SPAM Prevention

Did Network Solutions Have a Massive eMail Breach?

Not sure, but this past few days gave me some strange indications that something was up on more than my client’s accounts. It all began with his hard drive (the actual hard drive assembly) having a complete failure. All data lost for regular recovery methods, this is one where the drive has been sent to a specialist that can possibly bring a dead drive back to life. Lesson all too well learned: Have backups.
Net impact of the failure of the drive: Time to upgrade to a new computer that supports RAID 1 (mirroring), so there is a completely redundant drive in place at all times. Next, reload Windows 7 and all the programs. Run updates (over 200 of them) and, from a drive replaced from last summer, get as much data as possible to use as a jumping off point. Done!
Now: Set up Outlook 2010 and configure for the emails. After digging out the server settings, they are there and the “Test Account Settings” are working. Check the Inbox. Nothing. Look in the Sent box. Nothing. Rinse, wash, repeat. Nothing, nothing, nothing. Of course, I checked, double checked and triple checked. Mail was coming in to Outlook, but the odd thing was a regularly sent email would appear to process through and show in the Sent box after moving via the Outbox, but no one was receiving anything. Set one of the accounts up on a separate computer. Same results. Disabled all the security systems in case I had a firewall issue in the new installation that may be blocking ports needed that I had set before. Still nothing. Swirling all around this were other things to get the business back to full capability. The end of the first day, I hadn’t figured it out, but I still believed it was on our end.

Day 2 came and in between the rest of the work to get moving forward, I had time to pick up the phone and contact Network Solutions provider for eMail support, Webs.com. The tech and I checked the settings and verified the account testing built into OutLook was working. He “reset the server.” Told me to wait about 15 minutes, then try again. I did….same results.

Day 3: Convinced it wasn’t me causing the problem, we contacted the support line. This time I went to the web based mail and was able to send and receive mail without problems. After some discussion of the settings, the testing, the POP3 accounts (about 20 minutes), the tech said the email accounts was suspended. Of course I wanted to know why, but, since I wasn’t the account owner, they said they couldn’t discuss it with me. Unfortunately, the owner was out at meetings, unable to get on the phone. I hung up and called later. One of the interesting things greeting me as I began the wait on hold was an announcement that if you’re using the web mail, your server might periodically go down and to try logging back in. Interesting. So not only am I having issues, sounds like someone else is. In this session, the tech told me that the passwords for the email accounts weren’t strong enough (from a security standpoint) and they had to be changed. Good reason to do so anyhow, so I did, following the direction to use at least one capital, one number, and one special character and have a length between 8 and 14. I did so, told the tech it was done and he said he’d lift the suspension, but had to call me and verify the account administrator was who he had been talking with (I had been added to the account by now). I told him I wasn’t at the office (since I had gone home) and asked if he had the number (assuming caller ID got recorded) and told him I wasn’t at the office. He acknowledged, hung up and my phone never rang.
About 20 minutes later, I checked the mail email account for incoming and there was one, saying no one answered the phone for validation. The number listed in the email was the office line. First I went to log back into the management account and a warning came up on the screen saying account management wasn’t available and to try again in about an hour. Seems to me more significant technology issues.
I called and the greeting message was that they were doing an emergency server replacement. This was the global message on the support line, before it even took you to the push this number prompts, so now I sense something is amiss. Add to this that the time from the earlier call to this one was about 4 hours. I gave up, it being about midnight by now.
Got up early, picked up the phone and called the support line, after logging into manage the account. This time there was no warning about the management function being down, so in I went. I will admit I was, let me say, terse with the tech who answered. I rapid fired the problem that began, the steps that had been taken and the dis-connect from the evening before, and added that it was now the fourth day of my client not being able to use the mail accounts, that were paid for and receiving. The answer was the password had to be strong when the scanners checked it, otherwise it couldn’t be unsuspended. I responded that the passwords had been changed last night, then summarized the correct implementation of their guidelines, and clearly stated they had suspended the accounts with no notice to the client, and now had kept him offline for 4 days. At that point she said she would lift the suspension, and it should be cleared in about 10 minutes. She added a warning that if the scanners saw it didn’t meet the specs, it would suspend them (note: automatically) again.
Analysis from my intelligence gathering training:
Network Solutions, for some reason, most likely as another barricade to email accounts on their servers being hacked into, has instituted an automated process to ensure email account passwords meet a minimum security standard. I agree. What bothers me is the client had no notice from them when the automated system injected itself into the process.
Network Solutions was making emergency replacements of servers, telling me either a major physical disaster happened (fire?), or they had been compromised so badly, they had to take them offline.
The observed issue of the notice that if you’re using webmail, you might be logged off, combined with the emergency server replacement tells me the issue happened in the email department.
I did a search as soon as I got off the phone this morning and checking the unsuspension. No indication of a breach at Network Solutions, but…sounds like something happened if a company that size, something happened for sure.

