Reseller in Paris

Sometimes this is a tough job. Here is Allison Cote meeing Jean-Pierre Venancio at  Fouquet's Restaurant on the Champs-Elysees in Paris.

For the record, Jean-Pierre's company, Activweb.fr after an excellent cafe at Fouquet's, decided to be our Hosted SpamSentinel partner in France.

Nobody's Perfect (not even Google)

In a rolling perfect storm of errors, in one day Google marked all websites as bad 

http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html

and, in conjunction with that marked all mail as spam.

http://gmailblog.blogspot.com/2009/01/this-mornings-spam-filter-issue.html

Being in the business, I feel for them, as it was a regular update gone awry that caused the problem. I am sure no one in that group slept over the weekend. I think we don't realize how good all this spam and Malware blocking is. The state of the art has gotten so good that we all take it for granted. I certainly do. When the defenses come down, the continuous barrage of junk becomes apparent to us (to our dismay). 

In my own moment of insanity, I tried shutting down our own internal spam filters for one day only, to experience the pain. Unfortunately, I quickly shut the experiment down after only one hour when I discovered that no one at Maysoft.com was particularly fond of feeling the pain or receiving all of their spam. Where is their sense of adventure?

11:00 AM and we're off...the "World Without Spam Filters" test begins

11:21 AM

21 minutes into the test, my Lotus Notes Inbox is being flooded. Here is a snapshot:

11:38 AM

Blackberry users are complaining about the spam. Allison Cote wants to know what is happening. She had to leave her Blackberry and delete a bunch of messages from her Inbox. My test is distracting her, and others, from their work.

11:42 AM

I am checking mail1.box and mail2.box. There are 3,341 messages in one, and about the same number in the other. The router is going crazy trying to send some of these back to the senders as delivery failure reports. Aaaargh... this is worse than I thought.

11:46 AM I have to stop this test early. The amount of pain everywhere is too much. I am turning on the SMTP mail filter now as the only prudent course of action. 

(Read about the full text at A World Without Spam Filters)

Google did for the entire world what I could only do for people internally: Re-awaken them to the value and necessity of a good spam filter.

Official Google Blog: "This site may harm your computer" on every search result?!?!

Official Google Blog: "This site may harm your computer" on every search result?!?!

Trust and Social Networks: The New Frontier of Phishing

Twitter recently being hacked Twitter Blog: Gone Phishing is just the latest example of Spear Phishing. Luring someone in based on a common affiliation.

Lately, a new technique, predicted by the University of Indiana talks about gaining the trust of the recipient by putting recognized names and other familiar details into the email body. This makes the email look "genuine" and significantly increases the chance that the recipient will act on the message (the action rate increases 5 times over a "normal" Phishing scam, according to the study).

Social Phishing is a type of highly targeted "spear Phishing" attack that could be made on a few thousand people with high success rates. The University of Indiana study showed a 74% response rate. The control group has a 16% response rate. Correcting this for the typical 3% control response rate (university students are more trusting or less risk averse than the population at large), gives a success rate of about 12%, which would be very productive for the Phishers.

In the on-line world, Phishing has been very successful (for the Phishers). But users are becoming much more savvy, so they are not getting "hooked" as much. For example, the Nigerian email scam is laughably lame now. I have to believe they continue these out of habit, like a dog barking to get a bone. People recognize the fact that there is no personal information in the email. That is the main flaw with "generic" Phishing attacks.

Lotus Notes User Network Penetrated
Fast forward to today. Take the Lotus users' various networks. Searching PlanetLotus.org, various blogs and the IBM Notes/Domino 8 Forum would enable anyone to find many names, and quickly identify the popular names based on the number of times it is mentioned. Without a lot of work, you could build a web of connections to be able to pretend to part of the network, or pretend to be referred by someone you know. (A friend of a friend).

That is how Bernie Madoff (pronounced Made-Off, which in English means "to steal") worked his Ponzi investment scheme. Trust. People trusted him because other people trusted him. That is how the "confidence" game works.

Once a network is penetrated, it will be pretty easy to get users to act on emails. Crafting an email would be easy. Even a non-Notes users could take a blog or forum posting from an individual who is frequently mentioned and use it to simulate subject matter expertise. Finishing it off with a request or other action and you have a powerful tool for fraud.


An Email "from" Volker Weber
To penetrate a community, a Social Phishing attack would start by spoofing the name most often mentioned in our Lotus Notes world. Based on PlanetLotus.org's list of Hits in the last 20 days the person most likely to be spoofed would be Volker Weber. Using his name means trust. So, I did what a Social Phisher would do and grabbed a blog posting from Volker's blog to create an example of how said Social Phisher could infiltrate a community and wreak havoc. For simplicity, I shortened it, but it can be seen in its entirety on vowe.net

I then fabricated a plausible story around the blog posting. A real attack would weave real details relating to Lotus Notes with false information or Malware links. I wrote the additions to the blog posting in red, for demonstration, but the Social Phisher would not be so kind to point out the Phishing section!

