Amir Lev's blog

10 ways spam is like vuvuzelas (the World Cup horns)

Amir Lev — Wed, 30 Jun 2010 08:07:47 -0400

If you've been glued to the World Cup, you'll know that there's more to the matches than soccer (football for our international audience). I'm talking about those incessant horns -- the vuvuzelas. They're really catching people's attention, for all the wrong reasons. It got me thinking... In this week's Security Levity, how is a vuvuzela just like spam? Vuvuzelas and spam? Have I gone mad? Never fear, dear reader, let me count the ways...

Is it illegal to bypass spam filters? Vonage hopes not.

Amir Lev — Wed, 23 Jun 2010 12:12:12 -0400

"You Could Save up to 50% on Your Phone Bill!" screamed an email from Vonage. Naturally, users complained this unsolicited, bulk email was spam. But some spam filters weren't having it -- a surprising number of these messages reached user inboxes. Vonage's marketing agent sent the email from a list of "nonsense" domain names, including the unpronounceable urgrtquirkz.com. Surely that's illegal? Let's find out, in this week's Security Levity...

AT&T iPad privacy breach: Goatse email "theft" thoughts

Amir Lev — Wed, 16 Jun 2010 08:08:08 -0400

In this week's Security Levity, I want to talk about the recent AT&T Apple iPad privacy breach, as discovered by Goatse Security. I also want to talk more generally about how companies often leak their customers' email addresses.

Outbound spam: hard data illustrates real risks

Amir Lev — Wed, 09 Jun 2010 08:08:08 -0400

In today's Security Levity, I've got more on the outbound spam problem. Back in April, I argued that it's critical for networks to block outbound spam, to protect your reputation and the deliverability of your email. I also said that outbound spam can be a symptom of far more damaging problems, specifically malware that could damage your business. Today, I want to talk about an independent study that sheds more light -- and hard data -- on these issues...

Tabnapping: don't be scared of new phishing trick

Amir Lev — Wed, 02 Jun 2010 08:08:08 -0400

In this week's Security Levity, I want to address the fears raised about a new phishing trick. Dubbed tabnapping, it was recently dreamed up by Mozilla's Aza Raskin. Commentators around the web are worrying about its potential. But is the sky falling? No! Let's see why...

Ask Amir #5: How to deal with gray reputation?

Amir Lev — Wed, 26 May 2010 08:08:08 -0400

In this week's Security Levity: a reply to a couple of reader questions about spam filtering techniques. Specifically, the types of techniques that can be used when the sender's reputation is 'gray'.

Real-world DLP: people are a problem

Amir Lev — Wed, 19 May 2010 08:08:08 -0400

In this week's Security Levity, the second part of my interview with Abhilash V. Sonwane, vice president of product management at Cyberoam. Abhilash has extensive experience building data-loss-prevention solutions that help organizations keep their sensitive data confidential. I'm sure you'll agree that he brings some thoughtful insights into real-world data loss prevention (DLP).

Spammer tricks: unnatural acts with spam filters

Amir Lev — Wed, 12 May 2010 08:08:08 -0400

This week's Security Levity is a follow-on from last week's. I want to talk about one more spammer trick: how they misuse spam filters, to try to get delivered to the inbox. I have first-hand intelligence confirming what many spam fighters have long-suspected...

Spammer tricks: link shenanigans

Amir Lev — Wed, 05 May 2010 08:08:08 -0400

In the next two weeks' Security Levity, I want to cover some more tricks that spammers employ to avoid spam filters. This time: messing around with the embedded web links in their messages.

Real-world email defense in depth: keep it simple, stupid

Amir Lev — Wed, 28 Apr 2010 08:08:08 -0400

In this week's Security Levity, I'm interviewing Cameron Brown, the VP of engineering at Sendio. Cameron has been architecting email protection systems for many years; he has an interesting perspective on balancing simplicity with "defense-in-depth".