Michael Gracie

No sooner (or should I say “at the same time”) that Microsoft decides it is going to try cramming its authentication protocol, Sender ID, down everyone’s throat through its Hotmail offering, then the other side of the coin drops.

Ironport, makers of email security appliances, has announced that they have integrated Domain Keys into their offerings. Domain Keys is the competitor to Sender ID being pushed by Yahoo!.
Read more »

The State of Colorado is restructuring its subsidized venture capital initiative, and will soon be utilizing professional fund managers to deploy investments in seed level and early stage companies.

The state had a previous structure in place, called the CAPCO program, which was complicated and expensive to operate. Under the former program, the state provided premium tax credits to insurers, and insurers in turn provided cash to qualified for-profit entities (called “Certified Capital Companies”). These companies must have been in the business of providing venture capital to other operating companies. Essentially, it was a subsidy arrangement. A new investment fund could be formed, and regardless of the money they raised from upper-tier institutions, could supplement pools with the insurer’s “free” funds - insurers often invest small portions of their portfolios in venture capital anyway. The original arrangement provided for up to $200 million in premium tax credits, and was later adjusted down to $100 million when funds were redirected to other programs.
Read more »

Smartphones are a wave of the future, there is no doubt. While I disagree with the need for them to play music, just about everything else (including address book management, calendaring, PIM syncing, etc.) can make busy peoples’ lives a whole lot easier.

Of course, personal computers did that too. And we know what has turned into - a plethora of hacking, viruses, spyware, malware, spam, and other such nasties that keep Spamroll in existence.

You know where I am headed with this, so I’ll say little more. Experts are predicting huge outbreaks of smartphone viruses within a few years.

Microsoft has been talking about Sender-ID for some time. Now they are making headlines in pushing the technology into their mainstream applications. But one major publisher cannot tell the whole story (they never do).
Read more »

When a website blatantly proclaims it is in the business of installing malicious software, and hasn’t been blackballed yet, you know there is trouble-a-brewing. eWeek posted this story about one such site that trys to draw in affiliates to push “drive-by” spyware downloads.

This isn’t anything really new - the concept of making some spare change by pumping a spyware app. You might expect someone like DirectRevenue or Claria twisting the words to make their services to sound legitimate, but the fact that there are folks out there pushing this type of affiliate concept in the open is downright nutty.

Out of the underground and into the mainstream…
Read more »

The US Government is far away from getting its act together regarding network security. Some branches of government have been making some choices regarding battening down the hatches, but the general consensus is that federal agencies have no clue as to how to stop computer security threats.

Now, from the same GAO report that found agencies woefully unprepared, we find that a lot of government workers are falling victim to phishing exploits. Furthermore, a big part of the solution needs to revolve around reporting threats internally, and government workers fail in that regard as well.

If I was still getting beaten up by Nigerian 419 scams, I’d be too embarrassed to report it too!

Of course, you didn’t hear it here first, but the FTC recently completed a study that says CAN-SPAM isn’t working like it should. Furthermore, they concluded that requiring the addition of labels such as “ADV” to subject lines wouldn’t help either, as only legitimate email marketers would be likely to comply.

I don’t know how much money they spent producing this study, but you can be sure the cost-benefit model didn’t make much sense.

The Wall Street Journal recently cut an interesting article about the the underground world of phishing, and thankfully made the article available to the outside world.

In it, Christopher Abad of the Cloudmark SafetyBar crew, communicates with phishers in IRC chat rooms, and reports the results.

And while I still think that phishing is big business organized more like drug dealing, the article dispells some of that notion. I suspect that if the economics are shifting to the little guy, phishing is becoming a tougher business, and the big guys are moving on to bigger (and easier) targets.

First they regretted it, while continuing to make investments in it.

Now, venture capitalists are backing away from spyware investments altogether. Or are they?

It is all over the news this morning - a bunch of credit card data was held without consent, and now some of the data has been stolen. This problem is neither anything new, or isolated to the private sector - even the US Government can’t seem to keep their hands clean.
Read more »