(Note: This is just a demonstration email. It was not written by Volker. You could take any Lotus Notes or Domino blog and do the same, targeting users in that space, especially those, like me, who freely post their email addresses on-line).
From: volker@vowe.net
To: frank_paolino@maysoft.com
Subject: Winners of the 2009 Lotus Awards


Winners of the 2009 Lotus Awards
by Volker Weber
Best Industry Solution
1. Winner: e-On Integration S.A.
2. Finalist: iEnterprises
3. Finalist: Ascendant Technology
Best Lotus Energy and Environment (Green) Award
1. Winner: KLG Systel, Ltd.
2. Finalist: Alphalogix
3. Finalist: Enterprise Information Management, Inc.
Best Mid-Market Solution Award
1. Winner: iEnterprises
2. Finalist: Pavone AG
3. Finalist: Nortel
...
...
...

Congratulations to all the winners! Click on the links to learn more about the winners and see these excellent Lotus Notes products!

Volker


Find me on-line at:
vowe.net

(these links are the actual links and are harmless.... those in a Social Phishing Attack would not be!)


A spoofed message "from" Volker Weber in this context would be likely to be opened. And the relevant, topical nature of the email would make it widely read.

In a Social Phishing scam, the links would really be Malware such as keyboard loggers. As such, they would be very helpful in gathering all types of information such as PayPal accounts, LinkedIn logins, etc. to continue the scam.

The point is that the Social Phishers are getting a lot smarter, using
context,
recognition
familiarity
to get people to read and act on the emails.


Like spam, these attacks prey on our open protocols (SMTP) and our open Lotus communities. I am not advocating any change in these community sites. PlanetLotus.org, the IBM Forum and all the Lotus Notes blogs are open, and should remain so.

But beware of emails from trusted sources. If you are not sure, reply and ask if they sent it. Do not give personal information in any link provided in an email. With all of these precautions, many of us will still fall prey to these scams.







Here is another blog about Spear Phishing:
Trust and Social Networks: The New Frontier of Phishing

Thanksgiving Wishes

So here is my prayer for Thanksgiving:

I want to give thanks to all the people that I associate with via the blogosphere. Like the Pilgrims and the Indians, we often come from different backgrounds. And like them, we don't always agree, but we need to find a way to get along, even when we disagree (especially when we disagree). We spend a lot of on-line time working together in all forms of groups. These groups often become polarized, and much anger and vitriol is spewed against those who are "less" enlightened than us. I love passion, and passionate arguments, even when I disagree. It is energizing to have a strong passion for what we do, otherwise why get out of bed?

Thanksgiving is an opportune time to reflect about our relationships to others. As Charles Dickens said so well in "A Christmas Carol" that it is a time to "think of people (around us) as if they really were fellow-passengers to the grave", which should give us pause to reflect on the shortness of our time here.

We are all on this planet for only 78 round trips. Some get a few more, many get a lot less. So above all, the first thing that I am (and all of us should be) thankful for is good health. Without it, all the rest really does not count for very much.

So, I would like to summon this spirit to wish everyone a Happy Thanksgiving, and hope that we can re-learn what we were taught as young children: to be nice to others. This is especially needed in the blogosphere, where anonymity and distance cloaks civility and open discourse which oftentimes provokes needless harsh words and enmity. In that spirit of brotherhood (or should I say community), I give thanks to all the people in my life, associates at Maysoft, fellow workers, and fellow bloggers everywhere for the chance to spend a few moments, in person or virtually, together, enriching our shared experience here on earth. Isn't that, after all, what the Indians and Pilgrims were doing at the first Thanksgiving in the year 1621?

Picture: "The First Thanksgiving", painting by Jean Leon Gerome Ferris (1863–1930).

A World without Spam Filters

After looking at our spam blocking statistics for yesterday (we blocked 279,706 messages on our 2 Domino SMTP gateways), I wondered what the world would be like if we had no spam filters?After I pondered this question for some time, I finally decided that the only way to really know the answer is to stop the automated blocking and just see what happens. After all, SpamSentinel has been working so well
for so long that I've forgotten what it is like to live without a Spam filter. So I have decided to do a one hour test, bypassing the filter on our main SMTP gateway, from 11 AM to 12 noon today, for our Lotus Notes email users.

10:55 AM
I am writing this part of the blog before the test, not knowing if a small mutiny will ensue, or not. All is calm now, at 10:55 AM. The test begins in five minutes, at 11 AM, and runs for one hour. I am afraid to run it for more time than that, as this is our
live email and people have work to do.

10:59 AM
So, it is 10:59 now, and I have just sent one last warning email about the test to everyone ....

