now browsing by tag


#cybersecurity | #hackerspace | BIMI Up, Scotty! A look at Brand Indicators for Message Identification (BIMI) Adoption with R and the Alexa Top 1m

Source: National Cyber Security – Produced By Gregory Evans

It seems that the need for MX, DKIM, SPF, and DMARC records for modern email setups were just not enough acronyms (and setup tasks) for some folks, resulting in the creation of yet-another-acronym — BIMI, or, Brand Indicators for Message Identification. The goal of BIMI is to “provide a mechanism for mail senders to publish a validated logotype that mail receivers can display with the senders’ messages.” You can read about the rationale for BIMI and the preliminary RFC for crafting BIMI DNS TXT records over a few caffeinated beverages. I’ll try to TL;DR the high points below.

The idea behind BIMI is to provide a visual indicator of the brand associated with a mail message; i.e. you’ll have an image to look at somewhere in the mail list display and/or mail message display of your mail client if it supports BIMI. This visual indicator is merely an image URL association with a brand mail domain through the use of a new special-prefix DNS TXT record. Mail intermediaries and mail clients are only supposed to allow presentation of BIMI-record provided images after verifying that the email domain itself conforms to the DMARC standard (which you should be using if you’re an organization/brand and shame on you if you’re not by now). In fact, the goal of BIMI is to help ensure:

  • the organization is legitimate
  • the domain names are controlled by the organization
  • the organization has current rights to display the indicator

When BIMI validation is being performed, the party requesting validation is currently authorized to do so by the organization and is who they say they are.

If you’re having flashbacks to the lost era of when SSL certificates were supposed to have similar integrity assertions, you’re not alone (thanks, LE).

What’s Really Going On?

I’m not part of any working group associated with BIMI, I just measure and study the internet for a living. As someone who is as likely to use alpine to peruse mail as I am a thick email client or (heaven forbid) web client, BIMI will be of little value to me since I’m not really going to see said images anyway.

Reading through all the BIMI (and associated) RFCs, email security & email marketing vendor blogs/papers, and general RFC commentators, BIMI isn’t solving any problem that well-armored DMARC configurations aren’t already solving. It appears to be driven mainly by brand marketing wonks who just want to shove brand logos in front of you and have one more way to track you.

Yep, tracking email perusals (even if it’s just a list view) will be one of the benefits (to brands and marketing firms) and is most assuredly a non-stated primary goal of this standard. To help illustrate this, let’s look at the BIMI record for one of the most notorious tracking brands on the planet, Verizon (in this case, Verizon Wireless). When you receive a BIMI-“enhanced” email from verizonwireless.com the infrastructure handling the email receipt will look for and process the BIMI header that was sent along for the ride and eventually query a TXT record for default._bimi.verizonwireless.com (or whatever the sender has specified instead of default — more on that in a bit). In this case the response will be:

v=BIMI1; l=https://ecrm.e.verizonwireless.com/AC/Global/Bling/Images/checkmark/verizon.svg;

which means the image they want displayed is at that URL. Your client will have to fetch that during an interactive session, so your IP address — at a minimum — will be leaked when that fetch happens.

Brands can specify something other than the default. selector with the email, so they could easily customize that to be a unique identifier which will “be you” and know when you’ve at least looked at said email in a list view (provided that’s how your email client will show it) if not in the email proper. Since this is a “high integrity” visual component of the message, it’s likely not going to be subject to the “do not load external images/content” rules you have setup (you do view emails with images turned off initially, right?).

So, this is likely just one more way the IETF RFC system is being abused by large corporations to continue to erode our privacy (and get their horribly designed logos in our faces).

Let’s see who are the early adopters of BIMI.

BIMI Through the Alexa Looking Glass

Amazon had stopped updating the Alexa Top 1m sites for a while but it’s been back for quite some time so we can use it to see how many sites in the top 1m have BIMI records.

