October 6, 2006 - #131
Good Morning:
Happy Friday, thankfully. It seems like months ago that I was repenting. Long week, but it should be a good weekend, since it's my birthday tomorrow. That's right, even grumpy analysts have birthdays. Hopefully I'll get to sleep in a bit, spend some quality family time carting my kids to various activities and birthday parties and then enjoy a little gathering with friends tomorrow night. It should be fun.
Today is email security Friday. It seems lots of email security related topics to rant about. As many of you know, this is a topic that I know a thing or two about. But it's good to see the discussion continuing because the topic is important. So whether you are trying to decide how many AV engines to use (here [0]) or how to stop a 0-day email attack (here [0]) - or maybe digging deeper into the state of Phishing (here [0] and here [0]) - there is still a lot to do until we can say email is secure. Slow day in blog-land, so in a strange turn of events I actually say there are shades of gray (here [0]). I also dug into the archive a bit to discuss they spyware implications of email tracking (here [0]) and also highlight a little psychology based on a post from the Security Monkey (here [0]).
To wrap up today, I love Dilbert. Maybe it's a little man-love, but is that all bad? There are some days where you just need a laugh and sure enough Dilbert is there to get me rolling on the floor. Check out today's comic (here [1]). There were many times over the years that I wanted to have someone put on that T-shirt, that's for sure. It's too bad making anyone wear a dunce cap is now politically incorrect. I figure we'd have much better behaved kids and adults if it came back in style.
Have a great weekend. And just a little heads up that there will be no TDI next Thursday or Friday. I'm going on vacation, so you'll have to make due without me for two days.
Technorati: Information Security [2]
Top Security News
http://www.gfi.com/news/en/multipleav.htm [3]
Link to this [3]
http://www.eweek.com/article2/0,1895,2022486,00.asp [4]
Link to this [4]
http://www.eweek.com/article2/0,1895,2022470,00.asp
[5]Link to this [5]
here [5]) for their PIRT initiative, but I was wrong about that. Well, not really wrong, but I picked the wrong horse. It seems the anti-phishing working group (APWG) is less effective at actually getting the bad sites taken down and is more of the PR effort I referred to. So what is PhishTank (backed by DNS service provider OpenDNS) bringing to the table? For you and me, not a damn thing. But if you use OpenDNS' services, then they will allegedly be able to avoid these malicious web sites. That's good for their business, but not for mine. And it's all about me. Seriously, it's important to attack this on all fronts. So this data should be sent to the Web filtering folks (I think CastleCops does that), it should be sent to the DNS folks (to block requests to phishing servers) and it should be sent to someone that can get the site taken down. It's only through a multi-tactic approach that we'll address the issue.
http://www.darkreading.com/document.asp?doc_id=104945 [6]
Link to this [6]
http://www.informationweek.com/showArticle.jhtml?articleID=193104896 [7]
Link to this [7]
Top Blog Postings
http://realtime-itcompliance.typepad.com/itcompliancecommunity/2006/10/humans_are_the_.html
[8]Link to this [8]
http://www.darkreading.com/document.asp?doc_id=104223
[9]Link to this [9]
http://www.computerworld.com/blogs/node/3651
[10]Link to this [10]
http://blogs.ittoolbox.com/security/investigator/archives/the-illusion-of-security-12048
[11]Link to this [11]