"At 11 AM EST today, we are running a test of a World Without Spam Filters.All automated Spam blocking will be turned off for sixty minutes. We expect all users to block their own spam manually"

11:00 AM and we're off...the "World Without Spam Filters" test begins

11:21 AM
So, 21 minutes into the test, my Lotus Notes Inbox is being flooded. Here is a snapshot:

11:38 AM
Blackberry users are complaining about the spam. Allison Cote wants to know what is happening. She had to leave her Blackberry and delete a bunch of messages from her Inbox. My test is distracting her, and others, from their work.

11:42 AM
I am checking mail1.box and mail2.box. There are 3,341 messages in one, and about the same number in the other. The router is going crazy trying to send some of these back to the senders as delivery failure reports. Aaaargh... this is worse than I thought.

11:46 AM I have to stop this test early. The amount of pain everywhere is too much. I am turning on the SMTP mail filter now as the only prudent course of action.
Blackberry users are still complaining.
Good mail is buried in the spam.
The router task on the server is working way too hard, trying to deliver these spam messages or delivery failure reports.  Some messages are being sent back out as Backscatter.
I have stopped the router task while I delete the contents of mail1.box and mail2.box.
Good messages that were in mail1.box or mail2.box may have been lost when I deleted all the pending messages to clear out the spam
I just restarted the router.  It is quiet now. I will have all users resend all messages between sent between 11:30 and 11:45, as they were most likely deleted by me.


11:58 AM Looking around at other mail boxes to see the damage. Most people got about 10 messages, which tracks well with the 200 a day most people receive on average.
I found this gem in one Inbox, containing malware and a funny subject, "CNN: Aliens send us cartoon messages!"


12:06 PM All the mailx.box files are clean now. Users are not making any more noise, but they have questioned my sanity.


So what did I learn from this Social Experiment? What would a World Without Spam Filters be like?

1. For starters, deleting real messages is a highly likely possibility, both by users in a hurry to clean their Inbox and by the Lotus Notes email administrator.
2. It took me about 15 minutes to clean up 45 minutes of spam. That makes the clean up and delete job, as an administrator,
to be about 15 minutes per hour, or 2 hours per day.
3. Spam is still heavily reliant on random dictionary attacks, hence the amount of delivery failure reports.
4. Backscatter causes collateral damage to others outside the organization.
5. Servers would be overwhelmed with the workload, trying diligently to deliver every message as if it were a valid email.
6. Blackberry Users: It is not just the inconvenience of hitting the *delete* button. It is the mind-numbing distraction of having the Blackberry go off every time an email message comes, especially when you are in a meeting but also waiting for a critical email that needs an immediate response. The tension over false alarms kills concentration.
7. Attention Deficit Disorder: Some studies have been done which detail how much productivity is lost for every interruption. The cost of a Spam email isn't just the time it takes for our minds (and hands) to figure out it is Spam and ignore/delete it, it is also the amount of time it takes us to get our mind focused again which can magnify the loss of productive thinking time. Without a Spam filter, I would NEVER enable any sort of pop-up 'you have email' alerts in my mail client, as I do a lot of programming and project work where I need time to work for a stretch without interruption in order to keep up the quality of my output.
8. The cost of spam without a filter is nearly 120 times what the filter costs. This is based on the fact that, between deleting spam and hunting for good messages in the mess takes about 30 minutes a day, or about 120 hours annually. At a pay rate of $30 (25 Euros) per hour, which approximately equals the annual cost of spam filtering, the payback is only a single day of usage. Myself, I couldn't stand even one hour with the filter off, let alone one entire day.
9. Spam Filters, although imperfect, are an absolute critical necessity.
10. In a World Without Spam Filters, email would be almost useless.

SpamSentinel for 64 Bit Domino

I now know why 64 bit Domino is gaining in popularity. It really gives Domino access to so many more memory resources. Performance is not limited by the old 2 gig RAM barrier for applications. So we are happily releasing the 64 bit version of SpamSentinel to beta customers this week. The conversion from 32 bit to 64 bit was no fun, but that is why they call it work!
SpamSentinel also has less constraints on processing, and it shows! We are seeing much faster throughput, past the 2 million messages per server per day mark!
We have been running this on our internal server for 5 days and it has remained stable. It is running on our internal mail server, a 64 bit server running Windows 2003, along with Domino version 8.0.2, where all of our mail files exist. This is our own internal "vote of confidence", meaning we will not release software until we are confident enough to put it on our internal production servers, as errors can cause dreaded work interruptions.
So, for those of you who like to have your anti-spam and anti-virus solution run natively on the Domino server, you can use this solution. As before, you can expect a 99.44% block rate.
Any customers who want this version can call us at our main line at (978) 635-1700 or email me, frank_paolino@maysoft.com to obtain an advance copy.