is a more productive workforce.
Other tips included: take a holistic approach, get a cheap tune-up, and outsource non-core applications. To read about the tips visit the Processor Magazine story here.
Dark Reading published an article recently titled “SMBs Often Hit Hardest By Botnets”. David Setzer, our CEO, was featured in this article after an interview in which he gave his expert insight on the issue.
Spammers use their botnets not only for sending unwanted email to SMBs, but also for gathering new email addresses and bot recruits. “They are after sensitive data, as well,” says David Setzer, CEO of Mailprotector, an email security service provider. They want to recruit a new spam relay/bot, but they also throw in a keylogger to sniff for usernames and passwords, and try to grab as much lucrative sensitive data as possible, he says.
“It’s kind of a Swiss Army knife of malware…[they figure] they might as well get all the goodies they can out of [the SMB],” Setzer adds.
While Setzer says he can’t pinpoint any specific botnets that focus on hitting SMBs, more SMBs tend to get hit because they don’t have the horsepower to handle the threats. A DSL line or DS3 connection can be no match for a botnet spamming and waging a directory attack, he says.
Click to continue reading…
Email is probably the most important communication mechanism your company has. However it’s also one of the most annoying communication methods due to the spam and malicious email you receive on a minute to minute basis.
What you have to do is ensure your email server is protected from these threats for the sake of securing your corporate data, confidence of your customers and to minimize downtime by employees deleting spam.
If you host your own email, on a server, which I do not recommend for most small businesses, you’ll probably have some degree of email security and spam protection built into the server. These solutions are good. However, you might want to consider outsourcing your email security to a vendor who scans your email before it ever reaches your network.
Click to continue reading…