We’ll use the {zdnsr} package (also on GitLab, SourceHut, BitBucket, and GitUgh) to perform a million default._bimi prefix queries and see how many valid BIMI TXT record responses we get.

library(zdnsr) # hrbrmstr/zdnsr on social coding sites

refresh_publc_nameservers_list() # get a current list of active nameservers we can use

# read in the top1m
top1m <- read_csv("~/data/top-1m.csv", col_names = c("rank", "domain")) # http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

# fire off a million queries, storing good results where we can pick them up later
  entities = sprintf("%s.%s", "default._bimi", top1m$domain),
  query_type = "TXT",
  num_nameservers = 500,
  output_file = "~/data/top1m-bimi.json",

# ~10-30m later depending on your system/network/randomly chosen resolvers

bmi <- jsonlite::stream_in(file("~/data/top1m-bimi.json")) # using jsonlite vs ndjson since i don't want a "flat" structure

idx <- which(lengths(bmi$data$answers) > 0) # find all the ones with non-0 results

# start making a tidy data structure
  answer = bmi$data$answers[idx]
) %>%
  unnest(answer) %>%
  filter(grepl("^v=BIM", answer)) %>% # only want BIMI records, more on this in a bit
    l = stri_match_first_regex(answer, "l=([^;]+)")[,2], # get the image link
    l_dom = domain(l) # get the image domain
  ) %>% 
    suffix_extract(.$name) # so we can get the apex domain below
  ) %>% 
    name_apex = glue::glue("{domain}.{suffix}"),
    name_stripped = stri_replace_first_regex(
      name, "^default\._bimi\.", "https://securityboulevard.com/"
  ) %>% 
  select(name, name_stripped, name_apex, l, l_dom, answer) -> bimi_df

Here’s what we get:

## # A tibble: 321 x 6
##    name       name_stripped  name_apex  l                            l_dom               answer                       
##    <chr>      <chr>          <glue>     <chr>                        <chr>               <chr>                        
##  1 default._… ebay.com       ebay.com   https://ir.ebaystatic.com/p… ir.ebaystatic.com   v=BIMI1; l=https://ir.ebayst…
##  2 default._… linkedin.com   linkedin.… https://media.licdn.com/med… media.licdn.com     v=BIMI1; l=https://media.lic…
##  3 default._… wish.com       wish.com   https://wish.com/static/img… wish.com            v=BIMI1; l=https://wish.com/…
##  4 default._… dropbox.com    dropbox.c… https://cfl.dropboxstatic.c… cfl.dropboxstatic.… v=BIMI1; l=https://cfl.dropb…
##  5 default._… spotify.com    spotify.c… https://message-editor.scdn… message-editor.scd… v=BIMI1; l=https://message-e…
##  6 default._… ebay.co.uk     ebay.co.uk https://ir.ebaystatic.com/p… ir.ebaystatic.com   v=BIMI1; l=https://ir.ebayst…
##  7 default._… asos.com       asos.com   https://content.asos-media.… content.asos-media… v=BIMI1; l=https://content.a…
##  8 default._… wix.com        wix.com    https://valimail-app-prod-u… valimail-app-prod-… v=BIMI1; l=https://valimail-…
##  9 default._… cnn.com        cnn.com    https://amplify.valimail.co… amplify.valimail.c… v=BIMI1; l=https://amplify.v…
## 10 default._… salesforce.com salesforc… https://c1.sfdcstatic.com/c… c1.sfdcstatic.com   v=BIMI1; l=https://c1.sfdcst…
## # … with 311 more rows

I should re-run this mass query since it usually takes 3-4 runs to get a fully comprehensive set of results (I should also really use work’s infrastructure to do the lookups against the authoritative nameservers for each organization like we do for our FDNS studies, but this was a spur-of-the-moment project idea to see if we should add BIMI to our studies and my servers are “free” whereas AWS nodes most certainly are not).

To account for the aforementioned “comprehensiveness” issues, we’ll round up the total from 310 to 400 (the average difference between 1 and 4 bulk queries is more like 5% than 20% but I’m in a generous mood), so 0.04% of the domains in the Alexa Top 1m have BIMI records. Not all of those domains are going to have MX records but it’s safe to say less than 1% of the brands on the Alexa Top 1m have been early BIMI adopters. This is not surprising since it’s not really a fully baked standard and no real clients support it yet (AOL doesn’t count, apologies to the Oathers). Google claims to be “on board” with BIMI, so once they adopt it, we should see that percentage go up.

Tracking isn’t limited to a tricked out dynamic DNS configuration that customizes selectors for each recipient. Since many brands use third party services for all things email, those clearinghouses are set to get some great data on you if these preliminary results are any indicator:

count(bimi_df, l_dom, sort=TRUE)
## # A tibble: 255 x 2
##    l_dom                                                                          n
##    <chr>                                                                      <int>
##  1 irepo.primecp.com                                                             13
##  2 www.letakomat.sk                                                               9
##  3 valimail-app-prod-us-west-2-auth-manager-assets.s3.us-west-2.amazonaws.com     8
##  4 static.mailkit.eu                                                              7
##  5 astatic.ccmbg.com                                                              5
##  6 def0a2r1nm3zw.cloudfront.net                                                   4
##  7 static.be2.com                                                                 4
##  8 www.christin-medium.com                                                        4
##  9 amplify.valimail.com                                                           3
## 10 bimi-host.250ok.com                                                            3
## # … with 245 more rows

The above code counted how many BIMI URLs are hosted at a particular domain and the top 5 are all involved in turning you into the product for other brands.

