Slashdot Mirror
Email Security Systems Miss Thousands of Malicious Links (betanews.com)
A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.
...let's open it !!!...
nothing to see here - move along
Perhaps the people that sent the links were malicious, but the links themselves are not.
A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems
Of The Six Dumbest Ideas in Computer Security, this is a combination of 1 (on the part of the MUAs) and 2 (on the part of the scanners). So, no kidding.
Oh wait. This is Slashdot. Asking for constructive solutions? Talk about pissing into the wind.
I know y'all [typical Slashdot commenters] will find the notion hilarious (at best), but I actually think there are solution approaches. I'm just mystified why no one is approaching them, though I'd appreciate your guidance to existing solutions almost as much as your better ideas.
For example, to whit...
A lot of these problematic links could be quickly identified if the intended victims were asked to help. Or even given the opportunity to go that far out of their way if'n they wanted to. I am NOT advocating for a vigilante solution (but you better not let me get anywhere near any part of a rope with a spammer attached to it), but in the plentiful cases where the scamming spammers need human help, the selfsame humans could unhelp the spammers--if only it were made possible. Your email "security" system may be unsure what is going on, but I can absolutely assure you that I don't (and never will) have an account with Bank of America (just to pick a deserving example).
For now I think that's enough time spent flogging this dead horse, but ADSAuPR, atAJG.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Do they still enable remote content also? They DO? Lol, and these fools are pretending to give a fuck about malware?
See subject: Via APK Hosts File Engine 2.0++ 64-bit for Linux & BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 Linux/BSD!
(Better vs. Windows model in speed/efficiency/merge)
APK
P.S.=> Protects vs. script trackers/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payload links... apk
We have started receiving some very high-quality Office365 "Your password is about to expire" notifications. They are super specific and somehow they know we use MS. As usual they are an exact copy of the real email (none of the usual grammar or spelling mistakes). The fact MS spam filtering doesn't flag these is troubling.
If it weren't for the "From: Microsoft Office365 (billybob3248@ustexasam.edu)" it would look totally legit. My big issue that is that Outlook normally hides some of this information - at times making it difficult to see the mail headers. Gmail is a bit better, but only when it gets flagged as spam, I like their "Caution - this looks like [fishing/spam/other]"
Only a select sub-group of employees receives these emails. It's very focused, and apparently not random. They pit specific employees against each other "hey Sally, I'm not in the office, please pay this bill, signed Bob" And both Sally and Bob are real people who work together. Sally isn't on LinkedIn - so their relationship, if guessed, was spectacularly a good guess. It amazes me where this information might be mined from.
And what's wrong with that? Heck, I even let my mail client filter those pesky HTML attachments through lynx if need be -- too many bastards put the contents as such an attachment instead of the mail's body.
No operating system would be insane enough to run executables this way, would it?
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* Linux model = faster/more efficient
APK
P.S.=> APK Hosts File Engine 9.0++ SR-1 32/64-bit for Windows https://www.google.comsearch?s...
all email, including attachments, is in the body as mime 64 text...so even if you get text only and then copy and paste (or even re-type the url) into a browser you're still going to a potentially malicious site...and that only takes care of you - what if you have 10,000 users?
nothing to see here - move along
See subject & Malwarebytes' hpHosts https://hosts-file.net/?s=Down... phishing protection file!
A roommate of mine saw me scanning junk emails source for malicious links & he said "EVEN JUNKMAIL IS USEFUL FOR YOU" & it is - the usual "spoofed" sender isn't of the major concern - it's the LATER EMBEDDED LINKS that are.
(I track 'em outta Outlook's JUNKMAIL & security sites galore (50 of them I scan daily) - it works vs. THIEVES making more spawning them like cockroaches/fleas/bedbugs).
APK
P.S.=> I absolutely HATE online thieves & do something about it - I'm not here to "win a popularity contest": I'm HERE TO WIN so EVERYONE does, for the ABSOLUTE GOOD & yes, I KNOW who "attacks me" (advertisers, webmasters, MALWARE MAKERS/BOTNET HERDERS of all types, & inferior competitors that USE MORE & DO LESS using "Bolt-on-'MoAr'" ILLOGIC-LOGIC full of SECURITY BUGS (DNS/Antivirus) OR crippled to NOT WORK (adblock) by default ADDONS (EASILY DETECTED + BLOCKED also)
Those are the old fashion ones. The thing is a lot of "secure" emails require you to click the link on the email, go to a secure site and read the email from the site. Outlook does this, as well as other options.
This habit makes it easy to click on the link to see the secure email.
