You'll remember how I track spam. Back in October 2008, I observed a precipitous drop. Remember that my numbers lag about 30 days as that's how long Google leaves spam before they delete it. I continued to watch this drop rapidly until it bottomed out in early December 2008. Now it's clearly headed back up.
While you have to look pretty closely at this chart, it represents a drop of almost 50%, 1500 to just over 800.
The story behind this is what's interesting.
Start with Brian Krebs' article from the Washington Post. It seems that the Internet backbone providers got together and took McColo off the air. McColo was a web hosting service that was accused of hosting 75% of spam. That's amazing.
Shortly after Krebs' article went up, FireEye began a series of blog posts about "the rest of the story." The links are here:
But then the story took a twist. The spam had been emanating from a huge botnet known as Srizbi.
It seems that this botnet had a plan to reestablish their command and control center in the event that they lost their host.
The good guys at FireEye even began buying up the domain names generated by the Sirzbi algorithm but to no avail. By late November, Krebs called it a "resurrection." He recapped it in this blog entry.
Andre' M. Di Mino of The Shadowserver Foundation discusses this in his podcast.
The Fall and Rise of Spam
You'll remember how I track spam. Back in October 2008, I observed a precipitous drop. Remember that my numbers lag about 30 days as that's how long Google leaves spam before they delete it. I continued to watch this drop rapidly until it bottomed out in early December 2008. Now it's clearly headed back up.
While you have to look pretty closely at this chart, it represents a drop of almost 50%, 1500 to just over 800.
The story behind this is what's interesting.
Start with Brian Krebs' article from the Washington Post. It seems that the Internet backbone providers got together and took McColo off the air. McColo was a web hosting service that was accused of hosting 75% of spam. That's amazing.
Shortly after Krebs' article went up, FireEye began a series of blog posts about "the rest of the story." The links are here:
But then the story took a twist. The spam had been emanating from a huge botnet known as Srizbi.
It seems that this botnet had a plan to reestablish their command and control center in the event that they lost their host.
The good guys at FireEye even began buying up the domain names generated by the Sirzbi algorithm but to no avail. By late November, Krebs called it a "resurrection." He recapped it in this blog entry.
Andre' M. Di Mino of The Shadowserver Foundation discusses this in his podcast.
My wife's work has a Canon PowerShot A95. It's a couple of years old but still a nice camera.
She came home one day and mentioned that there was something wrong with it. It wasn't taking pictures.
The next time I was by there I picked it up and played with it. When you viewed the pictures, it seemed to not display anything.
I kept playing with it and realized that if I continued to scroll backwards, I eventually got to old pictures.
Hmmm.
Then I took some pictures and they too were black. You could see all the menus though.
Seemed like the capture thingy was busted. (Don't you love it when I talk techie?)
I fell back to my faithful Google search for "Canon PowerShot A95 black LCD." Wouldn't you know that the first hit told me about the problem?
Eventually I got to this page at Canon.
The bad news is there is something fundamentally wrong with the CCD Image Sensors on a number of Canon cameras in this era.
The good news is that Canon is doing the right thing. A quick call to Canon and they e-mailed us a pre-paid UPS label to return the A95 to them. Within 10 days it was back repaired for no charge.
Nobody likes it when a product they buy fails but the way Canon is handling this is exemplary.
published with Windows Live Writer
Good Job, Canon
My wife's work has a Canon PowerShot A95. It's a couple of years old but still a nice camera.
She came home one day and mentioned that there was something wrong with it. It wasn't taking pictures.
The next time I was by there I picked it up and played with it. When you viewed the pictures, it seemed to not display anything.
I kept playing with it and realized that if I continued to scroll backwards, I eventually got to old pictures.
Hmmm.
Then I took some pictures and they too were black. You could see all the menus though.
Seemed like the capture thingy was busted. (Don't you love it when I talk techie?)
I fell back to my faithful Google search for "Canon PowerShot A95 black LCD." Wouldn't you know that the first hit told me about the problem?
Eventually I got to this page at Canon.
The bad news is there is something fundamentally wrong with the CCD Image Sensors on a number of Canon cameras in this era.
