Happy Independence Day; Impending Storm; Spam Challenge Protocol Pros and Cons
It has been quiet Independence Holiday. It appears most of the mischief makers may be taking a break. Or are they?
Impending Storm
There has been some conversation today that we may have a storm on the horizon. It was suggested that tomorrow could be a bit lively with the announcement of PoC's affecting phpBB, Java exploits and the still lingering Veritas issue. It was suggested by one of our readers that we may want to raise the Alert level just as a wake-up call to our readers. It was decided after much discussion that we are not ready to raise it at this time. We do appreciate all of the feedback from our reader's and the positive input that we received today.
It could be interesting to see what tomorrow will bring. And to see if Kevin will have the honor of raising the yellow flag.
Spam Challenge Protocol Pros and Cons
We received an email today asking for our input on the use of Challenge Protocol to validate an email sender and prevent spam. This particular email was from one of our regular contributors. He has been having a problem with an artificial "denial of service" attack today caused by the use of email addresses from his organization being spoofed.
From his initial email:
"We received tons of challenges to authenticate e-mails sent out (which
we didn't - forged sender addresses!) from a particular product."
I can understand the frustration that this reader is experiencing. I can see the pro's and con's of this type of "validation" and I can see how this could be used to further compromise the reader's email system. I tell my customers to turn off the Auto-reply in their email systems to prevent their email address being used. I also recommend that they turn off the auto notify in their anti-virus software programs what with all of the email spoofing going on today.
So I ask you. What do you think of the use of Challenge Protocol to authenticate emails?
Happy Independence Day to all of my fellow Americans and Happy Monday to everyone else. May we all wake up tomorrow morning to just the normal activity on the net.
Deb Hale
Handler in Duty
haled@pionet.net
Impending Storm
There has been some conversation today that we may have a storm on the horizon. It was suggested that tomorrow could be a bit lively with the announcement of PoC's affecting phpBB, Java exploits and the still lingering Veritas issue. It was suggested by one of our readers that we may want to raise the Alert level just as a wake-up call to our readers. It was decided after much discussion that we are not ready to raise it at this time. We do appreciate all of the feedback from our reader's and the positive input that we received today.
It could be interesting to see what tomorrow will bring. And to see if Kevin will have the honor of raising the yellow flag.
Spam Challenge Protocol Pros and Cons
We received an email today asking for our input on the use of Challenge Protocol to validate an email sender and prevent spam. This particular email was from one of our regular contributors. He has been having a problem with an artificial "denial of service" attack today caused by the use of email addresses from his organization being spoofed.
From his initial email:
"We received tons of challenges to authenticate e-mails sent out (which
we didn't - forged sender addresses!) from a particular product."
I can understand the frustration that this reader is experiencing. I can see the pro's and con's of this type of "validation" and I can see how this could be used to further compromise the reader's email system. I tell my customers to turn off the Auto-reply in their email systems to prevent their email address being used. I also recommend that they turn off the auto notify in their anti-virus software programs what with all of the email spoofing going on today.
So I ask you. What do you think of the use of Challenge Protocol to authenticate emails?
Happy Independence Day to all of my fellow Americans and Happy Monday to everyone else. May we all wake up tomorrow morning to just the normal activity on the net.
Deb Hale
Handler in Duty
haled@pionet.net
Keywords:
0 comment(s)
×
Diary Archives
Comments