Knowing how long to store your company email can be confusing. For some industries and public companies there are laws dictating how long emails should be kept, but for other companies it is more discretionary. A document retention policy can help with this. Deciding which emails to keep and for how long - and then most importantly, sticking to your policy - will be looked on more favourably should you find yourself justifying missing email evidence to a judge. more
As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more
I recently had a chance to read a report titled, "Show Me the Money: Characterizing Spam-advertised Revenue" produced as a joint effort from the University of California, San Diego (UCSD), International Computer Science Institute, and UC Berkeley by Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker and Stefan Savage. I also had a chance to hear Chris Kanich speak about the topic - Show Me The Money! This post contains my notes with some photos taken from that report. more
Courtesy forwards have been a standard feature of e-mail systems about as long as there have been e-mail systems. A user moves or changes jobs or something, and rather than just closing the account, the mail system forwards all the mail to the user's new address. Or a user with multiple addresses forwards them all to one place to be able to read all the mail together. Since forwarding is very cheap, it's quite common for forwards to persist for many years. Unfortunately, forwarding is yet another thing that spam has screwed up. more
Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet. Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more dangerous than the cybercriminals. Here are my notes. more
Boy, that was a great party the White House threw yesterday when their new online privacy rights were unwrapped and passed around. Most everyone hefted their shiny new rights, agreed they were nice, and talked about the need for swift adoption. But when the party was done, everyone filed out, turning a blind eye to the post-party cleanup and a sink full of dirty dishes. more
On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me. more
With the new top-level domain (gTLD) application process down to the last two months, here are three last minute tips on how to submit a successful gTLD application to ICANN... Sometimes the most obvious information is also the most important. In ICANN's supplemental notes under the "Best Practices" section, the first best practice ends with the parenthetical statement (i.e., show your work). For an applicant, these may be the three most important words in all the ICANN guidance. more
In the run up to the launch of new TLDs there were a lot of rumours about which organisations would apply for which strings. Detractors might pick holes in the entire project, but it's very hard to argue against the merits of new TLDs specifically in the context of cultural linguistic communities that fall outside the realm of ccTLDs (country code top level domains). The case of Catalonia and .cat is probably the best one and has been vaunted as the poster child for new TLDs in some circles. more
It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private? Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. more
Brian Krebs reporting in Krebs on Security: "Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States." more
The other day on pastebin, snippets of an email conversation were posted with members of the hacking group Anonymous discussing plans to conduct DOS attacks against the Internet's root name servers... Going after the Internet's root servers is a very bold move by Anonymous. Whereas before they were "merely" breaking into companies that they believed were acting contra to the hacker ethic, going after the Internet infrastructure is another thing altogether. Why? more
Google revealed on its official blog today that it is handling an average of more than 70 billion requests per day on its free Public DNS service. According to VeriSign's latest public statistics, it is handling only an average of 59 billion DNS requests per day, less than that handled by Google. more
Talk, conjecture and analysis have predicted a wireless spectrum crisis for years. The official word seems to project a culmination of dropped calls, slow loading of data, downright network access denials as impending by 2015. If so, then we should look at the current argument about how that additional spectrum can be disseminated to wireless carriers in a fair and balanced fashion. more
Mid-January 2012 marked a major inflection point for digital copyright policy in the United States... Yet no one involved with Congressional interaction on either side of the issue believes it has been sidetracked for long, and "Hollywood" and "Silicon Valley" are both plotting their next moves in this high-stakes game to further define the responsibilities and potential liabilities... The resolution of this dispute will determine the ability of Internet services to move to "the cloud"... more