Tag: dkim
-
Malware authors’ continued use of stolen certificates isn’t all bad news
A malware campaign has been using code-signing certificates stolen from Taiwanese companies to sign its samples, ESET researcher and regular VB conference speaker Anton Cherepanov writes . Malware signed with stolen certificates isn’t a new phenomenon. Stuxnet famously used stolen certificates, also from Taiwanese companies, and in 2016 Symantec wrote about a malware campaign that…
-
Malware authors’ continued use of stolen certificates isn’t all bad news
A malware campaign has been using code-signing certificates stolen from Taiwanese companies to sign its samples, ESET researcher and regular VB conference speaker Anton Cherepanov writes . Malware signed with stolen certificates isn’t a new phenomenon. Stuxnet famously used stolen certificates, also from Taiwanese companies, and in 2016 Symantec wrote about a malware campaign that…
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…
-
TorrentLocker spam has DMARC enabled
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the ‘TorrentLocker’ ransomware and which, unusually, was using DMARC. TorrentLocker is one of the most prominent families…
-
Yahoo’s DMARC policy wreaks havoc among mailing lists
Collateral damage in instruction to reject emails with invalid DKIM signatures. A change in Yahoo ‘s DMARC policy has caused frustration among operators of many mailing lists and their subscribers. On its official website , DMARC is described as standardizing “how email receivers perform email authentication using the well-known SPF and DKIM mechanisms”. It was…
-
Weak cryptography keys allow others to add valid DKIM signatures to fake emails
512-bit key cracked within 72 hours. A Florida-based mathematician has caused a stir in the email community by adding a valid DKIM signature for google.com to an email after cracking the company’s private signing-key. When the first SMTP standard was published just over three decades ago, email spam barely existed. The email landscape has changed…
-
New RFC grants DKIM improved status
Email signing method now ‘Draft Standard’. The Internet Engineering Task Force (IETF) has published a new RFC describing the DKIM protocol which sees its status advance from ‘Proposed Standard’ to ‘Draft Standard’. DKIM (‘DomainKeys Identified Email’) allows mail transfer agents (MTAs) to sign email messages that pass through them and also to verify a signature…
-
EU report suggests 95% of email is spam
Less than five per cent of all SMTP connections result in an email being delivered into a user’s inbox. A survey carried out by the European Network and Information Security Agency (ENISA) among 92 internet and telecom providers suggests that less than five per cent of all SMTP connections result in an email being delivered…
-
VB announces latest VBSpam certification results
Two products achieve top level VBSpam Platinum award. Virus Bulletin has announced the results of its second comparative review of anti-spam products, revealing two top-level awards. Of the nine products tested, two achieved VBSpam Platinum certification awards, while one VBSpam Gold award and two silver-level awards were handed out. VB’s Anti-spam Test Director Martijn Grooten…