By now, it has been widely reported in the media that there was a fake HKCERT email advising recipients to patch the recent Adobe Flash vulnerability and a fake patch was attached. I tried to look at what HKCERT has been taking in order to protect its email domain. Unfortunately, HKCERT does not use Sender Policy Framework to specify what IP addresses and domains can use "hkcert.org" as the sender domain in the email header. HKCERT has learnt a lesson in hard way.
2 comments:
There are a lots of security topics on server, network, etc. but seldom on email. However, email still remains one of the important communications channels.
Email spam and scam are important security topics. Spam is the catalyst of all cybercrimes. If we can not counter spam effectively, we can not have a secure cyber space.
Post a Comment