Archive for March 1st, 2006

2 results.
Mar01

My blog

by Michael Farnum on March 1, 2006 at 5:39 pm
Posted In: Pre-Categories

I want to give some insight on what I plan on doing with this blog. First, I plan on writing about current events in security, like the AOL / Goodmail issue that my last entry discussed. Second, I plan on giving some practical advice about security. I will probably be learning as much from you and your comments as you do from my posts. That is what I want – a place of learning and mutual respect.

Having said that, I will lay down some ground rules:

  1. No trolling. When I discover a troll, I will post-haste kill the comment. For now, comments are open to all, but I will enforce registration if things become unbearable.
  2. No cursing or flaming. I can’t stand rudeness. It makes my skin crawl and my temper boil, so have respect.
  3. If a comment is blatantly false or just plain stupid, I do reserve the right to point the fact out in no uncertain terms. Hard truth is not the same as rudeness. There is often a fine line, but they are not the same.
  4. I also respect the right of commentors to tell me when I am full of crap. I am human, so I can’t say I will always get things right. If I post something stupid, let me know.
  5. This is an information security forum, not a debate engine on religion or politics. If you don’t like a politician, that is your right. But if a law directly or indirectly affects infosec, we will discuss the merits of the legislation, not the sexual preference of the legislator or the cult to which he/she belongs. That is not relevant as far as I am concerned. If you think it may be relevant, then let me know in a comment, but I doubt I will agree, and that is as far as it will go.
  6. This is my little kingdom. I don’t control much, but by golly, this one is mine. I set the rules. If you don’t like ‘em, let me know. But be prepared for rejection. I’m not close-minded; I’m just sure that these rules are right.
  7. I reserve the right to add or delete rules.

OK, that’s my soap-box rant. I look forward to people coming in and smacking my opinions around.

Vet

Comments Off
Mar01

AOL Charging for email

by Michael Farnum on March 1, 2006 at 11:22 am
Posted In: Pre-Categories

Many of you have probably heard about the Goodmail scandal at AOL. Basically, they are trying to implement a system where people / organizations can pay to get better email service. They may not sum it up in some people’s minds, but that is essentially what it comes down to.

Now, I am a security person, so I am paid to be paranoid. That means I am essentially skeptical of anything I hear and read (I know, it is sad, but it is something life has taught me, and it makes for good security as well). In other words, I should have been born in Missouri (leave a comment if you don’t know what that means). That also means that when I see sites popping up like http://www.dearaol.com/, which is slamming AOL for this whole thing, I don’t take their word as truth (believe me, my inclination is to jump on the “stomp on AOL” bandwagon – the initial proposal by AOL made my hackles rise REAL high).

But, in the interest of fairness, justice, the American Way, etc., etc., etc., I have decided to do some more digging. I went to AOL’s site, but there was nothing immediately apparent that was discussing this. So, I went to Goodmail’s site. They have a “Get the Facts” page at http://www.goodmailsystems.com/certifiedmail/index.php. Again, I am cynical, so I can’t take this page for the its face value either. But I have to say that much of their argument is sound. They have stringent criteria for getting certified from what I can see on the page. That is located at http://www.goodmailsystems.com/senders/qualifications.php.

Even with these two sites, their FAQ pages, and many arguments from many people, I have not completely made up my mind on this. As an argument against AOL, I can see phishers duplicating this certified insignia and putting it in their emails, so it might actually make phishing more effective. And with the advent of spear phishing, this could really get dangerous. However, I am not as concerned that AOL might make a business decision to not keep anti-spam, etc. up to date for your general user. I can see the fallout if they at all slack on this, especially since this uproar has risen. Also, there is an argument that this will make some people have a “non-guaranteed” email system. OK. Since when has email been guaranteed? Just because a provider says it doesn’t mean it is so. Anyone with half a technical brain knows the Internet itself is not guaranteed, much less email to your grandma. Sheesh.

Anyway, I can’t just sit back and start arguing, fuming, and screaming like like so many are doing. I am not saying http://www.dearaol.com/ is doing this. What I am saying is don’t make a knee-jerk reaction. Take a look and make and informed decision. Don’t read troller comments. If you still come down against AOL, then so be it. If not, so be it. Just don’t be ignorant.

Vet

Comments Off