Category Archives: Transparency

John Quarterman on Mapping Spam and Politics (audio)

At a meeting on a completely different subject, I was interviewed about SpamRankings.net. Here's the audio, and here's the blurb they supplied:

John S. Quarterman, long time Internet denizen, wrote one of the seminal books about networking prior to the commercialization of the Internet. He co-founded the first Internet consulting firm in Texas (TIC) in 1986, and co-founded one of the first ISPs in Austin (Zilker Internet Park, since sold to Jump Point). He was a founder of TISPA, the Texas ISP Association. Quarterman was born and raised in Lowndes County, where he married his wife Gretchen. They live on the same land where he grew up, and participate in local community and government.

Quarterman took some time during Georgia River Network's Weekend for Rivers to speak with the Nonprofit Snapshot about spam-mapping and small town politics.

More about Elinor Ostrom's Nobel-prize-winning work on organizing the commons, and how that applies to SpamRankings.net.

The water organization has since been incorporated as the Georgia non-profit WWALS Watershed Coalition:

WWALS is an advocacy organization working for watershed conservation of the Willacoochee, Withlacoochee, Alapaha, and Little River Systems watershed in south Georgia and north Florida through awareness, environmental monitoring, and citizen advocacy.

-jsq

Microsoft, world leader in Internet security: and spamming?

Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing the U.S. to #1 worldwide. Other rankings don’t show Microsoft high, but does MSFT really want to show up in any of these rankings?

Rank (Previous)CountryPopulationSpam
Volume		Percent
of top 10
1 (3) US 310,232,863 673,30618.2%
2 (2) IN 1,173,108,018 506,39713.7%
3 (1) CN 1,330,044,000 413,08911.2%
    Total   3,689,376100%

These rankings that show Microsoft high are derived by SpamRankings.net from PSBL blocklist data. The April 2012 SpamRankings.net from CBL blocklist data do not show Microsoft in the top 10. Apparently PSBL’s spam traps happened to be in the line of spam from Microsoft, while CBL’s were not.

And of course Microsoft probably doesn’t mean to be sending any of that spam. More likely botnets exploited a MSFT security vulnerability. Here’s hoping they clean it up soon!

-jsq

Davos discovers cyber attacks

Cyber attacks made the Davos Top 5 Global Risks in Terms of Likelihood. Davos, the annual conclave of the hyper-rich and famously elected, has also discovered Severe income disparity and Water supply crisis, so maybe they’re becoming more realistic.

However, in Figure 17 on page 25 they’ve got Cyber attacks as an origin risk, along with Massive incident of data fraud or theft and Massive digital misinformation. I think they’re missing the point, which is the real origin risk is poor infosec, and the origin of that is vendors like MSFT knowingly shipping systems with design flaws and people and organizations running them while hiding such problems.

Interesting comment on page 26: Continue reading

World PM2.5 Map as reputation

NASA posted 22 October 2009, New Map Offers a Global View of Health-Sapping Air Pollution
In many developing countries, the absence of surface-based air pollution sensors makes it difficult, and in some cases impossible, to get even a rough estimate of the abundance of a subcategory of airborne particles that epidemiologists suspect contributes to millions of premature deaths each year. The problematic particles, called fine particulate matter (PM2.5), are 2.5 micrometers or less in diameter, about a tenth the fraction of human hair. These small particles can get past the body’s normal defenses and penetrate deep into the lungs.
Even satellite measurements are difficult (clouds, snow, sand, elevation, etc.). But not impossible:

Continue reading

Cleveland Clinic spewing spam again

Here’s why to look at more than one spam data source: according to the PSBL volume data for November 2011, Cleveland Clinic’s AS 22093 CCF-NETWORK spewed more than a hundred spam messages a day on multiple days, while CBL volume data showed Cleveland Clinic with only 42 spam messages for the entire month. Apparently PSBL’s spamtraps happened to be in the path of this CCF spam.

Now a couple of hundred spam messages a day isn’t much by world organization standards, but compared to what we’d all like to see from medical organizations (zero), it’s a lot.

Also compared to the other medical institutions in the same rankings from the same data, the pie chart looks like Pac Man and the bar graph looks like a hockey stick.

Maybe Cleveland Clinic didn’t get the memo after all.

-jsq

China does not lead Country Rankings from SpamRankings.net

An area where China does not lead the world: Country rankings by SpamRankings.net. China is only #13, but Brazil, Russia, and India (the other three BRICs) are in the top five countries by total spam messages for October 2011. U.S. is #10.

Vietnam came from behind a few months ago to place second for October.

Brazil had slumped as low as #6 in July, but has pulled back up into the leading pack.

After the top five, it’s a long-tail distribution indeed. Continue reading

How to leverage botnet takedowns

What is to be done when botnet takedowns don’t produce lasting benefits?

At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766, India’s National Internet Backbone’s AS 9829, and many others).

The detailed drilldowns also motivate a higher level policy discussion.

Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? …
There is extensive theoretical literature that indicates Continue reading

“botnet herders can add it to its spam-spewing botnet” —Fahmida Y. Rashid in eWeek.com

This reporter spits out a string of alliterative language that labels the problem that SpamRankings.net helps diagnose.

Fahmida Y. Rashid wrote in eWeek.com 8 June 2011, UT Researchers Launch SpamRankings to Flag Hospitals Hijacked by Spammers:

“Poor security measures are generally responsible for employee workstations getting compromised, either by spam or malicious Web content. Once the machine is compromised, the botnet herders can add it to its spam-spewing botnet to send out malware to even more people. The original employee or the organization rarely has any idea the machine has been hijacked for this purpose.”
That’s a pretty good explanation for why outbound spam is a proxy for poor infosec.

-jsq

Our Friend Unfairly Maligned in London’s Court

Many of you are concerned as am I about our friend who has been hauled into court in London and unfairly maligned for the “crime” of distributing some government communications that he got from an anonymous source. I know our friend also has been a bit playful out of wedlock, and even had a son that way, but I don’t see what that has to do with the matter at hand.

Our friend represented his agency in the matter of procuring and forwarding the communications “as a public act, dealing with the public correspondence of public men.” His accusers were having none of it:

Into what companies will the fabricator of this iniquity hereafter go with an unembarrassed face, or with any semblance of the honest intrepidity of virtue? Men will watch him with a jealous eye &em; they will hide their papers from him, and lock up their escritoires. Having hitherto aspired after fame by his writings, he will henceforth esteem it a libel to be called a man of letters
His accusers made him out to be a vindictive destroyer of public confidence. He had “forfeited all the respect of societies and of men” and was not a gentleman, rather a common thief.

I am happy to hear our friend has been released by the court in London, although two days later he was fired from his job as deputy postmaster general of North America. Continue reading

Transparency in Rome

Here’s my presentation, Transparency as Incentive for Internet Security: Organizational Layers for Reputation, from RIPE 61 in Rome. This presentation summarizes the two previous RIPE Labs papers about proposed new organizational layers and outbound spam ranking experiments.

RIPE-NCC is the oldest of the Regional Internet Registries (RIRs), and RIPE is the deliberately unorganized association of interested parties that meets twice a year and holds discussions online in between. It’s a mix of operations, research, and socializing. Topics range from obscure details of deploying IPv6 to organizational proposals such as what I was talking about. 430 people attended the meeting in Rome, which was quite a few more than the dozen or two of the first RIPE meeting I went to many years ago.

Interesting questions were asked. I may blog some of them.

-jsq