Okay folks – raise your hands for this one. How many of you get an obvious spam message from a friend or family member on a weekly basis?
For me it’s more like monthly, but it sure is annoying. The problem is that when I get these things I have a tendency to try and run them down to figure out exactly what was compromised. Do the headers show it came from their computer? Or maybe their web-based email account? Or is it just random spoofing from a botnet… which could mean any sort of compromise?
Then, assuming I can even figure that part out, I email or call them up to let them know they’ve been hacked.
Which instantly turns me into their tech support. This is when things start to suck.
Because, for the average person, there isn’t much they can do. They expect their antivirus to work and the initial reaction is usually “I ran a scan and it says I’m clean”. Then I have to tell them that AV doesn’t always work. Which goes over great, as they tell me how much they spent on it.
Depending on what I can pick up from the email headers we then get to cover the finer points of changing webmail passwords, checking for silent forwards, and setting recovery accounts. Or maybe I tell them their computer is owned for sure and they need to nuke it from orbit (backup data, wipe it, reinstall, scan data, restore data). None of that is remotely possible for most people, which means they may have to spend more than their PoS is worth paying the Geek Squad to come out, steal their drunken naked pictures, and lose the rest of their data.
After which I might still get spam, if the attacker sniffed their address book and shoveled onto some zombie PC(s).
Or they ignore me. I had a lawyer friend do that once. On a computer used sometimes for work email. Sigh.
There’s really no good answer unless you have a ton of spare time to spend hunting down the compromise… which technically might not be them anyway (no need to send the spam from the person you compromised if another name in the social network might also do the trick). For immediate family I will go fairly deep to run things down (including getting support from vendor friends on occasion), but I have trained most of them. For everyone else? I limit myself to a notification and some basic advice.
Then I add them to my spam filter list, because as long as they can still read email and access Facebook they don’t really care.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Mike quoted on metrics in Dark Reading.
- Adrian quoted in ComputerWorld on McAfee’s acquisition of Sentrigo.
Favorite Securosis Posts
- Rich: PROREALITY: Security is rarely a differentiator. There’s a bare minimum line you need to keep customer trust. Anything more than that rarely matters.
- Adrian Lane: Captain Obvious Speaks: You Need Layers.
- Mike Rothman: File Activity Monitoring: Index. You’ll be hearing a lot about FAM in the near future. And you heard it here first.
Other Securosis Posts
- White Paper: Network Security in the Age of Any Computing.
- Incite 3/30/2011: The Silent Clipper.
- Comments on Ponemon’s “What Auditors think about Crypto”.
- Quick Wins with DLP Light.
- FAM: Policy Creation, Workflow, and Reporting.
- FAM: Selection Process.
- Security Benchmarking, Going Beyond Metrics: Introduction.
- Security Benchmarking, Going Beyond Metrics: Security Metrics (from 40,000 feet).
Favorite Outside Posts
- Rich: Errata Security: “Cybersecurity” and “hacker”: I’m taking them back. If I try to describe what I do (security analyst) they think I’m from Wall St. If I say “cybersecurity analyst” they get it right away. To be honest, I really don’t know why people in the industry hate “cyber”. You dislike Neuromancer or something?
- Adrian Lane: The 93,000 Firewall Rule Problem.
- Mike Rothman: The New Corporate Perimeter. If you missed this one, read it. Now. GP is way ahead on thinking about how security architecture must evolve in this mobile/cloud reality. The world is changing, folks – disregard it and I’ve got a front end processor to sell you.
- Rich: BONUS LINK: The writing process. Oh my. Oh my my my. If you ever write on deadline and word count, you need to read this.
Research Reports and Presentations
- Network Security in the Age of Any Computing.
- The Securosis 2010 Data Security Survey.
- Monitoring up the Stack: Adding Value to SIEM.
- Network Security Operations Quant Metrics Model.
- Network Security Operations Quant Report.
- Understanding and Selecting a DLP Solution.
- White Paper: Understanding and Selecting an Enterprise Firewall.
- Understanding and Selecting a Tokenization Solution.
Top News and Posts
- European Parliament computer network breached.
- BP loses laptop with private info on 13,000 people.
- BP Spills Data Too.
- The DataLossDB project welcomes Dissent! As we mentioned in the intro, you should support this project.
- GoGrid Security Breach.
- Restaurant chain fined under Mass privacy law.
- Mass SQL Injection Attack.
- NSA Investigates NASDAQ Hack.
- Dozens of exploits released for popular SCADA programs.
Blog Comment of the Week
For the past couple years we’ve been donating to Hackers for Charity, but in honor of Dissent joining the DataLossDB project we are directing this week’s donation ($100) to The Open Security Foundation. This week’s best comment goes to SomeSecGuy, in response to PROREALITY: Security is rarely a differentiator.
TJ Maxx’s revenues went UP after their big breach. What mattered more to its customers than security? A good deal on clothes, I guess. There probably is a market segment that cares more about security than other factors but I don’t know what it is. Price is typically the primary driver even for business decisions.