Tag Archive for Bernie Sanders

| June 29, 2019
Comments Off on Presidential Wannabe’s Don’t Use Email Security

Presidential Wannabe’s Don’t Use Email Security

Most Presidential Wannabe's Don't Use Basic Email SecurityWe are in the run-up to the 2020 silly U.S. Presidential election season. Not much has changed in the three years after Trump operatives Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign. Email security firm Agari reports that nearly all 2020 presidential candidates have learned nothing. They have not implemented email security. They are not protected against email attacks, fraud, and data breaches typically run by nation-states.

During the 2016 presidential campaign, the chairman of Hilary Clinton’s campaign, John Podesta, was the victim of a spear-phishing attack. That attack led to the now-infamous WikiLeaks email publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari’s CMO, Armen Najarian, explained the importance of DMARC email protection;

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.

Which campaign practices email security

ClownsData released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed her campaign staff, potential donors, and the public.

Agari suggested in a blog post that the remaining 11 candidates it checked do not use DMARC. This includes Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. All do not use DMARC on their campaign domains to secure their email accounts. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks.

Agari also analyzed advanced email security controls of the campaigns. They found that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite.

Email alphabet soup

DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. DMARC records are published alongside DNS records, including:

  • SPFemail security
  • A-record
  • CNAME
  • DKIM

Matt Moorehead at Return Path explains that DMARC is the latest advance in email authentication. DMARC ensures that legitimate email properly authenticates against established SPF and DKIM standards and that fraudulent activity appearing from domains under the organization’s control is blocked. Two key values of DMARC are domain alignment and reporting.

DMARC’s alignment feature prevents spoofing of the email “header from” address. To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC flowrb-

Using email authentication to prove that an email comes from the person it says it is is important because nearly 30% of advanced email attacks (PDF) come from hijacked accounts. Without email, authentication accounts are vulnerable to email security-initiated breaches – attacks typically run by nation-states. The 2018 Verizon DBIR found that nation-state groups accounted for at least 23% of the attacks in successful breaches by an outsider.

DMARC is a widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy. DMARC helps protect customers and brands; it discourages cybercriminals, who are less likely to target a brand with a DMARC record.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| October 15, 2016
Comments Off on 2016’s Most Dangerous Online Celebrities

2016’s Most Dangerous Online Celebrities

2016's Most Dangerous Online CelebritiesThe 10th annual McAfee Top 100 Most Dangerous Celebrities to Search for Online Study, published by Intel Security, was recently released.  The yearly report uncovers which celebrities are the most dangerous to search for on Intertube.  These dangerous celeb results can expose fans to viruses, malware, and identity theft while searching for the latest information on today’s pop culture stars.  Intel (INTC) used its McAfee site rating software to find the number of risky sites generated by searches on Google, Bing, and even beleaguered Yahoo.

Intel securityConsumers today remain fascinated with celebrity culture and go online to find the latest pop culture news,” said Gary Davis, chief consumer security evangelist at Intel Security.  “With this craving for real-time information, many search and click without considering potential security risks.  Cyber-criminals know this and take advantage of this behavior by attempting to lead them to unsafe sites loaded with malware.

Most Dangerous Online Celebrities

This year’s most dangerous celebrity online is Amy Schumer.  The comic joins recent most dangerous celebrity online alumni Jimmy Kimmel, Jay Leno, and Emma Watson.  According to Intel Security, a search for the “Trainwreck” actress has a 16.1% likelihood of returning results that direct fans to sites with viruses and malware.

2016 most dangerous celebrity online is Amy SchumerJustin Biber is the second most dangerous online celebrity.  As for the “Sorry” singer, there’s a 15% chance that Beliebers could connect with a malicious website.

The rest of this year’s Top 10 list included:
3.  Carson Daly 13.4%
4.  Will Smith 13.4%
5.  Rihanna 13.3%
6.  Miley Cyrus 12.7%
7.  Chis Hardwick 12.6%
8.  Daniel Tosh  11.6%
9.  Selena Gomez 11.1%
10.  Kesha 1exploit celebrity fandom for abuse1.1%

Intel says there are two big truths: cyber-criminals try to exploit celebrity fandom for abuse.  The first is that consumers want convenience.  As people rely less on cable and, instead, search for the content they want online, they’ll find many third-party sources for their favorite music or videos.

But unofficial sources are often dangerous.  Links can send users to unsafe sites, where sneaky tactics for stealing data and usernames are awaiting.  The popular torrent file format for downloading files allows cyber-criminals to sneak viruses onto devices.

social media obsessed cultureSocial media-obsessed culture

The second truth attackers are exploiting is the desire for gossip – now.  In today’s social media-obsessed culture, fans want real-time information about their favorite celebrities.  It isn’t uncommon for a celebrity to share a photo, post, or comment around the world in a matter of seconds.  Those posts often spark a wave of searches.  With all that traffic, cyber-criminals can trick fans into visiting a faux-gossip website infested with malware to steal passwords, credit card information, and more.  This method is particularly effective on social media channels, like Facebook, Twitter, and WhatsApp, where the standards for trust are low.

How to protect yourself

In addition to recommending anti-virus software, Intel, whose products include McAfee software, urges consumers to be skeptical when surfing the web.  But don’t worry.  No one is asking you to give up your celebrity infatuation; here are a few things you can do to make sure you’re entertained safely:

  • rusted video streaming services Watch media from sources.  Are you looking for the latest episode of Amy Schumer’s TV show, Inside Amy Schumer?  Stick to the official source at comedycentral.com or well-known and trusted video streaming services like Hulu to ensure you aren’t clicking on anything malicious.
  • Be wary of searching for file downloads.  Of all the celebrity-related searches we conducted, “torrent” was the riskiest by far.  According to Intel, a search for ‘Amy Schumer Torrent’ results in a 33 % chance of connecting to a malicious website.  Cybercriminals can use torrents to embed malware within authentic files, making it tricky to detect safe downloads from unsafe sources.  It’s best to avoid using torrents, especially when so many legitimate streaming options are available.
  • Keep your personal information personal.Keep your personal information private.  Cybercriminals are always looking for ways to steal your personal information.  If you receive a request to enter information like your credit card, email, home address, or social media log-in, Intel says you should not give it out thoughtlessly.  Please research and ensure it’s not a phishing or scam attempt that could lead to identity theft.
  • Use security protection while browsing.  Many software products can scan web pages you’re browsing, alerting you to malicious websites and potential threats.  This can keep you safe as you study the latest gossip.

rb-

The stars are new, but the game is the same.  In addition to applying some critical thinking to your web browsing, the same advice from 2015, 2014, 2013, 2012, etc. stands……

Maybe I will get more hits after putting these pop names in here.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005.  You can follow him on LinkedInFacebook, and Twitter.  Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,