New and noteworthy in messaging security for 10/3/08
Hotel Network Security: A Study of Computer Networks in U.S. Hotels: A report from Cornell University’s Center for Hospitality Research examining the security of networks provided for hotel guest in 147 US-based hotel. The results are well worth reading. The authors conclude that security is poor in most cases. While the authors point out that ethically hotels should offer secure connections for their guests, I would argue that it is ill advised for any business traveller to trust any external network enough to transmit confidential data without an encrypted connection.
Report: inside the network architecture of SPAM and malware: Ars Technica’s Joel Hruska summarizes research from HostExploit on the Atrivo ISP and from Knujon on the Directi Group both which reportedly have a substantial number of ties to sites hosting spam and malware. In addition Hruska describes connections between Atrivo and the Directi Group.
Why Google’s GMail SSL Doesn’t Really Protect Users From Spoofing: This article from RoughlyDrafted Magazine has more to do with general criticisms about how it is often incorrectly assumed that a connection with SSL is inherently secure than it does with Gmail in specific. This is especially important since users have become accustomed to dire browser warnings about certificate mismatches and are likely to simply click through them.
summarizes research from HostExploit on the Atrivo ISP and from Knujon on the Directi Group both which reportedly have a substantial number of ties to sites hosting spam and malware