Speaking of brands, these are the logos of the early adopters which I made by generating some HTML from an R script and screen capturing the browser result:


The data from the successful BIMI results of the mass DNS query is at https://rud.is/dl/2020-02-21-bimi-responses.json.gz. Knowing there are results to be had, I’ll be setting up a regular (proper) mass-query of the Top 1m and see how things evolve over time and possibly get it on the work docket. We may just do a mass BIMI prefix query against all FDNS apex domains just to see a broader scale result, so stay tuned.

Drop note if you discover any more insights from the data (there are a few in there I’m saving for a future post) or your own BIMI inquiries; also drop a note if you have a good defense for BIMI other than marketing and tracking.

*** This is a Security Bloggers Network syndicated blog from rud.is authored by hrbrmstr. Read the original post at: https://rud.is/b/2020/02/21/bimi-up-scotty-a-look-at-brand-indicators-for-message-identification-bimi-adoption-with-r-and-the-alexa-top-1m/

Source link

The post #cybersecurity | #hackerspace |<p> BIMI Up, Scotty! A look at Brand Indicators for Message Identification (BIMI) Adoption with R and the Alexa Top 1m <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Milestone Boulevard Is Closed At Nine Mile. Here’s A Look At The Work. : NorthEscambia.com

Source: National Cyber Security – Produced By Gregory Evans Milestone Boulevard is closed at Nine Mile Road for drainage work that is part of the Nine Mile widening project. Crews have demolished a section of the roadway. After digging a trench that is about 4-feet deep, 30-inch pipes will be put in place. The roadway […] View full post on AmIHackerProof.com

#deepweb | A New Look At Ritwik Ghatak’s Bengal | by Ratik Asokan | NYR Daily

Source: National Cyber Security – Produced By Gregory Evans National Film Archive of IndiaA still from Ritwik Ghatak’s Subarnarekha, 1962 In February 1972, three months after the close of East Pakistan’s bloody war of secession, the Indian filmmaker Ritwik Ghatak traveled to Dhaka, capital of the new nation of Bangladesh, as a state guest. It […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Fraud scams continue to evolve — BBB tells you what to look out for  – The Advocate-Messenger

Source: National Cyber Security – Produced By Gregory Evans Grandparents have quite a soft spot in their hearts for their grandbabies, no matter the age of those “babies.” Maybe this is why the “grandparents scam” call seems to never go away.  Lately, people have been reporting a “resurgence” of the scam call, where someone calls […] View full post on AmIHackerProof.com

#deepweb | WFP Global Hotspots 2020: Potential flashpoints to look out for in New Year – World

Source: National Cyber Security – Produced By Gregory Evans

World Food Programme forecasts global hunger hotspots as a new decade dawns

Rome – Escalating hunger needs in sub-Saharan Africa dominate a World Food Programme (WFP) analysis of global hunger hotspots in the first half of 2020 with millions of people requiring life-saving food assistance in Zimbabwe, South Sudan, the Democratic Republic of Congo and the Central Sahel region in the coming months. The sheer scale and complexity of the challenges in Africa and other regions will stretch the resources and capacity of WFP and other agencies to the limit. Ramping up the humanitarian response will again require the generous support of donor governments to fund the assistance required to save lives and support development.

“WFP is fighting big and complex humanitarian battles on several fronts at the start of 2020,” said David Beasley, Executive Director of WFP. “In some countries, we are seeing conflict and instability combine with climate extremes to force people from their homes, farms and places of work. In others, climate shocks are occurring alongside economic collapse and leaving millions on the brink of destitution and hunger.”

The WFP 2020 Global Hotspots Report highlights grave challenges in sub-Saharan Africa over the next six months with Zimbabwe, South Sudan, the Democratic Republic of Congo and the Central Sahel region standing out when it comes to the needs of hungry children, women and men. The WFP report notes that amidst an imploding economy, the situation in Zimbabwe is increasingly precarious as the country enters the peak of its “lean season” when food is at its most scarce and the number of hungry people has reached its highest point in a decade. WFP is planning assistance for more than 4 million people in Zimbabwe as concerns grow that the impact of a regional drought could drag yet more countries down in the first months of the year.

