A Personal Blog
Archive for December, 2003
So…
Dec 14th
I’d blog about Saddam being captured, but that’s soooo this morning’s news.
Instead I’ll blog about going to ski at Whistler while I’m in BC. Does that mean the Lake Placid trip is cancelled? No way! If you still want to go to Placid, let me know, I’m hoping to get a dozen bloggers up for the weekend :)
Tunarez Spamming
Dec 12th
I blogged, rather negatively, about Tunarez a while ago. Well, today I got 3 spam messages from them to my comments. I did, of course, promptly delete them, I’m just very disappointed that a company would go to those lengths.
I mean, it’s probably because Ensight shows up as the #3 result for Tunarez on Google and they didn’t want their clients to feel their service was bad (all the comments were long diatribes on why Tunarez really is fantastic, and no bad as I supposed).
Ah well, chalk up another top 10 result for Google which is negative about Tunarez.
The Interview
Dec 12th
Well, let me first say that webcam interviews aren’t really that bad. All things considered anyways. A lot like a phone interview, except you need to keep good posture.
It lasted 2.5 hours, which is really rather long. First half was technical. It went okay, considering I’m not actually a server admin. Not amazing, but it is a Junior position, and they are willing to train so that’s not a big deal. I was a bit concerned about my performance though as there were entire groups of software that they use that I didn’t know.
The next half was ‘personal’. I think it actually went rather well, all things considered. Not really much to say beyond that.
I really enjoyed what I saw. The right team, right attitude and good possibilities for advancement. I’ve always said I want somewhere that I could commit to long term, and this does seem like that kind of possibility.
There wasn’t commitment for being in the 2nd round of interviews (I’m the first of what I believe could be roughly 20); but I do think I’ll get to the second round.
I honestly hope I get this.
Today
Dec 12th
Won’t be online much today, but here’s the summary:
9am: Telus CRM Presentation It actually went very very well. Their price came in 50% lower than I was expecting, and the solution was exactly what we needed. They might just get this one (they were in dead last prior to today). I’ve got one more proposal coming in, so we’ll see.
11am: Telus Managed Hosting Presentation I’m not expecting much from this. I’m expecting a solution for a company 5 times our size, at 5 times what we want to pay.
2:30pm: Interview God I’m shaking already.
IE "Security Risk"? I Don't Think So
Dec 11th
Agh. I hate IT sometimes. Really.
This appeared on Slashdot today.
It’s been picked up by most web communities now.
Basically it allows people to “spoof” addresses so it looks like you’re going to microsoft.com, ebay.com, paypal.com, whatever, when in fact you’re going to someone else’s server. Bad thing.
Let me be clear on this: This isn’t a “security risk” or a “security vulnerability” or an “open door to hackers”.
It’s faulty address spoofing. I mean, Jay’s evaluation is pretty fair, except that everyone is bandying about that this is a security risk / vulnerability / etc.
The uproar is compounded by the fact that MS didn’t release a monthly security patch this month, as it normally does. MS has already stated that they have released a variety of hotfixes, but that they didn’t feel anything was “patch worthy” (actually a good thing… gives Patch Admins a few days rest).
Is this an issue? Sure, totally. Should it be fixed? Yup. Is MS being totally irresponsible by not fixing it? No.
It isn’t a security risk (nothing happens to a user’s computer, software, settings, etc). It’s a stupidity risk.
After all, let’s run through a scenario.
Someone gets a spoofed PayPal address in their email. They click on it, for some odd reason. It looks like PayPal, even says PayPal in the address bar. They use their username / password.
Now, you’re a scammer. What are you going to show to the user at this point? Your options are pretty slim: either try and continue the charade or drop it… After all, you’ve got their username and password, right?
Thankfully, at this point PayPal has instituted notifications for all system changes and all payments. Meaning that the best a scammer will get is the occasional person who doesn’t claim fraud.
I don’t get it. I can see how this could be used for humorous ends. I can see how it could disrupt user experience and, yes, I can even see how some really daft users could lose money. But we aren’t talking millions here. It’s not like scammers will be able to recreate all of Amazon or anything, that’s serious work.
Maybe I’m the daft one, am I missing something?
