Oh Happy Day
A few weeks ago published a short post on the demise of Atrivo (aka Intercage). Today Washington Post technology columnist Brian Krebs brings word that McColo Corp., a Northern California hosting firm that had been identified by the computer security community as home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day, has been taken offline.
Host of Internet Spam Groups is Cut Off
Spam Drops After Internet Providers Disconnect a California Hosting Firm
By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, November 12, 2008; 7:16 PMThe volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.
While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world’s junk e-mail.
The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.
But the company’s web site was not accessible today, when two Internet providers cut off MoColo’s connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.
Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. Read the rest…
Score one for the good guys… Of course I’m sure we’ll all miss those ads for male enhancement products in inbox… 
Computer Crime…
Here an interesting video from Mikko Hyppönen at F-Secure that talks about one of the common misconceptions about computer crime and viruses. A lot of people think that since we haven’t had a major virus outbreak like the Melissa or Sasser worms in quite awhile the situation is getting better… As Mikko points out it’s not, it’s getting worse.
Missing Laptop Causes Security Concerns
Stories about missing laptops containing confidential information are becoming an everyday occurrence so I wasn’t surprised when I came across this story about about a pilot’s missing laptop causing security concerns at a number of airports.
I’m not going to beat up on the pilot or the TSA they seem to have handled the incident properly. What I am going to do use this as chance to beat the Safe Hex drum.
What bothers isn’t that laptop containing confidential was apparently stolen, that happens more often than anyone would like it to. What bothers me is the apparent lack of encryption. If you’re carrying around a laptop that contains confidential information you should be using some type of encryption to protect that information. No technology is fool proof or 100 percent effective but using products like PGP whole Disk Encryption greatly reduces the chances that the bad guys will be able to exploit the data on a stolen laptop.
It doesn’t matter whether it’s your personal financial information or pass codes for airport security checkpoints you need to take steps to protect it. Making sure your laptop requires a user name and strong password* to log on is a good first step. Adding encrypting, whether it’s whole disk encryption or just file encryption is an important second level of protection that all to often over looked.
*A strong password should be at least 8 characters and include letters, numbers, mixed capitalization and at least one special character. It should also be easy to remember but hard to guess.
Mobile Malware
Here’s a short but informative video on mobile threats from the folks at F-Secure.