“Last year, WFP was called upon to bring urgent large-scale relief to Yemen, Mozambique after Cyclone Idai, Burkina Faso and many other crises to avert famine,” said Margot Van Der Velden, WFP Director of Emergencies, “But the world is an unforgiving place and as we turn the page into 2020 WFP is confronting new, monumental humanitarian challenges that we need to address with real urgency.”

A rapidly evolving crisis in Haiti is of deep concern at the turn of the year as escalating unrest paralyzes the economy, driving food prices out of reach of many people (+40% between October 2018 and October 2019). According to a recent IPC survey on food insecurity, this has left 3.7 million people – or one-third of the population – in need of assistance

In Asia, Afghanistan faces insecurity combined with drought, leaving more than 11 million people – over a third of the country’s population – severely food insecure.

In the Middle East, WFP can look back on its success in Yemen where it scaled up by 50% from providing food assistance to 8 million people a month at the beginning of 2018 to 12 million by the end of the year. As it looks forward into 2020, WFP remains alert to growing food needs in Iraq and Lebanon, where civil unrest and macro-economic crisis are leading to an increase in food insecurity.

WFP estimates it will require more than US $10 billion to fully fund all its operations in more than 80 countries around the world in 2020.

“Every year at WFP we plan ahead for the next 12 months and ask for support from the generous governments, private sector institutions and members of the public who help us reach our humanitarian and development goals,” said Beasley. “As an agency that depends entirely on voluntary donations, we have a responsibility to show WFP can continue to be the most efficient and effective global organization delivering the kind of food assistance that saves lives and changes lives across the world.”

Photos of Hunger Hotspot countries available here

The United Nations World Food Programme is the world’s largest humanitarian organization, saving lives in emergencies, building prosperity and supporting a sustainable future for people recovering from conflict, natural disasters and the impact of climate change.

Follow us on Twitter @wfp_media

For more information please contact (email address: firstname.lastname@wfp.org):

Frances Kennedy, WFP/ Rome, Tel. +39 06 6513 3725, Mob. +39 346 7600 806

Anne Poulsen, WFP/Copenhagen Mob. +45 40 50 3993

Bettina Luescher WFP/ Geneva Berlin, Mob. +49 160. 9926 1730

Steve Taravella, WFP/Washington, Tel. +1 202 653 1149, Mob. +1 202 770 5993

Source link

The post #deepweb | <p> WFP Global Hotspots 2020: Potential flashpoints to look out for in New Year – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27, Social Engineering Village, Chris Hadnagy’s ‘SEVillage 10 Year Anniversary: A Look Back’

Source: National Cyber Security – Produced By Gregory Evans Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Social Engineering Village, Chris Hadnagy’s ‘SEVillage 10 Year Anniversary: A Look Back’ appeared first […] View full post on AmIHackerProof.com

#cybersecurity | hacker | McAfee names riskiest celebs to look up online

Source: National Cyber Security – Produced By Gregory Evans

Interested in watching free episodes of “The Handmaid’s Tale,” starring Alexis Bledel? Care to look up your favorite episode of James Corden’s Carpool Karaoke? Search for them online at your own peril.

McAfee has unveiled its 2019 list of the most dangerous celebrities, revealing which stars are the riskiest to search for online, based on their likelihood to expose users to malicious content. Cybercriminals, after all, are always looking for popular subjects and celebrities as inspiration for lures in hopes of tricking users into clicking on malicious links.

Bledel and Corden landed at the top of the list at one and two, respectively, followed by Sophie Turner, Anna Kendrick, Lupita Nyong’o, Tessa Thompson, Jimmy Fallon, Jackie Chan, Lil Wayne, Nicki Minaj and Tessa Thompson.

Alexis Bledel

“This year’s study emphasizes that today’s streaming culture doesn’t exactly protect users from cybercriminals,” stated McAfee Chief Consumer Security Evangelist Gary Davis in a blog post this week.” For example, Alexis Bledel and Sophie Turner are strongly associated with searches including the term ‘torrent,’ indicating that many fans of ‘The Handmaid’s Tale’ and ‘Game of Thrones’ have been pursuing free options to avoid subscription fees. However, users must understand that torrent or pirated downloads can open themselves up to an abundance of cyberthreats.”

