Tag Archives: Verizon

SIRA Security Event in VERIS Community Database of breaches

I’ve provoked an example breach report in the VERIS Community Database by the Verizon Risk Team, recorded in this JSON file, with this summary:

A secondary domain hosted by Bluehost was defaced by an opportunistic attack. We are consolidating the secondary domains in our primary provider and all domains will be pointing to our web site.

Last week I was looking to join SIRA’s email list and mistyped .com for .org. Finding www.societyinforisk.com had “HaCKeD By : brkod” on it, I mentioned that to SIRA. They fixed it as above.

The interesting part is that the VERIS Community Database is an effort to expand the annual Verizon Data Breach Investigations Report (DBIR) into something more timely and comprehensive: It’s not very big yet (63 commits and 1546 incidents), but it’s a welcome start. It doesn’t have nearly the comprehensiveness, frequency, nor regularity of the spam blocklist data underlying SpamRankings.net, but it has, or it can have, more depth in reporting what happened and why.

The VERIS Community Database

Continue reading

VZ Port 587: Good Try

Back in February, Verizon announced it would start requiring outbound mail go through port 587 instead of port 25 during the next few months. It seemed like a good idea to squelch spam. Most other major ISPs did it. People applauded Verizon for doing it.

Unfortunately, it seems that if it had any effect it was short-lived. Looking at anti-spam blocklists on a daily basis, a couple of Verizon Autonomous Systems (ASes), AS-19262 and AS-701, do show dips in blocklist listings on the blocklist PSBL in March. But they don’t last.

Spammers are very adaptable, partly because the botnets they use are adaptable. Good try, Verizon.

This information is from an NSF-funded academic research project at the University of Texas at Austin business school. Thanks to PSBL for the blocklist data.

-jsq