Category Archives: Security

Improving MX

In recent months, DMARC has become increasingly mentioned in the news as a way to reduce spam, improve email deliverability and reduce the potential for fraud and phishing.

  • In early 2017, UK National Health Service required DMARC as the default for email services.
  • In July, a US Senator Ron Wyden sent an open letter to the US Department of Homeland Security requesting the agency take steps to protect all Federal agencies with DMARC.
  • In August, the UK’s HMRevenues & Customs announced that it had stopped over 300k phishing emails using DMARC.
  • In October, the US Department of Homeland Security directed Federal agencies to adopt security technologies like DMARC.

With all this attention, businesses are starting to realize that adopting DMARC helps them in two ways:

  • Inbound – using DMARC to screen incoming emails for compliance can limit your company’s exposure to fraud and phishing emails, scams and malware.
  • Outbound – sending email that is DMARC compliant can improve email delivery to your customers and limit the potential negative impacts of 3rd parties that try to use your domain for fraud or phishing.

How does DMARC work for outbound email?

DMARC works in conjunction with two other technologies: SPF and DKIM.  SPF allows you to designate 3rd parties as legitimate senders for your domain.  More on SPF here. DKIM allows you to take responsibility for your email by cryptographically signing your email.  SPF, DKIM and DMARC use DNS records to specify the IP addresses, domains and security keys for your particular configuration.

DMARC requires both SPF and DKIM to function properly.  Once you setup SPF and DKIM you can setup DMARC to get information on how your outbound emails are performing – whether or not emails coming “from” your domain are compliant with the definitions in your SPF and how many of your emails are compliant with DKIM.

With a DMARC record, you specify an email address for aggregate feedback about your SPF and DKIM compliance, an email address for specific forensic feedback related to failed emails and how email that fails compliance should be handled by the recipient – ignored, quarantined or rejected.

How do you improve your DMARC Compliance?

DMARC Compliance is based upon SPF and DKIM compliance rates.  In order to improve your outbound DMARC compliance and therefore your email delivery rates, you must:

Setup DMARC with both RUA and RUF

RUA and RUF designate email addresses where you can receive summaries of authentication and alignment pass/fail and detailed forensic information on failed emails.  As this is the only way to receive feedback, setting up these email addresses is extremely important.

Monitoring your DMARC Feedback

Inbox providers will respond to these RUA and RUF tags by sending summaries.  Unfortunately, the summary digests and forensic details are not quite human readable.  If your outbound email volume is over a few hundred emails a day, you need to consider some way to decode these digests.

Act on DMARC Forensic Responses

DMARC forensic reports provide you with detailed information about the emails that have failed SPF, DKIM and DMARC checks.  You can use this information to investigate threats to your brand or problems with your 3rd party emailers.


The best way to improve email delivery is to adopt new technologies SPF, DKIM and DMARC. With the right tool, you can keep tabs on your email configuration, understand the threat to your brand, and improve email delivery.

Adopting DKIM can make a huge difference in how the email you send is perceived by recipients.  With DKIM you are taking ownership of an email by cryptographically signing each email.  Recipients then decode the signature to verify that you sent the email.  DKIM, in short, is like putting a wax seal on a letter that uniquely identifies you.

How can you improve DKIM compliance?

Get Informed

The first thing you need to improve DKIM compliance is a method to understand what your current compliance rate is.  To do this, you need:

  1. Adopt DMARC.
  2. Have a method to parse and report on DMARC digests coming from inbox providers.

DMARC responses from inbox providers are often not-quite human readable and the larger the volume of email you send, the more complex the responses.  To parse these, you need a product that summarizes them and provides reports that you can understand.

Get Control

Now that you have insight into what emailers are compliant, the second step to improving your DKIM compliance is to take control of the compliance of your internal emails and 3rd party emailers.

Investigate internal systems that might be sending email on your behalf and make sure that those systems are capable of signing outbound email with your DKIM signature.  These could be anything from marketing automation and sales systems to order entry, vendor management or customer support.  Regardless if they are home-grown or off-the-shelf, if the system is sending email, it needs to be DKIM compliant or the email may be rejected.

Similarly to internal systems, you must take a look at external, 3rd party providers to understand if they can be DKIM compliant.  Most external providers can sign email with a DKIM key, however, email forwarders are much less likely to be DKIM compliant than bulk emailers or other 3rd party service providers.  Talk with each of them to setup DKIM compliant email.