Original Source link

The post #cybersecurity | hacker | McAfee names riskiest celebs to look up online appeared first on National Cyber Security.

View full post on National Cyber Security

Companies #Look To #Cyber Insurance For #Protection Against #Hackers

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans You have health insurance, car insurance, homeowner’s insurance, how about cyber insurance?   More and more local businesses are buying protection for themselves from huge financial losses in a cyber-attack.   Cyber protection is a fairly new offering in the insurance industry.  But one Sioux Falls development company […] View full post on AmIHackerProof.com | Can You Be Hacked?

How To Look #Back To The #Future Of #Cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

How To Look #Back To The #Future Of #Cybersecurity

As if to cap off an already eventful National Cybersecurity Awareness Month—and perhaps proving that there is no honor among thieves—a hacker breached a forum for hackers last week, and is ransoming fellow cyber-attackers’ user data for $50,000. And there certainly seems to be plenty of occasions to increase our awareness of cybersecurity issues.

About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016—according to a digital security firm’s study. The U.S. Department of Homeland Security issued a warning last week about the Bad Rabbit ransomware, which is disrupting government, hospital and other systems internationally. And cybersecurity researchers confirmed last week that an enormous botnet has already infected more than one million organizations—and is on the verge of unleashing “the next cyber-hurricane.”

It’s crucial that we learn from these attacks. And—just as some are using high-tech for cyberattacks—others are using blockchain, artificial intelligence and other cutting-edge technology to improve cybersecurity.

Blockchain, AI, and IoT to the rescue

With so many cyberattacks targeting centralized services, blockchain’s decentralized technology offers cyber-defenses from many types of attacks, according to PC Magazine last week. Among the benefits are blockchain’s transparency and distributed nature, which eliminate the single failure points that many hackers prey upon. But …

“The best defense [organizations] have is the same thing that makes them such an appealing target for hackers: a mountain of data,” PC Magazine stated in a different story last week. “By using machine learning algorithms and other artificial intelligence techniques to identify data patterns, vulnerable user behaviors and predictive security trends, companies are mining and analyzing the wealth of data at their disposal to hopefully stop the next breach from happening.”

However, networks and Internet of Things sensors will still require cybersecurity technology, VentureBeat stated this month. Unsecured devices can be terrible liabilities, so organizations should earnestly evaluate the opportunities and vulnerabilities offered by AI and IoT—and ensure that all users are well trained.

Build a tech-savvy phalanx

Technical savvy helps employees across the organization better understand their work environment and, as a result, operate more securely, according to SmartBrief last week. This will only get more important, as data analytics is increasingly crucial to business success—and as workflow automation continues to get cheaper.

And making rules isn’t enough. For example, in healthcare, HIPAA regulations require that organizations train their workers to maintain patient privacy—and punish those who violate policies and procedures. But employee security awareness is the top healthcare data security concern for 80 percent of health IT executives, according to a 2017 healthcare security study.

“Build a culture of cybersecurity among your executive and physician leaders,” Theresa Meadows, CHCIO, Senior VP and CIO of Cook Children’s Health Care System, stated last month. “Educate them about the threats, myths and importance of good cyber hygiene … they can champion the cause among their peers and staff and get them to buy into safety processes.”

Of course, cybersecurity cultures don’t sprout up overnight.

Learning our lessons

Chief information security officers face the increasingly difficult job of convincing their c-suites that cybersecurity expenditures are worth the big bucks, according to Government Computer News this month. CISOs can use their organizations wealth of data to frame cybersecurity in terms that managers and executives can understand, such as managing risk, business continuity and regulatory compliance.

In short, it’s about taking a step back and learning lessons from the big picture.

“We are so overwhelmed with present security concerns that we don’t have the ability to look into the future — or we hesitate to second guess what cybercriminals might end up doing,” IT Business Edge stated last week. “It’s up to us to recognize what we’ve seen in the past in order to rethink our security solutions of the future.”

And last week’s hacking of the hackers’ forum—as well as other events from this year’s National Cybersecurity Awareness Month—have given us plenty of source material to learn from.

The post How To Look #Back To The #Future Of #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Look out for bogus BBB emails

Source: National Cyber Security – Produced By Gregory Evans

Better Business Bureaus across the country, including BBB serving the Northwest, have been receiving several calls and messages about emails businesses have been receiving. Scammers are using the BBB name and a logo indicating they have violated various federal laws such as “Fair Labor Standards Act” or “Safety and Health…

The post Look out for bogus BBB emails appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures