Are you getting less spam? A big spam host in CA was taken offline on Tuesday. One good source for the story is here http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html , since Brian Krebs (the WP columnist) was one of guys responsible. The ‘co-location’ (a big web site hosting firm) looks to be responsible for up to 80% of the world’s spam, along with hosting other offensive sites (child pornography, etc).

As of Tuesday, their connection to the Internet was cut off.

As a result, the volume of spam being pumped out by all of those infected computers has gone down by 60% or more. At my office, we usually get about 800,000 messages a day; we block 92%+ as spam. Over the last 24 hours, that incoming volume has been reduced to about 250,000. Others are reporting the same reduction. (More details on Brian Kreb’s blog here: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html

It will be interesting to see how long this reduction lasts.

In the meantime, working on another web site project, some updating of existing sites, and the other usual stuff.

Things that I have been thinking about lately:

– Whose idea was it to have a holiday on Tuesday? (For all of you international readers – yes, that lonely guy in the back corner – tomorrow [Tuesday] is Veteran’s Day in the US.) I’m all in favor of veterans – my Dad was one (WWII Marine, service in the South Pacific). I am in awe of their service to our country. And I do get tomorrow off.

– Why are all the domain names that I think of already taken? I keep having these ideas of a web site that will make lots of money with minimal effort, but somebody has already done it first. Yeah, I guess that means that I am not very creative. Or timely (see next item).

– Why didn’t I go ahead with that money-making idea 15 years ago? I wanted to take the kid’s bikes on a trip, but there wasn’t really a good way to carry them along. The only bike carriers were those half-hoop things that strap to your bumper. I was looking for a bike carrier that you could mount on a trailer hitch. Not available then. Now they are everywhere.

– How can you make easy money during a recession? Oh, that’s right. Be a failure in your company, then get them to fire you with a big ‘exit paycheck’.

I’ve got to get a refill on my medication…..

Vote.

Or don’t complain about things.

When my wife’s alarm clock went off, I pried my eyes open to look at my alarm clock. It showed 4:45am. I was a bit confused (a normal state at any hour of the morning), and wondered why she was getting up so early. She told me it was the usual time (5:45am).

Yeah, right. My alarm clock runs on atomic time, and automatically adjusts to the proper time. This is useful during power outages, as it will be one less clock I have to set after the power is restored.

Until I realized that this was the last Monday of the month of October. And then I remembered that my alarm clock was built before the change to the start and end of Daylight Savings Time. Which is now the first weekend of November, not the last weekend of October.

Which makes my alarm clock as confused as I am in the morning.

And now I remember that I have several other atomic clocks in my house that are similarly confused.

To add to all the coverage of the extra special (and critical) MS patch released yesterday, for the benefit of my three (that many?) regular readers (excluding family):

My first reading of the various links about this vulnerability and patch (see below) indicate that, although the rating is critical, and the patch should be installed immediately, there is less exposure to Vista and Server 2008 and XP SP2+ systems because their default settings enable the firewall and block ports 139 and 445. (You can check if those ports are blocked by using the ShieldsUp test at www.grc.com.)

Note that this vulnerability has the potential for the same impact as the Blaster and Sasser worms (the blocking of those ports and default firewall enable XP SP2 and Vista is one of the results of learning from the Blaster worm). That blocking will help with external attacks, but an internal attack (behind the firewall) may be possible. For instance, our organization was severely impacted by an internal attack of the Blaster worm, which caused a Denial of Service (DoS) type of attack on network traffic.

The initial takeaway is that the MS patch, and probable (already released now) upcoming AV patches will be very important for all users, even if a ShieldsUp test shows that you are blocking ports 139/445.

Corporate/network users are strongly advised to get this one installed on all external and internal systems, even if their firewalls are blocking those ports. And home users are especially urged to install the patch.

There are reports of some limited attacks using this vulnerability; I suspect the hacker community is frantically working on exploits.

A typical exploit might be to install spyware/malware on your computer to gather confidential information. It is less likely, I think, that an exploit would try to just do a DoS-type (Blaster) attack; most hackers are now targeting systems for confidential information for financial gain.

More general info here: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx From the MS SDL (Security Development Lifecyle) blog http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx ; an explanation of “why didn’t we catch this”.

Just remember safe computing practices: install updates, don’t click on links in emails alerting you to an update, pop-up messages while surfing the ‘net that alert you to malware are bogus and should be ignored, etc.

At the office, the usual wandering through the mail server, trying to figure out some problems with an outside user getting their mail blocked. It’s usually because a computer on their network is an evil spammer, usually without their knowledge. So they get on the private blacklist we use.

If you have Adobe Flash installed on your computer (most do):

Adobe has released their latest update to Flash (for multimedia on web pages) to fix the “clickjacking” bug. (This allows an evil hacker to place a hidden ‘button’ on a web page that will do nefarious things when you think you are just clicking on a link on a page. This exploit is not widespread, and not terribly easy to do, but is rather sneaky.)

You can check their Flash version by going to this Adobe page: http://www.adobe.com/products/flash/about/ . You’ll get your current version, and a list of versions for Windows, Mac/OSX, Linuz, and Solaris operating systems.

Notice that this update is not just for an Internet Explorer vulnerability, but also affects Firefox, Opera, etc. You should make sure that you have this update.