Getting DKIM compliant is not a one-time project, but an on-going process.  To ensure high levels of compliance long-term, you will need to:

  • Regularly check compliance rates
  • On-board new internal and 3rd party systems to be compliant
  • Setup processes to assess new applications and providers based on their DKIM support


DKIM Compliance is an on-going process that requires regularly investigation of DKIM compliance rates with tools that give you insight into the IP addresses and 3rd party tools and domains that are sending email on your behalf.

What is Email Phishing?

There has been a lot of discussion about Email Fraud and Phishing lately.  Email is still the largest threat vector for hacking and information theft.  Email phishing is one of the best way to obtain access to accounts, but what is email phishing really?

Phishing is when a 3rd party, typically a hacker or xxalicious website, uses the brand identity of a company to lull a user into exposing private information.  Phishing emails target email address with an email that looks just like a legitimate service provider to implant malware in a download or obtain login credentials for that domain.  For example, you might receive an email that looks like it comes from a financial institution like Paypal (see mine below) asking you to download a document or go to a link to stop or start a transaction, or change your password.


Example Phishing Email

Identifying Phishing Emails

Phishing groups and hackers are constantly changing their patterns to improve both their targeting and the effectiveness of their emails in order to exploit users, but there are a few characteristics in common for every phishing email.

Phishing emails leverage a strong brand

In my example, the “From” email address used Paypal’s, but I have seen it with many big brands, especially in credit cards, financial, banking and insurance industries.  Ask yourself:  Do you really have an account? Is this the email address for that account? Have you done anything with the account lately?

There is a sense of urgency

The email will require you to “act soon” or it will cost you money.  This sense of urgency makes you react before you think.  Take a breath before acting on any email that looks really important.  

Quality Varies

Some phishing emails, like the one above, look good on the surface.  For example, the logos look correct, the fonts and color scheme are appropriate and some of the language is even straight from legitimate emails.  However, when you read deeper you can see spelling mistakes, grammatical errors or other areas where it is clear the writer was not a native English speaker.  Notice above that “DeLL” is not written correctly nor is the phrase “This not you?” proper English.  Take a moment to read the information presented in the email and check grammar and spelling.

“From” domain and Return Path Domain will not match

It is relatively easy to spoof a “From” address.  Email Standards allow 3rd party emailers to send email on behalf of another domain, otherwise inbox providers like Google and or bulk email providers could not send email for the business or personal domains they host.  If “From” and Return Path do not match and the Return Path looks random or shady, it’s a good chance you have a phishing email.  Further, most companies will not use a 3rd party to send important account information emails like the one above, but their own internal servers.  Check the Return Path email address in the header to see if it looks legitimate.

There is an attachment

If you are required to download anything that you did not ask the company for, then it is probably a phishing email and may contain malware.  Even PDFs or DOCs can contain malware payloads.  At minimum, they are trying to lull you into thinking that their fake document is valid so that they can get personal, private or financial data from you.  Do not download attachments you did not ask for.

Links on the page go to a different domain

Often a phishing email will include a link to a 3rd or 4th domain or just to an IP address.  The goal here is to get you to click unsuspectedly on any link so they can further the con and grab your information when you attempt to login to their fake website.  Sometimes the domains even look like subdomains or related domains.  Always check links before clicking on them.  If in doubt of any link, open a clean window and navigate to the company’s website and login to your account from there to check on the issue.  

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Related: Apple says all Macs and iOS devices affected by chip flaws

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called "speculative execution." That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system -- desktops, laptops, smartphones, and cloud servers -- is affected by the Spectre bug. Meltdown appears to be specific to Intel (INTC) chips.

"More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors," the researchers said.

Related: What to do about the Spectre and Meltdown risks

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware."

It later changed its guidance on Thursday to suggest updating software was enough. The institute didn't say why it had made the change and didn't immediately respond to a request for further information.

It said the problems affect technology giants including Apple, Google and Microsoft.

Worry-Free Business Security (WFBS) 9.5 Critical Patch 1442 release for BSOD issue for Windows 10 Fall Creators Update with Microsoft KB4043961


This critical patch resolves the BSOD issue that may occur after applying Microsoft KB4043961 on computers running Windows 10 Fall Creators Update and protected by Worry-Free Business Security 9.5.