The real problem is Email isn't secure, it is too easy to fool and spoof. It was an idea of well intention idealist, expecting only small scale usage.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
See subject: I usually score 130-135 typically on "IQ Tests" (online & otherwise). However, it doesn't TAKE a "genius" to do the RIGHT thing in this life either... my program? It's not "genius work' BUT it does work on a GENIUS simple principle: What you can't touch cannot touch you, period.
* It just takes time, effort & skills you acquire over time (& it takes time, LOADS of it in ANY field of endeavor) in this life.
(See, I think a HUMAN BEING is a marvellous instrument, albeit capable of BOTH "good" & "evil" - & I shouldn't have used 'moral relativism' signalling quotes either really - there IS both good & evil, no questions asked - thieving hurting others, possibly endangering those who DEPEND ON THEM TOO? Low, & yes, evil!)
APK
P.S.=> I got REALLY upset @ "trolls" today who are nothing more than MISERABLE losers trying to be 'critics' of someone who HAS tried & done well (usually, sometimes not in his case (very odd guy but one I do admire in a few capacities too)) & told them all this https://it.slashdot.org/commen... & it says a LOT in it that I hope inspires others (the 'trite sayings' I used were told to me & I had inspiration from Cliff Stoll YEARS AGO (decades really) directly on /. to do so & yes, it worked on me http://it.slashdot.org/comment... ... apk
It's not that I don't care. I realize that someone else's fuckup can cost me. But I think if users are so highly motivated to click any link offered and then enter their credentials, or to save, chmod +x and execute any attachment, then email filtering isn't going to be enough. Sure, you want defense in depth. But that means a dozen other things in addition to email filtering (you were never going to put your eggs all in that one basket), since after all, you weren't counting on email filtering really working anyway.
This failure was not only expected, but the consequences are not that big of a deal. Yes, some absolutely unredeemable fuckwit is going to click one of the links it didn't filter, enter credentials they shouldn't have, and then the consequences will end up falling on some innocent victim (perhaps someone right here on Slashdot) who doesn't bother to screw up every time they're given the chance. But fuckwits who click links in emails, are all just going to accidentally trash their victims' lives some other way. These kinds of users can't be stopped. Feel free to try out email filters, but please, don't tell me that we're within 20 years of them starting to actually work.
White lists gona be white lists, in other news: any fool can do a study.
GoDaddy & others are @ FAULT: Why? UNLIMITED subdomains used for spam/phish (& other forms of malware) for $1 type deals!
* THAT SHOULD BE STOPPED & FUCK THEM + THEIR "PROFIT MOTIVE" BULLSHIT!
(You put higher COSTS on them malware maker etc.? It stalls them like it does you in life - nobody has "unlimited funding" after all!)
APK
P.S.=> What kills me (you hit on 1 possible too by the way)? NOT examining & PREVENTING "Root Causes" of woes in society - no, instead "busy work" (dig that ditch, now refill it again & repeat) bullshit is done (just like the 'war on drugs' when you have 1 branch of gov't. TRYING to stall it, you have the CIA importing drugs - wtf?). Why the 'busy work'? Jobs. For instance, IF you made weed legal nationwide (which I feel it should be, weed smokers are harmless imo, non-violent (get stoned & eat lol) but NOT OPIATES - those turn men into fiending monsters doomed to inevitable destruction of themselves + others that are their victims (especially loved ones)), how many probation/parole officers lose a job (thus taxpayers)? Yes - this is a REAL conundrum that, but it's NOT stalling the root cause either (which I do NOT think they want 'stopped' imo & NOT only for taxpayer creation purposes)... apk
Microsoft the company who made weblinks dangerous.
Company that sells email security service touts the dangers of your current email security service.
Yup. Most people don't know that anymore.
And in the article, did the reporting company address how many of their positives for malicious were false positives?
Yes, but... "Anymore"? I think most people didn't even know it at the time it started to happen. The average person is almost 100% technically illiterate, and thus unable to connect the dots. People kept using the most insecure systems out there, and then wondering what went wrong when they clicked on the link to see the animation of the dancing squirrel.
Answer 2 simple questions: 1.) Do hosts stop threats served by hostname (the way threats are done most) by blocking them? Yes. 2.) Do hosts speed you up 2 ways in adblocking (preventing more infection/tracking/slowdown) & via hardcoded favorite sites resolving faster + protecting vs. dns down or redirect poisoned? Yes.
* AN OUNCE OF PREVENTION is SUPERIOR to 10 TONS OF "CURE"!
APK
P.S.-> HAS THE JACKASS WHO WROTE WHAT YOU SPIT BACK done work that's that effective doing more for less faster in kernelmode speed (cpu priority) w/ less complexity for exploit + excess overheads vs. solutions KNOWN to be security-issue riddled (like addons (souled-out to NOT work by default OR easily detected & blocked that are BYPASSABLE & EXPLOITABLE), DNS & Antivirus)? NO - he wrote a firewall & RAN OUT ON IT WHEN IT GOT TOUGH is what!
