eBay and banks need to implement SPF and Domain Keys

eBay and banks really need implement SPF, Sender Policy Framework and DomainKeys. There I said it.

I see quite a few Phishing attacks every day. And just about all of them aren’t caught by SpamAssassin. Technically they aren’t spam, so that does make sense. But what bothers me is that this is easy mitigate for many potential victims. If eBay and banks supported SPF and DomainKeys, it would be much easier for a filter to tell if the message is legitimate or not. Check out this sample SpamAssassin header from a eBay phishing email I received:

X-Spam-Level: **
X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_IMAGE_ONLY_28,
	MIME_HTML_ONLY autolearn=no version=3.1.0

That’s really not much in this otherwise pretty bad email. The IP of origin isn’t even in North America (it’s Pacific Rim).

Perhaps it’s time to start a campaign to urge institutions subject to having their name used in these attacks to start using a method like SPF and DomainKeys. A mail provider could then throw out emails that don’t match. Anyone know why they still don’t implement one or both of these methods?

It seems to me they could easily take a giant step to solve the problem. I know Google’s Gmail knows about SPF, and Yahoo knows about DomainKeys. That’s two major email providers right there.

Gbrowser Redux

An interesting post on an allegedly new Googlebot. I’ve got no clue about the truth or accuracy of it, but the article thinks Googlebot is no longer a lynx like browser, but based on Mozilla. It would make sense, so Google can take better advantage of things like CSS, JavaScript. Perhaps it’s using <canvas/> to create screenshots for thumbnails?

Again, no clue regarding accuracy, but it’s an interesting read.

Norton AntiVirus doesn’t like Windows Defender

I upgraded from MS AntiSpyware to Windows Defender. Seems Norton AntiVirus doesn’t exactly like it. In Norton’s Log Viewer are a ton of the following:

Event Details:
Time: 2/22/2006 8:02:17 PM
Actor: C:\Program Files\Windows Defender\MsMpEng.exe (PID=464)
Target: C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped


Not nearly as bad as Kaspersky zapping Microsoft AntiVirus. Hopefully Symantec or Microsoft will get to it soon. Nothing about that in the release notes.

Other than that, no opinion formed quite yet.. It has a “new engine” supposedly. Not sure if it will prove any better or worse. I guess time will tell. Doesn’t seem to give as many alerts to the user as the old version did. Personally I liked them, let me know what’s going on. Perhaps I’ll revisit and review it a bit at a later date.

Really Busy

I’ve been really busy lately, hence posting is a bit light. I plan to pickup soon. I’ve been working on many things.

On a side note, switching programming languages (Visual Basic .NET, JavaScript, HTML, CSS, PHP, Perl) all in one day can be very confusing at times. I’ve been finding myself mixing up syntax quite a bit in the past few days. Yuck. For those wondering, Visual Basic is by far my least favorite.

Google Widget Licensing?

Google’s Personal Homepages allow for some really neat widgets. Interestingly, there are quite a few by Google Inc, that even provide source code, so you can see exactly how they were made (super cool!). There is something that concerns me though. No mention on licensing, or how it would even work.

Say, someone wanted to create an open source framework of code for making widget creation easier (such as copy paste of great libraries such like prototype.js, or jslib among others). How would licensing be noted?

Say someone else wanted to create a project under an open source license, and collaborate to create a widget. Again, how would that be handled? Are you limited to purely a <!-- --> comment to display the licensing block?

Some talented Google employees wrote some great widgets, but there’s no license on how they can be used. Ideally they would be under a very liberal license, so that their code could be included under virtually any circumstance to build derivative works.

Looks to me like the Module Preferences need to have a “license”.

I’d be curious to know Google’s intentions/position on this topic.

Apple is still using 64-bit Processors

Several months ago I asked if Apple would continue to use widely advertised 64-bit processors after moving to Intel. Apple spent a lot of time/money telling people 64-bit was the future, and the G5 was perfect.

Even upon release of the first Intel Mac’s, it wasn’t clear if they were 64-bit or 32-bit. Supposedly they are 64-bit, but not very clear if they could ever run in 64-bit.

Regardless, very interesting.