Read More:

Spam hardly needs an introduction. Anyone with an e-mail account knows the acute frustration of being inundated with offers of pills from virtual pharmacists, financial propositions from Nigerian princes and pictures for fetish sites that really, really shouldn't exist. Spam has even gone beyond e-mail: like kudzu, it adapts to clog whatever online inbox you might choose. On Oct. 30, the social-networking site Facebook won a $711 million judgment against the self-proclaimed "Spam King" Sanford Wallace. Wallace, a professional e-mail marketer from New Hampshire who also likes to be called Spamford, used ill-gotten passwords to surreptitiously log into user accounts for the purpose of sending advertisements to their list of friends. But Wallace isn't alone. Despite myriad legal and technological attempts to combat it, spam will cost firms an estimated $130 billion worldwide in 2009 in lost productivity and technical costs, according to Ferris Research.

Though it wasn't called spam until the 1980s — the term comes from a Monty Python sketch set in a cafeteria, where a crowd of Vikings drowns out the rest of conversation by repeatedly singing the name of the unpopular processed meat — the first unsolicited messages came over the wires as early as 1864, when telegraph lines were used to send dubious investment offers to wealthy Americans. The first modern spam was sent on ARPANET, the military computer network that preceded the Internet. In 1978, a man named Gary Turk sent an e-mail solicitation to 400 people, advertising his line of new computers. (Turk later said his methods proved so unpopular that it would be more than a decade before anyone would try again.) In late 1994, Usenet — a newsgroup precursor to the Internet — was inundated by an advertisement for the immigration-law services of Laurence A. Canter and Martha S. Siegel. Despite the ensuing outcry, the lawyers defended their practice, called their detractors anti–free speech "zealots" and wrote a book about the practice titled How to Make a Fortune on the Information Superhighway. Pandora's Box had been opened.

Now spam comprises the vast majority of e-mail messages sent — 78% of the 210 billion e-mails sent each day, according to one estimate. And 93 billion of these manage to get past the technical defenses like spam filters and blacklists. E-mail programs have gotten smarter, but spammers stay one step ahead, using disposable e-mail addresses and sending messages from farms of different computers around the world to avoid being blocked. The garbled text spammers load their messages with to get past e-mail filters sometimes approaches poetry: sites like chronicle lines like "Confirm you won fund/ You get it without paying/ Urgent attention"

And that's just e-mail spam. The growth of sites like MySpace and Facebook has opened up a whole new subindustry for spammers, who trick users into surrendering their passwords and then use their accounts to plaster advertisements everywhere. Automated spam programs attack instant-messenger conversations too, randomly generating screen names and sending messages in the hopes they'll find someone on the other end. Bloggers aren't safe, either — makers of the spam-filtering tool Akismet estimate that 93% of comments on all blogs are spam; their software has caught more than 13 billion so far.

With so many different technological avenues for spamming, the best solution might be a legal one. In 2003, the U.S. passed the CAN-SPAM Act, which gives the Federal Trade Commission some regulatory power to curb spammers. CAN-SPAM regulations require that any commercial messages provide a means for recipients to opt out, prevent the modification of e-mail headers to hide the identity of a sender and stop the use of e-mail addresses harvested from the Internet without permission. Still, there's a very clear loophole: nowhere in the CAN-SPAM regulations does it say that spammers need your permission to send you an e-mail.

High-profile judgments like the one against Wallace are the exception to the rule; the majority of spammers go undiscovered and unpunished. Wallace, who already had a $230 million judgment levied against him in a case brought by MySpace last year, has already filed for bankruptcy; the judge in the Facebook case referred the Spam King to federal court to face additional charges, which could carry a prison sentence. The penalties combined are by far the largest ever for spamming — Facebook won an $873 million judgment against a spammer in 2008 that is the largest single penalty — but it's unlikely to prove much of a deterrent. With busts so few and far between, the overwhelming majority of spam messages (some estimate as high as 99.8%) don't comply with CAN-SPAM. And trade groups like the Direct Marketers Association are already trying to weaken CAN-SPAM's regulations. Absent new legislation or divine intervention, expect spam to remain the Internet's greatest annoyance.

The thermal camera bottom line is accurate detection, clarity and quality of image.

Benjamin Franklin has thermal cameras. General Douglas McArthur pioneered their use. In Jay Weatherill’s hands, thermal cameras can fight a killer from a safe distance.

But, unlike their traditional surveillance siblings, thermal sensors and cameras create video images from infrared – heat waves. Day or night, in any environment, every person, object and structure emits infrared waves. And, while traditional cameras often flex their CCD chip muscles with after-incident forensics, the strength of thermals, especially at night, is more often seen at facility perimeters and often aims at real-time detection and physical response.

Thermals follow through on a time-tested strategy of detect, delay and respond, institutionalized at facilities such as nuclear power plants and elsewhere.

