Usernames and passwords for more than 100 e-mail accounts at embassies and governments worldwide have been posted online. Using the information, anyone can access the accounts that have been compromised.
Hacks hit embassy, government e-mail accounts worldwide - Network World
Yup. Just, yup… It won’t be long now. 
The Internet Engineering Task Force, which sets the technical standards for the Internet, yesterday approved the DomainKeys Identified Mail standard as a proposed standard (RFC 4871). The specification, a three-year effort pioneered by Yahoo!, Cisco, Sendmail, and PGP, is an email authentication framework that uses cryptographic signature technology to verify the domain of the sender.
From: Dark Reading - Desktop Security - New Spec Could Cut Phishing, Spam - Security News Analysis
I cry bullcrap. Let’s see here… We’ve had both SPF and we’ve had Sender ID, from Microsoft, for quite some time.
Exactly how has my SPAM results lessened? Both of these have been in place for quite some time. Now all three of these are at least listed at IETF and all three may even be ratified standards. I feel that without wide-spread adoption, universal authentication RESULTS, and any of these anti-spam or domain authentication (if you will) processes just muddy the waters and the additional confusion only serves to slow down the process.
With local and server side SPAM filters in place my own personal results are that some accounts get a 10:1 abuse rate. Yeah… That’s actually low and I do a lot of filtering with a variety of methods at both the server end and client-side. Unfiltered? I am not even sure I want to know. Some accounts may well be in the 100:1 range if not much higher.
I know that a lot of people would think that this is something that can only be done with open source, with only non-proprietary, etc… I disagree and, in my opinion; The reality is that it doesn’t have to be any one specific standard but just one specific standard that is in use globally. I don’t care who makes it, I just care who uses it.
I was browsing around and realized I hadn’t posted anything on the blog in a while. Fortunately, at the same time, I was at this site:
FAQ: Here’s the deal on the Windows DNS bug
April 18, 2007 (Computerworld) If this is how every month in 2007 is going to go, anyone using Windows might want to set up a cot next to the computer right now: You may be working overtime, all the time, patching zero-day vulnerabilities.
Last month, it was the animated cursor bug in Windows; this month it’s a hole in Microsoft Corp.’s server software line. What do they have in common? Both are critical flaws, both were being exploited by attackers before the bug was acknowledged by Microsoft — and attacks ramped up within days — and both deserve Computerworld’s FAQ treatment.
This FAQ spells out the at-risk population, details the bug and ticks off the stopgap measures that are — until Microsoft actually fixes the flaw — the only defense.
I realize that most people will not have to know this but, really, if you are one of those people who DOES have to know this then you might as well read the article. It is actually pretty good and well worth reading.
During one week (2007-04-02/08), new undisclosed vulnerabilities / flaws / exploitation techniques discovered in the latest versions of the Microsoft Windows Vista operating system and softwares will be publicly disclosed on this page.
The Week Of Vista Bugs [TWOVB]
It should be interesting to see if the bugs are real bugs, new bugs, or even bugs that result in security flaws.
BlogMarks
Furl
Newsvine
Rojo
Email This to a Friend
If you like this then please subscribe to the