|
|
|
archives If you want an RSS feed try this
Thursday, December 11, 2003EU Anti SPAM Laws
 The new EU Anti-SPAM laws that come into force today are designed to make it illegal to send individuals unwanted email. This, the politicians believe will stop the deluge of junk mail appearing in everyone's email in box overnight.I have yet to find anyone in the industry who thinks it'll have any affect what so ever, and I'd agree. Even a cursory analysis of the average user's email in box will reveal that the vast majority of SPAM email comes from far away, Florida; China; via SPAM Bots; Open Relays; Open Proxies; or otherwise mostly untraceable routes. All of this mail is sent by people who have no regard for the law anyway. Any Anti-SPAM methodology based upon tying to identify the sender as proposed by Nick Scales, chief executive of Avecho in an article over on BBCi News, is doomed before it starts. As Steve Linford, founder of anti-spam organisation The Spamhaus Project said in the same article; "The whole problem with these laws is that they are geared to spammers being honest and respecting laws"..... right then no problems there then ®© Related Links MXtreme email firewall blocks 99% of all SPAM posted by Robert Campbell 11:38 AM Wednesday, December 10, 2003Windows Workstation : RPC Buffer overflow vulnerability
 Yet another flaw in Microsoft's core product set, Windows 2000 and XP, identified by eEye Digital Security, could allow an attacker to execute arbitrary code on an unprotected workstation. This vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in WKSSVC.DLL. The attack vectors, along the lines of passing long strings to vsprintf() require access to TCP/UDP ports 138, 139 and 445.It goes without saying that this represents a significant risk to all un protected workstations, and here in lies our criticism of the only just suppressed industry panic, no one should have those ports exposed to the internet. However, given the experience of the industry with SQL Slammer Worm earlier this year we should not be complacent. Related Links DHS/FedCIRC Advisory FA-2003-28 Buffer Overflow in Windows Workstation Service Microsoft's Security Bulletin MS03-049 posted by Robert Campbell 9:46 AM Tuesday, December 09, 2003email overload, its no jokeThere are several articles around currently alluding to 'new research' by Hitachi showing that UK email users are aggravating IT storage requirements with gossip and jokes amounting to 20% of all email. Indeed our experience would show that this may be an underestimate, and without good management it can be considerably higher. Management is one of the key issues, supported by technology which enables proper control and monitoring of all internet usage. In the knowledge that all activity is monitored and stored in a tamper proof archive most users reduce personal usage to an acceptable level. Email archiving solutions allow companies to comply with new requirements as well as reliving the main mail system and its associated back up system from having to cope with all the storage requirements. Related Links Jokes inflame 'e-mail epidemic' Office gossip drives storage spending By Jo Best Silicon.com Controlling email content with BorderWare MXtreme Email Archiving and Compliance No email use the phone posted by Robert Campbell 8:16 PM Monday, December 08, 2003FTC Pet Co. Deeper examination : call for James Herriot and some rubber gloves
 PetCo.com on-line pet store is in th news again, the FTC is delving deeper into the security breach where Petco.com exposed customer credit card details on its e-commerce web site earlier this year. In what seems to be the US equivalent of a 'subject access request' the FTC is seeking information from Petco regarding the governance of customer information on its e-commerce web site.Related Links Online Pet Shop : I smell a rat FTC investigates PetCo.com security hole By Kevin Poulsen, SecurityFocus Security Focus article by Kevin Poulsen ecommnet's answer to minimising ecommerce database vulnerabilities. Federal Trade Commission posted by Robert Campbell 8:41 PM
|