First applied in the early 1950s by U.S. and Republic of Korea troops against the Soviet-backed Democratic People’s Republic of Korea, military and law enforcement were user pioneers of the technology. Originally big, bulky, short range and very expensive while needing similarly expensive accessories, thermal cameras have evolved into today’s small contained packages boasting longer ranges at more affordable prices.

Covers More Ground
And speaking of long range, a single smart thermal camera can detect intruders with great accuracy over an area the size of a football field, combining detection and visual verification deployed either as a standalone solution or integrated.

So it is not surprising that applications have spread from military to critical infrastructure, petrochemical, power distribution, port/border, commercial and life safety, among others.

When it comes to certain critical infrastructure, for example, a large petrochemical plant, without thermals the assignment would be daunting, with some campuses having a perimeter of 10 miles or more. In another instance, areas of waterfront or wetlands may not allow use of more typical physical barriers and enhancements – fences and lighting, to name two.

Comparable to virtual fences created by traditional cameras, thanks to levels of analytics, in the thermal world, there are thermal fences that don’t require physical barriers, lighting infrastructure or extended power trenches. Also seen: integration with ground radar and more seamlessness of routine fence sensors and alarms.

Thermals protect sensitive unban facilities, too. For instance, thermal video analytics cameras from SightLogix cover the World Trade Center outdoor perimeter in New York City. The cameras are an integral part of an integrated security system designed by engineers from Ducibella, Venter & Santore and integrated by Diebold.

Fire, Life Safety Uses
Australian Prime Minister Jay Weatherill proudly acknowledges long-range thermal cameras in tracking down hot spots and flying sparks during that country’s effort to tamp out recent, destructive bush fires. Another unique application, the cameras, carefully positioned in airport corridors, determined whether a passenger had a high temperature while attempting to fly out of a country impacted by the Ebola epidemic. Often behavior monitoring doubled down to identify passengers that looked ill. Today, thermals are even more common at airports as part of traditional surveillance systems although thermals are not designed to read a person’s specific body temperature but can be finely calibrated to discern slight differences.

And Ben Franklin?
Mobility and flexibility are among the advantages of thermals for Benjamin Franklin, the largest container ship to ever make port in North America just late last year. It’s longer than the Empire State building is high and has cameras that look out to sea, setting up an ever-moving, all-seeing perimeter to help captain and crew alert to objects moving toward the megaship. Thermals also are common on ships plying waters from Sumatra to Somalia as they try to get a perimeter alert advantage over pirates, who are after cargo, payroll cash and even kidnapping ransom money.

Just months ago, there was another commercial-centric breakthrough as highlighted by a collaboration between thermal camera maker Flir Systems, of Goleta, California, and unmanned aerial vehicle – drone – maker DJI Innovations of Los Angeles. They plan to develop a stabilized camera featuring Flir’s thermal imaging technology for some DJI’s aerial platforms.

The addition of thermal imaging to drones, only in commercial infancy, provides the ability to see in complete darkness, measure temperature remotely and see through obscurants such as smoke, dust and light fog. Integration with a live video downlink system and apps will also give drone operators in enterprise and government security departments with real-time control and recording during flight.

Concerning the commercial niche of camera-equipped and security-facing drones, state and local regulations are just now falling into place. The Federal Aviation Administration (FAA) contends it is in charge of manned and unmanned aircraft, including hobbyist gear. In late 2015, the agency issued new recreational drone rules, requiring users to register in a national database, among other rules.

Drone with Camera Regulations Vary
Such a stance, however, has set up potential clashes since local and state lawmakers, worried about safety and privacy, have been passing similar and differing rules. More than 20 states approved drone laws in 2015, as have cities including Chicago, Los Angeles and Miami.

For enterprises seeing value in adding camera-enabled drones to their collection of security solutions, getting from here to there – faster, more accurate detection, more use of the unmanned aerial vehicles for patrolling and surveillance – is obviously adding technology and complexity to seeing from above in the dark or near dark. Today, current advances have led to smaller cameras that are more affordable, says Jay McNamara, senior project manager for G4S Secure Integration, with accurate detection, clarity and quality of image. He observes that analytics creates smart thermal solutions, image processing within the camera can virtually eliminate false alarms, all often happening at the edge. When it comes to effectiveness, he says to “look for technology that provides digital detail enhancements,” adding some key features are “scene optimization and active contrast enhancement,” among others.

There are numerous features and benefits, especially linked to smart thermal cameras.

