Last week, I wrote a blog article about the growth of SPF and Sender ID technology in the fight against unwanted email (spam, phishing, etc.). It appears that CipherTrust is taking advantage of its own implementation of these standards to help make the Internet a safer place – at no cost.
On Monday, March 13, CipherTrust plans to make available for download a free toolbar for Outlook and Lotus Notes email users. The toolbar will be available from the CipherTrust Research Portal, which will also launch Monday.
This is the way it works:
- The user clicks on an email
- The CipherTrust toolbar program sends the IP address of the sender to a CipherTrust hosted server running the TrustedSource reputation engine for analysis
- The results of the analysis are returned to the user’s desktop causing the toolbar to flash:
- Green with a happy-face when the email is from a reputable sender
- Yellow for questionable trustworthiness
- Red when the user should probably just delete the message
The data used for analysis come from CipherTrust’s global network of more than 4,000 sensors installed in business and government networks. They’re collected on TrustedSource servers where the trustworthiness of the source is assessed to a very granular level. The assessment is based on the following criteria:
- Is this the first time the sender has been seen? According to CipherTrust, about 30% of IP addresses analyzed fall into this category. Of those, about 95% are spam, viruses, etc.
- How much email is the sender responsible for?
- Does the sender send and receive email, or just send?
- Does the sender’s behavior seem “bursty” or is it more continuous?
This is one more step in the right direction. Although not perfect, it goes quite a distance down the path toward a world in which the Internet is a safe place to travel the globe.
Author: Tom Olzak
Listen to our Podcast –>
Free Security training available at http://www.adventuresinsecurity.com/SCourses.html
Writely: A great product with questionable security
Friday, March 17th, 2006For those of you not familiar with Writely, it’s an online beta word processing service that provides the following services:
Yes, it’s a great product with fantastic potential. And now that Google has purchased the company, Upstartle, things could get very interesting. There is just one catch; there are no safeguards to protect the content of documents during editing or viewing.
On February 27, 2006, in the Writely blog, Jen, an employee of Upstartle, responded to a thread in which users questioned why SSL protection was not provided.
[QUOTE=Jen]OK, now I have to reply ;-}
We don’t have SSL definitively planned as part of a premium service, although that’s certainly possible. SSL will definitely slow the service down, which is why we would likely not make it the default in the basic service. Yes, I know this response is vague, but it’s only because our plans are not final![/QUOTE]
As I posted to the Writely blog, it’s irresponsible for an organization to provide a tool like this without any apparent regard for safeguarding the activities of its users. I hope that Google takes a different approach with this innovative and, in my opinion, much needed service.
Author: Tom Olzak
Listen to our Podcasts –>
Free security training available at http://adventuresinsecurity.com/SCourses
Posted in All, Commentary, Reviews | No Comments »