On Thu, 13 Mar 2003 06:15:59 EST, you said:
There are over 400 subscribers to this mailing list. For the most part these
are busy individuals that signed up for a research mailing list to
understand and contribute to solving the spam problem. They are not
interested in scoring a debate match between two men and a sidekick.
On the flip side, I'm writing this as yet *ANOTHER* worm is crawling around
and poking port 445 all over the place.
http://isc.incidents.org/port_details.html?port=445
And there's Code Red outbreaks STILL.
I'll spell it out: Not many of the proposals I've seen so far address the
issue of what happens once "spammer" meets up with "Outlook/IE worm" and/or
"DDOS zombie network". The average security posture Out There is *abysmally*
low, and the machines are for the vast majority a monoculture developed
around a broken security model. Several ideas have overlooked the concept
that the remote end could be lying to you, but almost all make the implicit
assumption that the *local* end is trustable.
And I'm not at all convinced that's true at most sites.
pgpGDVWVgH9vo.pgp
Description: PGP signature