eBay and banks really need implement SPF, Sender Policy Framework and DomainKeys. There I said it.
I see quite a few Phishing attacks every day. And just about all of them aren’t caught by SpamAssassin. Technically they aren’t spam, so that does make sense. But what bothers me is that this is easy mitigate for many potential victims. If eBay and banks supported SPF and DomainKeys, it would be much easier for a filter to tell if the message is legitimate or not. Check out this sample SpamAssassin header from a eBay phishing email I received:
X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_IMAGE_ONLY_28,
MIME_HTML_ONLY autolearn=no version=3.1.0
That’s really not much in this otherwise pretty bad email. The IP of origin isn’t even in North America (it’s Pacific Rim).
Perhaps it’s time to start a campaign to urge institutions subject to having their name used in these attacks to start using a method like SPF and DomainKeys. A mail provider could then throw out emails that don’t match. Anyone know why they still don’t implement one or both of these methods?
It seems to me they could easily take a giant step to solve the problem. I know Google’s Gmail knows about SPF, and Yahoo knows about DomainKeys. That’s two major email providers right there.
Found this rather interesting:
It’s been known for a while Yahoo is a PHP user, but it’s interesting to see them giving back. Very cool.
<canvas/> to create screenshots for thumbnails?
Again, no clue regarding accuracy, but it’s an interesting read.
I upgraded from MS AntiSpyware to Windows Defender. Seems Norton AntiVirus doesn’t exactly like it. In Norton’s Log Viewer are a ton of the following:
Time: 2/22/2006 8:02:17 PM
Actor: C:\Program Files\Windows Defender\MsMpEng.exe (PID=464)
Target: C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped
Not nearly as bad as Kaspersky zapping Microsoft AntiVirus. Hopefully Symantec or Microsoft will get to it soon. Nothing about that in the release notes.
Other than that, no opinion formed quite yet.. It has a “new engine” supposedly. Not sure if it will prove any better or worse. I guess time will tell. Doesn’t seem to give as many alerts to the user as the old version did. Personally I liked them, let me know what’s going on. Perhaps I’ll revisit and review it a bit at a later date.
I’ve been really busy lately, hence posting is a bit light. I plan to pickup soon. I’ve been working on many things.
Google’s Personal Homepages allow for some really neat widgets. Interestingly, there are quite a few by Google Inc, that even provide source code, so you can see exactly how they were made (super cool!). There is something that concerns me though. No mention on licensing, or how it would even work.
Say, someone wanted to create an open source framework of code for making widget creation easier (such as copy paste of great libraries such like prototype.js, or jslib among others). How would licensing be noted?
Say someone else wanted to create a project under an open source license, and collaborate to create a widget. Again, how would that be handled? Are you limited to purely a
<!-- --> comment to display the licensing block?
Some talented Google employees wrote some great widgets, but there’s no license on how they can be used. Ideally they would be under a very liberal license, so that their code could be included under virtually any circumstance to build derivative works.
Looks to me like the Module Preferences need to have a “license”.
I’d be curious to know Google’s intentions/position on this topic.
I’ve been saying for quite a while that true hackers, aren’t the stereotyped computer nerds. They are just observant people who know what to look for. That article is a little disturbing, but nothing strange. I remember a year or two ago when someone had a “Google Hack” to find those Axis cameras, many not even password protected.
Very interesting read.
Best Aerosmith Parody ever:
Cheney’s Got A Gun
You seriously have to question if the guy was suicidal to go out into the woods with Dick Cheney holding a gun. It’s like walking into a tiger pit with fillet mignon in your pockets.
[Hat tip: Digg]
To continue with my last post, I did some digging to see what the useragent on the new Intel Mac’s were. A while back, I was wondering what they would change it to. I now have the answer:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
For Firefox, it’s not quite decided (bug 323657).
Several months ago I asked if Apple would continue to use widely advertised 64-bit processors after moving to Intel. Apple spent a lot of time/money telling people 64-bit was the future, and the G5 was perfect.
Even upon release of the first Intel Mac’s, it wasn’t clear if they were 64-bit or 32-bit. Supposedly they are 64-bit, but not very clear if they could ever run in 64-bit.
Regardless, very interesting.