When it comes to temperature gauging, thermal temperature alarm cameras easily cross over to operations and business uses, too. Such cameras can send an alarm when the temperature reaches above or below a pre-configured threshold. With thermal imaging, problem areas can be identified before the issue becomes visible to the eye or machinery stops working. They also provide data for thermal pattern analysis or are useful for detection in perimeter protection or by law enforcement to identify thermal spots in vehicles.

More with Smart Thermal Cameras
Specific to smart thermal solutions and analytics, depending on the camera maker, some thermals also have speed measurement. One example is models from ATN American Technologies Network, which fashions a camera to act like a speed radar with functions that allow you to receive alerts/set alarms whenever objects within it go over a certain speed. There are thermal cameras to help track objects and people within it. Tracked is the path of objects such as cars as well as people within it, and, in addition, track anything dropped by people within it, known as dropped objects detection. Loitering detection follows when an object has extended its welcome within a given area, as well as determines how long objects have been within an area.

Other thermal camera features in some units:

Electronic stabilization to correct for pole sway;
Geo-registration to ignore small animals, blowing trash and outdoor movement while detecting people all the time;
Geospatial detection zones based on target size, speed and direction;
With its low power needs, available are solar and wireless options; and
Targets can be projected onto a sitemap for real-time situational awareness.
Additionally, thermals are easier to install nowadays, with less fuss in the set-up and maintenance.

When it comes to real-time alarming, according to McNamara, thermal cameras can detect accurately in complete darkness as well as bright sun and harsh environmental conditions. The cameras can be unaffected by headlights, reflections or other stray lights that cause nuisance alerts for visible detection cameras.

No doubt, there are myriad thermal, night vision and infrared cameras as well as some traditional cameras with supplementary illumination from lights or lasers as part of the category. Choices depend, among many, on light availability, security goals, budget and – in the case of whatever it is called – product marketing.

Lens Size Counts
While some end users may assume that distance can be a challenge, in reality, thermal cameras can provide accurate detection based on what lens size is used; but at greater distances, the ability to provide assessment of a human-sized target at a higher detail becomes challenging at greater distances, says McNamara. Of course, day/night cameras are still used and popular, he says.

When it comes to wide dynamic range (WDR) cameras as compared to thermals when facing lighting challenges, there is sometimes confusion. WDR is not just for daytime but also can be used at night for some applications such as nighttime license plate recognition. Thermals are not just for night but can be used in daylight. For instance, in glare, thermal will detect someone entering a glared-over area.

There are color night vision cameras that use advanced low light sensors to provide high quality color video in lighting conditions from full daylight to starlight, all without extra lighting infrastructure needed with regular security cameras. Such a tech approach detects intruders with thermal and identifies them with color night vision.

The fourth iteration of the world's worst ransomware Cryptowall has surfaced with gnarlier encryption tactics and better evasion tricks that have fooled current antivirus platforms.

Ransomware has ripped through scores of businesses and end-user machines in sporadic and targeted attacks that have cost victims millions of dollars in ransom payments made to criminals who have illegally encrypted valuable files.

The worst offenders remain at large including a single group who may be behind Cryptowall 3.0 and have made some US$325 million this year according to the Cyber Threat Alliance, dwarfing FBI June figures which noted it extorted some US$18 million from US victims alone in about a year.

Andra Zaharia of Denmark-based Heimdal Security says Cryptowall 4.0 is employing "vastly improved" communications and better code, so it can exloit more vulnerabilities.

"Cryptowall 4.0 still includes advanced malware dropper mechanisms to avoid antivirus detection, but this new version possesses vastly improved communication capabilities," Zaharia says.

"It includes a modified protocol that enables it to avoid being detected, even by second generation enterprise firewall solutions.

"This lowers detection rates significantly compared to the already successful Cryptowall 3.0 attacks."

For example, the nasty-ware now alters filenames as well as file contents, so it's harder for victims to work out what's been encrypted.

Ransom payments in the latest version are badged as a price tag for security software.

Net scum are still communicating with Cryptowall 4.0 over Tor and using hacked web pages to deliver payloads that include botnet componentry to assist further malware delivery.

Actors have tried various tactics to get ransomware on machines and thwart back up efforts.

One of the most unique was a variant that silently encrypted and decrypted databases on the fly in a bid to avoid detection. That meant months of backups would contain encrypted data that could not be decrypted unless a ransom was paid for the respective key.

Another revealed last week threatened user data would be published online if a ransom was not paid. There is no indication the Chimera ransomware lived up to that capability according to analysis.

It follows the death of the Coinvault and Bitcryptor ransomware which Kaspersky confirmed after the arrest of the alleged authors and release of all 14,000 decryption keys.