The good news is that Canon is doing the right thing. A quick call to Canon and they e-mailed us a pre-paid UPS label to return the A95 to them. Within 10 days it was back repaired for no charge.
Nobody likes it when a product they buy fails but the way Canon is handling this is exemplary.
published with Windows Live Writer
That got me to thinking about booting BartPE from that.
I already had a BartPE CD so I just wanted to copy that to an SD card. I Googled "copy bartpe cd to usb drive" and got some pretty good hits. I chose this link.
Worked like a charm. Now I can boot BartPE from the SD card and use an external USB drive to Ghost to.
BartPE on SD Card
That got me to thinking about booting BartPE from that.
I already had a BartPE CD so I just wanted to copy that to an SD card. I Googled "copy bartpe cd to usb drive" and got some pretty good hits. I chose this link.
Worked like a charm. Now I can boot BartPE from the SD card and use an external USB drive to Ghost to.
I'm obviously a big Sitemeter fan. When I was looking at my report the other day, I noticed something odd. There were several entries from an ISP called Google! Look at this list.
| Date/Time | Entry Page | Comments |
| 10/05/08 5:21:20 pm | testblog/2007_12_01_archive.html | XP IE6 |
| 10/12/08 5:44:41 pm | testblog/ | XP IE6 |
| 10/12/08 10:00:55 pm | 2008/09/thank-you-google-i-think.html | From Google in NY OS X Firefox |
| 10/12/08 10:52:20 pm | testblog/2007/12/test-2.html | XP IE6 |
| 10/13/08 2:35:03 am | testblog/2007/12/test.html | XP IE6 |
| 10/18/08 1:41:10 am | testblog/2007/12/test-2.html | XP IE6 |
| 10/18/08 4:48:18 am | testblog/ | XP IE6 |
| 10/18/08 11:21:47 am | testblog/2007/12/test.html | XP IE6 |
| 10/19/08 7:47:43 pm | 2008/10/thinkpad-xp-sp3-wi-fi.html | XP IE6 |
| 10/20/08 5:53:27 am | 2007_12_01_archive.html | XP IE6 |
| 10/23/08 2:51:24 pm | 2008/10/thinkpad-xp-sp3-wi-fi.html | XP IE6 |
| 10/26/08 3:12:51 pm | 2008/02/gps-and-google-maps.html | WinNT IE7 "can i imports maps to mio c320" |
| 11/09/08 6:43:04 pm | Javascript disabled | Win2000 IE6 |
What on earth is going on with Google?
Why do they keep visiting my test blog? And those entries aren't even active. They're test entries when I was experimenting with using Blogspot's ftp method of publishing.
Someone from Google's New York office even visited.
I think it's interesting to notice that most visits were from Windows XP, IE6, and 1024x768 display. Probably the same PC.
Every now and then, you'll see an outlier, like the WinNT IE7 visit on 10/26/08. It looks like that visit was personal as it was the result of a Google search for "can i imports maps to mio c320." And the security conscious visitor on 11/09/09 who had his Javascript disabled.
Google, what are you up to?
published with Windows Live Writer
What's Google Up To?
I'm obviously a big Sitemeter fan. When I was looking at my report the other day, I noticed something odd. There were several entries from an ISP called Google! Look at this list.
| Date/Time | Entry Page | Comments |
| 10/05/08 5:21:20 pm | testblog/2007_12_01_archive.html | XP IE6 |
| 10/12/08 5:44:41 pm | testblog/ | XP IE6 |
| 10/12/08 10:00:55 pm | 2008/09/thank-you-google-i-think.html | From Google in NY OS X Firefox |
| 10/12/08 10:52:20 pm | testblog/2007/12/test-2.html | XP IE6 |
| 10/13/08 2:35:03 am | testblog/2007/12/test.html | XP IE6 |
| 10/18/08 1:41:10 am | testblog/2007/12/test-2.html | XP IE6 |
| 10/18/08 4:48:18 am | testblog/ | XP IE6 |
| 10/18/08 11:21:47 am | testblog/2007/12/test.html | XP IE6 |
| 10/19/08 7:47:43 pm | 2008/10/thinkpad-xp-sp3-wi-fi.html | XP IE6 |
| 10/20/08 5:53:27 am | 2007_12_01_archive.html | XP IE6 |
| 10/23/08 2:51:24 pm | 2008/10/thinkpad-xp-sp3-wi-fi.html | XP IE6 |
| 10/26/08 3:12:51 pm | 2008/02/gps-and-google-maps.html | WinNT IE7 "can i imports maps to mio c320" |
| 11/09/08 6:43:04 pm | Javascript disabled | Win2000 IE6 |
What on earth is going on with Google?
