|
The startup inadvertently made matters worse by redirecting all Web traffic from its company home page to its TypePad blog. The DoS attacks followed right along, bringing down not only Blue Security's blog, but millions of others hosted by TypePad and LiveJournal. Not long after, Blue Security threw in the towel and shut down operations. |
 |
|
Taking On Phishing
One of Microsoft's latest tactics to tackle spam, particularly phishing attacks, is Sender ID, an authentication technology protocol that validates the origin of e-mail by verifying the IP address of the server sending the message against a registered list of servers that the domain owner has authorized to send e-mail. The ISP or recipient's mail server automatically performs the verification before delivering messages.
|
||||
|
|
|
||
|
Phishing Comes To The Fore |
|
||
|
||||
"We're paying more attention to reputation of the sender," Scarrow says. "That has been a really big deterrent for phishing. We're seeing people who really want to protect their brands -- eBay, PayPal, banks, e-marketers -- using Sender ID." Nearly one-third of Hotmail traffic has Sender ID attached to it, says Scarrow.
However, Sender ID is just one of three approaches to sender authentication -- along with Sender Policy Framework and Domain Keys Identified Mail -- under review by the Internet Engineering Task Force, an international standards organization.
Sender ID is the least useful of the three, according to Arabella Hallawell, a research vice president at Gartner. She says that DKIM is the most comprehensive of the three authentication methods and is gaining the fastest adoption rate among financial services companies and other spoofing victims.
Hallawell adds that e-mail authentication standards in general are much better at preventing phishing than spam. She believes that an arsenal of spam detection also should include connection-management techniques, which examine the traffic patterns and history of a domain-sending e-mail. This is an important step because not all spammers hijack domains.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
