Monthly Archives: July 2013

Detection is much more important than prevention –Bruce Schneier

Reviewing Bruce Schneier’s 2004 book Secrets and Lies, much of which was written in 2000, reminds us of something really basic. You can’t just fix security. Security is a process, most of which is about knowing what’s going on. Detection is more important than prevention. To which I add that for detection we need comparable Internet-wide metrics on security performance so every organization can see what’s going on and will have incentive to do something about it because its customers and competitors can see, too. Sound familiar? That’s what is about.

Joe Zack posted in on Bastille Day, 14 July 2013, Secrets and Lies: Nine Years Later,

2. “Detection is much more important than prevention”

Schneier keeps coming back to this point. He had this epiphany in 1999 that “it is fundamentally impossible to prevent attacks” and “preventative countermeasures fail all the time.” Security is “about risk management, that the process of security was paramount, that detection and response was the real way to improve security.” (emphasis mine)

I had formerly thought of security as largely being about prevention. A year ago, if you have asked me about “InfoSec” I might have prattled on about firewalls, injection attacks, encryption and good passwords. That’s still important, but now I know that there’s a lot more to it.

Zack says he thinks Schneier was like Nostradamus for having such insight before NSA PRISM and even before Facebook. Sure, Bruce has always been ahead of his time. But that basic insight was not unique to him, and Continue reading

Codero 2nd most reliable (Netcraft) and 3rd spammiest (

Codero jumped from #137 in May to #3 in the June 2013 U.S. U.S. from CBL volume. For that same month, Netcraft ranked Codero #1 for hosting reliability. Netcraft ranks worldwide, and in the worldwide, Codero came in #9, which is still very impressive. I guess spammers prefer reliability. Who wouldn’t?


Germany 3 of the top 5 in June 2013

German German companies took 3 of the 5 top spots in the June 2013 World from CBL volume.

  • #2 Hetzner Online Online AG RZ‘s AS 24940 rose from #35, and
  • #4 Internet AG‘s AS 8560 rose from #51.
  • #5 Strato AG‘s AS 6724 actually got better; it was #2 last month.
Together those three German firms accounted for almost a third of spam from the top 10 ASNs worldwide. Germany kept the #2 spot in the world rankings, while increasing spam by 2/3.


Relizon from nowhere to #3 for Canada in May

Relizon Canada Inc.’s AS 40034 RELIZON-CDN jumped from #134 to #3 in the May 2013 for Canada All from CBL data. On May Day CBL saw 1 spam message from AS 40034 and more than 3 million on May 31.

Relizon was not visible in the May Canada rankings from PSBL data, although internally we do see AS 40034 going from #208 to #109 by going from 11 spam messages in April to 26 in May. Relizon logo CBL’s heuristics or spam traps or both were apparently much better at detecting this particular spam source.

Relizon’s own website doesn’t seem to be responding at the moment, but Bloomberg Businessweek says they do business process outsourcing solutions, and were formerly known as Crain-Drummond Inc., with the name change coming on acquisition by the Carlyle Group.