Tag Archive for Comodo

| March 18, 2016
Comments Off on Michigan Leader in SPAM

Michigan Leader in SPAM

Michigan Leader in SPAMIn a surprise finding, the New Jersey based anit-malware company Comodo’s Threat Research Labs found that Michigan is one of the leading sources of unsolicited e-mail on the Internet. Unsolicited bulk email is also known as “SPAM.” SPAM is usually considered junk e-mail. The Great Lake state ranked third behind California and New York in spewing out the most SPAM.

MichiganThe Comodo researchers examined all the emails Comodo filtered for customers in the second half of 2015, specifically looking at SPAM. In doing their research, they conducted an IP address analysis of the millions of pieces of email SPAM that came into the Threat Research Labs from their customers.

Through this analysis, researchers have been able to break down SPAM by state and find where it originated from. IP addresses from California (24.37%) and New York (22.36%) sent nearly half of the spam Comodo filtered, while Utah (19.42%), Michigan (10.79%), and New Jersey (3.68%) IP addresses rounded out the top five states.

Comodo State SPAM Map

Fatih Orhan, Director of Technology and lead at the Comodo Threat Research Labs said:

California and New York were not really surprising in terms of the top two states because of population and technology innovation taking place in those geographies — but finding Utah and Michigan in the top five was somewhat shocking

rb-

I have followed the battle against SPAM since 2009. Here are some tips to help protect yourself from SPAM

  • Keep your Junk E-mail Filter updated

Updates are available at Downloads on Office Online. Under Office Update, click Check for Updates.

  • Block images in HTML messages that spammers use as Web beacons

By default, Outlook is set to block automatic picture downloads. To verify your settings are, on the Tools menu, click Options. Click the Security tab, and then click Change Automatic Download Settings. Verify that the Don’t download pictures or other content automatically in HTML e-mail check box is selected.

  • Watch out for checkboxes that are already selected

When you buy things online, companies sometimes add a check box (already selected!) to indicate that it is fine to sell or give your e-mail address to other businesses. Clear the check box so that your e-mail address won’t be shared.

  • DO NOT sign up for commercial mailing lists.
  • DO NOT reply to email or unsubscribe from a mailing list that you did not explicitly sign up for.
  • Configure your email client to send and receive emails in Plain Text or Rich Text Format.

For Microsoft Outlook go to: Tools > Options… and click the Mail Format Tab. Change your Message format to Text Click OK.

Lest we forget, this is the same Comodo that was responsible for releasing 9 fraudulent certificates onto the Internet which, Sophos says impacted the trusted root authority on all default Windows and OS X installations, as well as high-profile websites like:
mail.google.com
www.google.com
login.yahoo.com (3 certificates)
login.skype.com
addons.mozilla.org

Sophos states that this breach allowed an attacker to easily masquerade a malicious website as one of the above with the HTTPS authentication succeeding.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| March 28, 2011
Comments Off on Cyber Attack on Google, Yahoo, Skype Certs

Cyber Attack on Google, Yahoo, Skype Certs

TechyEye says that the Iranian paramilitaryBasij” group appears to have its own cyber warfare division which is launching attacks on the websites of Iran’s “enemies.” TechEye says the paramilitary group is an arm of the Revolutionary Guard.

Iran flagThe Associated Press cites General Ali Fazli, acting commander of the Basij, in the state-owned IRAN paper as saying Iran’s cyber army consists of university teachers, students, and clerics. He said its attacks were a retaliation for similar attacks on Iran. The AP quotes Fazli, “As there are cyber attacks on us, so is our cyber army of the Basij, which includes university instructors and students, as well as clerics, attacking websites of the enemy … Without resorting to the power of the Basij, we would not have been able to monitor and confront our enemies.”

Iran has sought to master the digital world as a crucial step to prepare for what it calls “soft war”, which includes fighting against cyber attacks such as the Stuxnet computer worm that Iran said was aimed at sabotaging its uranium enrichment program.

Until now the secretive “Cyber Army” that emerged to fight opposition websites and blogs after President Mahmoud Ahmadinejad’s disputed re-election in 2009 was believed to be part of the Revolutionary Guard. However in February according to the AP, General Mohammad Ali Jafari, signaled that the Revolutionary Guard supports the cyber army, describing it as a “defensive, security, political and cultural need for all countries”. Jafari claimed at the time that the Guard has been successful in cyber warfare.

Comodo logoIn another article TechEye recounts a possible Iranian cyber-warfare success. The article identifies Iran as the “state player” which hacked important Certificate Authority (CA) certificate information at Comodo. Digital certificates are used to vouch for the authenticity of a site owner and secure encrypted communications between sites and their users. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals’ accounts, Mikko H. Hypponen, chief research officer at F-Secure, said in a blog post.

Security researcher and Tor developer Jacob Appelbaum found the compromise and alerted  Google and Mozilla.  USERTRUST Network, a part of Comodo issued the compromised certificates. Writing from his blog Mr. Appelbaum initially suspected the hack “was taken by a state-level adversary.” Comodo confirmed the attack and issued a statement naming Iran as the country it suspects. According to the Comodo blog, the incident happened on March 15th, when unknown attackers managed to get access to one of the user accounts for the RA.

An attacker obtained the username and password of a Comodo Trusted Partner in Southern Europe.  We are not yet clear about the nature or the details of the breach suffered by that partner other than knowing that other online accounts (not with Comodo) held by that partner were also compromised at about the same time.

The attacker used the username and password to log in to the particular Comodo RA account and effect the fraudulent issue of the certificates.

F-Secure logoAccording to F-Secure, the targets included Google (GOOG), Microsoft (MSFT), and Yahoo (YHOO):

  • login.live.com,
  • mail.google.com,
  • www.google.com,
  • login.yahoo.com,
  • login.skype.com,
  • addons.mozilla.com, and
  • “Global Trustee.”

Google patched Chrome last week and Mozilla managed to include the blacklist in Firefox 4.

rb-

It appears that Comodo did the right thing and made a responsible disclosure. According to reports, immediately after the breach was identified, they contacted the browser publishers and domain owners and filled them in on the situation.

As for the why? There is speculation that the Iranians wanted to control their internal dissidents. If they compromise the certificates, they could set up man-in-the-middle attacks by faking some of the world’s leading sites.

Some are speculating that it was China and not Iran behind this attack. The logic being, if they are good enough to take out a security company’s certificates, they are smart enough to spoof a few IP addresses as a decoy for investigators.

What do you think?

Did Comodo act fast enough?

Are Certificate Authority structures to complex for their own good?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,