Friday Freebies: Comodo IceDragon

For a while now, I bave been using the FireFox based Comodo IceDragon for my browswer. I have long since left Internet Explorer behind, only using it when it was the only option for some things such as updates from Microsoft, and have long been a fan of FireFox from the folks at Mozilla.

Long before the added functionality of plugins arrived in the IE world, I had many, many useful plugins operating in FireFox.

Then I came across IceDragon about a year ago on the Comodo site Free Products page. I had been using their Dragon browser for a bit, which is based on Google Chome, and had built it up for some replacement functionality in the plugin world, but I wanted a FireFox version and they read my mind. So here I am.

Advantages of the IceDragon browser of “straight stick” Firefox:

1 – On the right end of the website address bar, where is a stylized blue “W.” That button is a tool the, when clicked, scans the currently selected webpage for infections. Think of it like a virus scanner, not for your comp[uter, but the site are looking at.


Click images for larger version

Why is this important these days? Beacuse the bad guys are hacking into and infecting legitmate websites. The result is you get intrusions into your computer, not by clicking the obviously hacking into freinds Yahoo email account sending out spam viruses, but without your inattention to detail for a mere moment.

2 – The browser has beefed up security checks, and will stop and ask you if you really want to go to a webpage that has indications of being a malicious site, or, in the case a site’s shopping cart that had their security layer (the SSL function, that ensures your credit card info is encrypted before it leaves your end of the transaction to purchase on the net) expire, which then makes passing your info a risky thing.

I have seen it also ask me if I wanted to continue, because the web address had more than some acceptable numbe or dedirect command (meaning the webiste keeps forwarding you to anothe domain/server for the content, but in this case, the redirects continued to bounce my request to other places). IN this case, it is a site I go to regulalry, and is a big name, but obvioulsy the bad guys use mulitlpe redirects to cover thier tracks in an effort to hide what they are up to, and IceDragon saw a similar pattern and asked me. I tried it in the current version of FireFox, out of curiousity, and it took me right to the sight. Good real time comaparison.

But, they you have your Friday Freebie courtesy of The Computer Whisperer!

Become an Anti-SPAM Warrior!

This morning, I opened my personal email account to find a SPAM email. Very obviously one, sitting right there. So, rather than just delete it, I took a moment to look at it and it revealed some clues as to how it got to me, and by way of that analysis, I can tell you how to begin your own anti-SPAM campaign!

Not only was the email addressed to me, but to a number of local business people I know, but do not correspond with via that email address, if I do at all. Most are people I have met networking and have their cards, so I know who they are. Point 1: I could see all their email addresses.

It didn’t take much scanning to figure out point 2: I can guess with about 99% certainty who has been sending out emails with this list of addresses. I get them from him, too, and in this email account.

Point 3: Because of his method of blasting his email contact list “in the clear” using the “to:” and “cc:” fields, he now makes all his contacts vulnerable to be collected and used, increasing the quantity of SPAM traffic on the net, not to mention annoying (at the least) and infecting (at the worst) all those computers of your friends and family and business contacts.

Putting all those puzzle pieces together, he’s how you can save your friends, family and business contacts from more of such a fate:

1) If you feel inclined to send something out, put their addresses in the “Bcc:” field. Then any recipient will only see their names, and no one else, and therefore, if this email finds it’s way into someone’s email account where they farm email addresses to send out SPAM to, you’ve put up a simple firewall on that activity.

2) When you get that forwarded 20 bizillion times joke, or offer for Bill Gates to donate $1 to your favorite charity, do this: Right after you click on the “Forward” function of your email, hilight and delete all the other lists of emails that are visible in the body of the message. Besides saving someone from being SPAMed as a result of you inadvertently helping SPAMers collect their address, think how much better a reading experience those who receive it will have when they don’t have to scroll down 37 screens to read the relevant material?

Summary: Put email address for blast work in the “Bcc:” field and remove any visible lists of email addresses in items sent to you, if you forward them along!