Larry Seltzer

Much has been made of the recent revelation that Google had reached No. 4 on Spamhaus’ list of “The 10 Worst Spam Service ISPs.” In fact, as I check now, Google is No. 3. It’s no secret why Gmail is such a big spamming source now: Spammers have had success cracking the CAPTCHA tests and […]

It’s just one embarrassment after another for the digital certificate business lately. First, lax procedures at a Comodo affiliate resulted in the sale of a “mozilla.com” certificate to someone unaffiliated with that group. Now a more serious technical problem has developed with the way some certificates are generated, but the real problem is still human. […]

Every December I get a lot of pitches from vendors, analysts and other security types with predictions for the next year. This year I’ve decided to go through them and pick out the ones that made an impression on me. Many of the ones I don’t list here, like “spam will increase,” are either too […]

The SSL infrastructure is based, in a large sense, on trust. We trust that vendors of the software that checks certificates will only trust the roots of certificate authorities that are trustworthy, and that means CAs that check to see that the applicant for a certificate is who he says he is. Unfortunately, there are […]

It didn’t take long for anonymity on the Internet to become a contentious issue, and for good reason. Anonymity is problematic. It is usually possible, even easy, for users on the Internet to hide their true identities to a degree. Most Internet protocols have weak or no authentication in them and it’s usually not too […]

There’s been some talk lately about malware on the Mac and whether users need anti-malware software. Clearly the situation is nothing like on Windows where going on the Internet without an anti-malware program is like taking a walk out on the Interstate; the question isn’t if you’ll get hit, but when. There definitely is malware […]

Google seems to be very interested in the concept of sandboxing. I count three separate efforts the company is involved in. Who knows, they may actually amount to something useful. The Chrome browser is built around a sandboxed architecture in which browser applications are locked down using Windows-specific features such as Job objects and restricted […]

I’ve never seen Microsoft get so elaborate and comprehensive about workarounds for a vulnerability. They must be getting a lot of interest, or should I say pressure, from customers. I’m speaking, of course, of the new IE zero-day attack. A Friday night entry on the Security Vulnerability Research & Defense blog goes into a little […]

The CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 was controversial from the start. I think it’s fair to say that nobody thought it would solve the spam problem, but many (such as this guy) thought it could help. Has it solved the spam problem? No, of course not. Has it […]

I saw a disturbing number the other day: According to the latest MessageLabs Intelligence Report, by September of this year 25 percent of all spam originated from hosted Webmail accounts, meaning Yahoo, Hotmail, Gmail and the like. This may be a huge problem. I’ve been a big fan over the years of SMTP authentication and […]