Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/30/2005
05:42 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Let's Make 2006 The Year We Wipe Out Spam

We don't care about spam anymore, and that's wrong. Spam is a crime highway that runs straight through your computer, carrying a cargo of worms, fraud, viruses and other attacks. Security vendor Sophos reported that attacks jumped 48% in the first 11 months of 2005. The most dangerous threats were spam-distributed. Spam has direct financial costs, as network managers are required to spend money on software and

We don't care about spam anymore, and that's wrong. Spam is a crime highway that runs straight through your computer, carrying a cargo of worms, fraud, viruses and other attacks.

Security vendor Sophos reported that attacks jumped 48% in the first 11 months of 2005. The most dangerous threats were spam-distributed.

Spam has direct financial costs, as network managers are required to spend money on software and services to filter spam, and buy additional hardware and bandwidth to carry the load of unwanted e-mail. That's money and resources that could be used for something productive.

And that's just the beginning. Secondary costs of spam are even worse.Attackers use their spam-borne attacks to take over target computers, and then use those computers to send more spam, which delivers a payload of fraudulent business offers and questionable medical remedies to prey on the fearful, ignorant, and insecure.

Compromised machines also become platforms to launch denial-of-service attacks. Often, the denial-of-service attacks are accompanied by threats to continue, and keep a business offline, unless the business pays the attackers to stop.

In a pathetic display of government incompetence, the Federal Trade Commission recently admitted that it can't prove that the two-year-old CAN SPAM law reduced. Less spam gets into users' in-boxes, but the spam that gets in is more malicious, the FTC said. Spam comprised 68% of e-mail in 2005, down from 77% in 2004. according to anti-spam vendor MX Logic, which said that technology, not the law, was responsible for the decline, noting that 96% of junk mail violates the requirements of CAN-SPAM.

You already know most of the preceding, but you don't really think about it. I know you don't think about it because if you thought about it, you'd do something about it. The Internet has become a crime zone, and decent users are like residents of gated communities, who've learned to ignore the sirens and breaking glass.

What needs to happen to stop spam? Technology has taken us about as far as we can go. We need better laws. CAN-SPAM is currently fairly useless--it allows marketers to send unsolicited bulk e-mails so long as they identify themselves and provide unsubscribe unstructions; the law needs to be amended to, quite simply, ban unsolicited bulk e-mail. What kind of assault law would allow attackers to hit you over the head so long as they identify themselves ("Hi, I'm Bill, I'll be the guy beating you up today!") and stop when you ask them to?

Moreover, CAN-SPAM needs to be amended to allow for the right of private action. Currently, only the government has the right to sue spammers, which creates bottlenecks. Anybody who receives spam should have a right to sue.

Is spam a big problem for you? What are you doing about it? What should society do about it? Leave a message below to let us know.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...