Why do they keep visiting my test blog? And those entries aren't even active. They're test entries when I was experimenting with using Blogspot's ftp method of publishing.
Someone from Google's New York office even visited.
I think it's interesting to notice that most visits were from Windows XP, IE6, and 1024x768 display. Probably the same PC.
Every now and then, you'll see an outlier, like the WinNT IE7 visit on 10/26/08. It looks like that visit was personal as it was the result of a Google search for "can i imports maps to mio c320." And the security conscious visitor on 11/09/09 who had his Javascript disabled.
Google, what are you up to?
published with Windows Live Writer
Well, now Steve is a Firefox user and and has embraced the NoScript add-on.
He went on and on about NoScript in Security Now 168 where he talked about clickjacking. If you don't know what that is, go listen but don't loose any sleep about it.
Then in Security Now 169 Steve confessed:
Steve: The reason I didn't want to skip this question was this was when I planned to confess.Even Steve Gibson runs with Javascript enabled!
Leo: You turn it off.
Steve: I've turned it off, too.
No doubt turning off Javascript is the safest thing to do but it's pretty much impractical.
So that got me to wondering how many people actually TRY to surf this way.
Here's what my blog readers look like. This blog is on the left. WhereIveBen is on the right.
3.5% of the geeks have Javascript turned off and 1% of the normal people.
Javascript or Not
Well, now Steve is a Firefox user and and has embraced the NoScript add-on.
He went on and on about NoScript in Security Now 168 where he talked about clickjacking. If you don't know what that is, go listen but don't loose any sleep about it.
Then in Security Now 169 Steve confessed:
Steve: The reason I didn't want to skip this question was this was when I planned to confess.Even Steve Gibson runs with Javascript enabled!
Leo: You turn it off.
Steve: I've turned it off, too.
No doubt turning off Javascript is the safest thing to do but it's pretty much impractical.
So that got me to wondering how many people actually TRY to surf this way.
Here's what my blog readers look like. This blog is on the left. WhereIveBen is on the right.
3.5% of the geeks have Javascript turned off and 1% of the normal people.It's a Java applet so there's nothing to install. It "only" checks about 100 programs but they're the key ones.
The OSI page says it takes "5-40 seconds." I saw this all over the place, as high as 4 minutes. Most runs were in the sub-20 second range though.
The first run showed up vulnerabilities in several Adobe products. I'm fanatical about patching Adobe products so that was a surprise.
I finally had to download and save the Flash Player uninstaller. Then closed my browser(s) and ran the uninstaller. When it was done, clicked on the "Show Details" button and looked for "Delete on Reboot..." I found one so I needed to reboot.
After the reboot, I went back to Adobe and installed the current Flash Player.
After that, the OSI ran clean.
Maybe I'll go play with the Secunia Personal Software Inspector (PSI) next.
Secunia Online Software Inspector
It's a Java applet so there's nothing to install. It "only" checks about 100 programs but they're the key ones.
The OSI page says it takes "5-40 seconds." I saw this all over the place, as high as 4 minutes. Most runs were in the sub-20 second range though.
The first run showed up vulnerabilities in several Adobe products. I'm fanatical about patching Adobe products so that was a surprise.
I finally had to download and save the Flash Player uninstaller. Then closed my browser(s) and ran the uninstaller. When it was done, clicked on the "Show Details" button and looked for "Delete on Reboot..." I found one so I needed to reboot.
After the reboot, I went back to Adobe and installed the current Flash Player.
After that, the OSI ran clean.
Maybe I'll go play with the Secunia Personal Software Inspector (PSI) next.
Posts
