Monthly Archives: September 2013

Preston Padden @ TPRC 41

Not your typical TPRC speaker. His heroes include “risk takers” Rupert Murdoch and Pat Buchanan, but not Ted Turner. Netflix was not mentioned. I was the first (but not the last) to stand up to question what he said.

His heroes include risk takers Rupert Murdoch and Pat Buchanan, but not Ted Turner. Netflix was not mentioned.
Picture by John S. Quarterman, 27 September 2013.


Co-inventor Peter Cassidy with U.S. Patent 8,494,955 B2

Peter Cassidy with NCM 0007 Method, system, and service for quantifying network risk to price insurance premiums and bonds, by John S. Quarterman, Peter F. Cassidy, and Gretchen K. Phillips. One of several InternetPerils patents, this one nine years in the making, issued this summer.

NCM 0007 Method, system, and service for quantifying network risk to price insurance premiums and bonds
Picture by John S. Quarterman for InternetPerils, Inc., San Francisco, CA, 15 September 2013.

Claim 1:

A method for determining financial loss related to performance of an internetwork, comprising: Continue reading

Research to reduce spam emails and increase online security

The U. Texas campus newspaper pretty much gets it. I’ve added a few links and images.

Julia Brouillette wrote for the Daily Texan today, UT researchers work to reduce spam emails, increase online security,

A group of UT faculty members and graduate students have teamed up with UT’s Center for Research on Economic Commerce (CREC) to expose the companies that send out millions of spam emails every day., a website launched by the University’s Center for Research on Economic Commerce, displays rankings of companies by number of outgoing spam messages generated from roughly 18,000 U.S. and international organizations. The project creates models for email providers to reduce spam and is funded by two grants from the National Science Foundation, totaling approximately $1 million.

Head researcher John Quarterman said UT students, in particular, are at a high risk for identity theft because of spam.

“UT has had a big problem with student information being leaked to the outside world because of bad security,” Quarterman said. “Spam is getting out that may contain private information, like your identity.”

Quarterman said the easiest way for students to prevent spam from entering their inboxes is to maintain up-to-date software.

“Make sure you have all the updates to your operating system,” Quarterman said. “Antivirus software is worth running as well.”

According to Andrew Whinston, the center’s director and a management information systems professor, students are susceptible to deceptive links as they surf the Internet. Once the link is clicked, malicious software enters the computer system and new spam is generated.

“You have to be careful and not go to websites on the Internet that you are not really familiar with, or websites that are not authenticated in some way,” Whinston said.

Whinston said preventing spam starts Continue reading

SIRA Security Event in VERIS Community Database of breaches

I’ve provoked an example breach report in the VERIS Community Database by the Verizon Risk Team, recorded in this JSON file, with this summary:

A secondary domain hosted by Bluehost was defaced by an opportunistic attack. We are consolidating the secondary domains in our primary provider and all domains will be pointing to our web site.

Last week I was looking to join SIRA’s email list and mistyped .com for .org. Finding had “HaCKeD By : brkod” on it, I mentioned that to SIRA. They fixed it as above.

The interesting part is that the VERIS Community Database is an effort to expand the annual Verizon Data Breach Investigations Report (DBIR) into something more timely and comprehensive: It’s not very big yet (63 commits and 1546 incidents), but it’s a welcome start. It doesn’t have nearly the comprehensiveness, frequency, nor regularity of the spam blocklist data underlying, but it has, or it can have, more depth in reporting what happened and why.

The VERIS Community Database

Continue reading

Botnets and Reputation Ranking at APWG in San Francisco 2013-09-17

On the agenda for APWG eCrime Tuesday 17 September 2013 in San Francisco:

Birds of a Feather (BOF)
Botnet Data Exchange for Botnet Node Remediation and Network Reputation Ranking
–Pat Cain, APWG
–John S. Quarterman, Quarterman Creations

I’ll be talking about among other reputational rankings.

APWG PR of 29 August 2013 says:

Global cybercrime-fighting association APWG is hosting its eCrime 2013 members meeting and research conference in San Francisco next month to launch its second decade of leading the global engagement with cybercrime, assembling commercial leaders from multinational technology and financial services companies, government and law enforcement agencies and industrial and academic researchers from around the world to update the global agenda for the long-term containment of the cybercrime scourge.
This is the tenth year of APWG, and the seventh year of the eCrime Researchers Summit.

I presented at Continue reading