LASTLY - It's called COMMON-SENSE blocking what can HURT YOU from HARMING YOU... apk
See subject & https://it.slashdot.org/commen... As far as "Mr. Ranum security" (big fucking deal)?
He hasn't done something that good (I have) & what he DID do HE RAN OUT ON & probably "GIVE UP" again if the "going gets tough" (he has before).
E.G. He wrote a firewall w/ overheads (for starters & see my ps below 4 the rest) in filtering drivers HE GAVE UP ON (most likely IP address based only, most threats are done by hostname).
ONLINE Whitelists = MAINTENANCE (negatives) NIGHTMARES.
Hosts specifics don't BLOCKING specific threats.
PROGRAMMATIC Whitelists = EASILY PENETRATED via DLL INJECTION!
I could turn my hosts program into a whitelist (stop DNS services & use favorites) though.
Mr. "RANUM SECURITY" = BS artist trying to "further his own agenda".
COMMON-SENSE is 1 oz. of PREVENTION = worth 10 tons of cure (epsecially vs. whitelist stupidity unless you want a TOTALLY insulated environs, then WHY GO ONLINE @ ALL?).
BLOCK what tries HARMING YOU? It can't!
APK
P.S.=> FINAL QUESTION: IF I took a drive down to Morris PA where he's from & SWUNG @ his head IF he'd try BLOCK IT? He'd probably RUN as he RAN on his firewall!
I am receiving the bank insurance malware attachment every day it is getting past the Kaspersky Linux email server. Even SpamAssassin now recognises the e-mails as spam, but Kaspersky not a whisper.
Bad news for the unemployed ( jobseekers and universal credit ) you are all being switched over to computerised jobsearch from your home and you have to communicate with your adviser through e-mail. All your jobsearch activities will be done through e-mail. You will no longer be going to the job center.
Spam gangs are setting up fake jobsearch websites to collect your e-mail addresses those who are silly enough to click the links or read the attachments are going to have endless problems. The new malware on the block is calling itself Spybot, naming itself after a anti-malware program attacking jobseekers.
See subject & results from THIS month alone https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: There's BULLSHIT & doing nothing pessimsm & then? There's CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof).
* The film, w/ a "hero" of mine in I AM LEGEND, see it & I do it via MUSTANG 5.0 speed & power (like the beginning of the film: Take something DESIGNED BY (kernelmode nature) NATURE & REPROGRAM IT TO WORK FOR THE BODY instead of against it...))
P.S.=> 3 things show I do it right:
1st = User praise my hosts engine https://tech.slashdot.org/comm...
2nd "ATTACKS" I GET (from UNIDENTIFIABLE ac as Elon Musk got https://tech.slashdot.org/stor... )
3rd BEING IMITATED = "Imitation = sincerest form of flattery" https://linux.slashdot.org/com... ... apk
I hate the ones in Outlook that change the links like: https://na01.safelinks.protect...... Argh.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Ask "El Chicano" why he ran from https://it.slashdot.org/commen... & https://it.slashdot.org/commen... ?
LET ME TELL YOU WHY: I think he's a LYING BULLSHIT ARTIST is why - why?
Well, anyone that's CONFIDENT in themselves & TELLING THE TRUTH about themselves WOULD NOT HIDE BEHIND A FAKE NAME (or run from my FAIR QUESTIONS).
* I hope he answers - I am going to have a FIELD DAY on his ass on several levels!
Such as WHERE DOES HE ALLEGEDLY TEACH (Last Chance U perhaps) & IF he's "so proficient" @ PROGRAMMING then let's SEE HIS WORK (oh, he says it's "only on the backend & servers" - yea, ok - it's on the backend alright - his ASS is talking as is true of ALL his type (backend SHIT is a JOKE & simple to code vs. GUI where you have to track USER INTERACTION (which is why even DRIVERS are typically tiny)).
Lastly: NOTE THE DOWNMODS STARTED THE SECOND ElChicano GETS OUT OF WORK ON FRIDAYS too + only MINUTES PRIOR TO THIS POST NEXT DAY (once downmod points get reloaded - especially to sockpuppeteers using multiple accounts) yes, I noted WHEN He posts on Fridays via his post history - HOW MANY SOCKPUPPETS DO YOU USE, ElChicano? (Cat got your tongue vs. ANSWERING my questions too?? Yes)
I know how "your kind", bullshitters, operate.
APK
P.S.=> See subject & see my reply (wait till he does answer - I doubt he will but IF he does? Wait till you see me rip him in 1/2)... apk
I don't like spam. You don't like spam. But spam is NOT malicious. That reduces their hyped totals significantly.