Re: Master Critical Firewall Security Skills



Moe Trin wrote:
On Sun, 05 Mar 2006, in the Usenet newsgroup comp.security.firewalls, in article
<dug35m0hpi@xxxxxxxxxxxxxxxxxx>, Ron Lopshire wrote:

Moe Trin wrote:

Ron Lopshire wrote:

Moe Trin wrote:

Ron Lopshire wrote:

This e-newsletter is published by SearchSecurity.com,

This is one of the few newsletters that I subscribe to, even though I
never sign up for a live Webcast. Since I only use text for email,
some of the newsletters that I get look pretty cheesy since they are
developed as html, and rendered in text as an afterthought.

Filter on the mail server rejects HTML mail. To much of a security hole,
but it's good for identifying out clueless vendors.

Good idea. I meant that they sent it to me as text, IIRC, as I had the choice. Dealing with the Russians (Kaspersky) as much as I do, I have learned to ignore things that don't come out well in the translation, such as using trial as a verb.

Any way, you guys have been beating me up pretty badly over this post. I was about to say,

It was meant as a heads up ... don't shoot me, I am just the messenger. I was originally sent to this web site by a respected poster in another NG. I had seen a few transcripts of presentations by Eugene Kaspersky, and thought that it would be interesting to hear the actual presentation, as an audio slide show, IIRC. I checked out the site, and as I said, the sponsors appeared to be a veritable list of the Who's Who in the security community. I wasn't crazy about the registration or the RealPlayer, but what the hell. Can't have everything. And then,

I was going to check out a few Webcasts from the archives, but I needed a new password and had to wait until Monday. And so I downloaded a couple of white papers, no password required. This one for example:

Phishing Detection and Prevention
(http://wp.bitpipe.com/resource/org_919801066_474/9394_PhishingDetectionandPrevention_edp.pdf?site_cd=secp)
Short Version: (http://tinyurl.com/rnpm7)

I opened up this pdf document, and what do I find? In order to read this document, I have to fill out this form. And what does the form say?

,---quote---

To access this document, please complete all fields below and click 'Read Document'.

By completing this form, you agree to the collection, use, disclosure and transfer of the profile information collected herein by TechTarget and the owner of the document.

(...)

Once registration is complete, you will have access to all similar documents without having to fill out additional forms.

(... 16 fields of data ...)

Information entered on this page and other data about your use of the attached document will be stored in a file on your computer and transmitted to TechTarget over the internet. TechTarget may provide this information to the owners of the document and either party may use this data to contact you and/or track your use of the document. In consideration of access to the attached document, you agree to such storage and uses as more fully described in the TechTarget Privacy Policy.

,---endquote---

WTF? How is this for a white paper on security/email abuse? Don't fill out forms like this, and let creeps like these use them!!! Had I known, I would 1) never have posted a link to a site like this, and 2) even if I had, it would have been with the appropriate warnings and disclaimers.

Mea Culpa! Mea Culpa! Mea Culpa!

Sir, I bow to your keen eye for that which looks suspicious, and the Bayesian filter that your brain uses to process it. I am humbled.

Ron :)
.