[3147] in WWW Security List Archive
SPAMS
daemon@ATHENA.MIT.EDU (Dean Bowes)
Sun Oct 6 18:58:09 1996
Date: Sun, 06 Oct 1996 16:29:15 -0400
From: Dean Bowes <webmaster@virtualscope.com>
To: "Bill Casti, CQA" <quire@casti.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I don't appreciate being spammed or e-mailed someone's personal resume or job qualifications from the
www-security distribution list.
Who cares that you have a T1 in your house? I have one too. Doesn't everybody?
Get A LIFE! And stop spamming the group. What does your resume have to do with www security? I guess nothing,
except that the subscribers to the group have to put up with your messages, and that is a security issue. Maybe
the www-security group needs better security, to keep you from spamming everyone in the group?
I'm just a lurker, and mostly listen to the group's somewhat "off the topic" conversations, as I have seen the
"cookies" and "activex" debates get way out of hand.
I see many questions pertaining to "securing" web sites, and establishing authentication schema. I believe
that all of these issues have been addressed in Netscape Enterprise Server which is part of the Netscape Suite
Spot. SSL, basic and encrypted authentication are part of the package, as well as LiveWire Development. This
is not a plug for a product, but a point in case: That the issues have been addressed by Netscape, among other
vendors, and that an SSL based web site is what everyone "should" be running. Bloomingdale's might want to
investigate this option, since they claim that their web server uses DES or MD5, and it uses nothing more than
an http request on a form at present.
My recommendations to anyone considering a robust and secure web site are:
1. Acquire Netscape Suite Spot
2. Acquire A Verisign SSL Key
3. Use SSL To Encrypt Information
Of course, web site security doesn't stop there, but it is a good place to start.
Consider this: At this point in time, MOST web servers are NOT using SSL.
Now consider this: If EVERYONE was using encrypted packets via SSL, then what security issues are present?
Unless a hacker figures out how to break DES (an no one has to this date), then the cracker/hacker is left in
the dust as far as intercepting your packets which contain login and password information. The emphasis on
security would be focussed on those individuals who were not running SSL compatible browsers. However, the
methods of identifying browser type are all well documented, and an "alternate" web site could be substituted
for those users who were not using SSL compatible browsers.
Now, back to Mr. Casti's spam:
Would the moderator of the www-security please address the spams that are occurring? I don't mind the debates
about technology, but really, a person's job qualifications? I noticed that Mr. Kennedy had addressed the one
spammer who was anonymously using a shell account from a dial up provider. I commend him on his efforts to keep
the group "clean" and would hope that eveyone else stays on topic, if they don't then I'll just ignore them as I
have done in the past.
I have included the Header information of the message that came in below:
>Return-Path: <owner-www-security@ns2.rutgers.edu>
>Received: from ns2.rutgers.edu ([128.6.21.2]) by www.virtualscope.com (Netscape Mail Server v2.0) with SMTP id AAA113 for <webmaster@webdoor.com>; Sun, 6 Oct 1996 04:42:02 -0400
>Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id RAA29549 for www-security-outgoing; Sat, 5 Oct 1996 17:20:31 -0400
>Received: from casti.com (vector.casti.com [199.181.80.100]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with ESMTP id RAA29543 for <www-security@ns2.rutgers.edu>; Sat, 5 Oct 1996
17:20:30 -0400
>Received: by casti.com (8.6.9/NX3.0M) id RAA19440; Sat, 5 Oct 1996 17:18:27 -0400
>Date: Sat, 5 Oct 1996 17:18:26 -0400 (EDT)
>From: "Bill Casti, CQA" <quire@casti.com>
>To: Distribution List <nobody@casti.com>
>Subject: Re: Seeking new employment in Wash DC Metro area
>In-Reply-To: <v01530503ae7c1fb384df@[206.119.85.167]>
>Message-ID: <Pine.NXT.3.91.961005165240.19012B-100000@vector.casti.com>
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Sender: owner-www-security@ns2.Rutgers.EDU
>Precedence: bulk
>Errors-To: owner-www-security@ns2.Rutgers.EDU
>X-Mozilla-Status: 0011
Bill Casti, CQA wrote:
>
> My professional activities website, along with resume and references, is at:
>
> http://www.casti.com/casti/Bill.html
>
> I'm currently Internet and Firewalls System Administrator for a large
> federal government agency, with my office at HQ in Downtown DC. I've been
> managing Unix (SunOS and DEC Alphas) servers, running http, ftp, gopher,
> CGI, etc. I have some experience with WindowsNT, too. I'm also trained as
> the administrator for TIS Gauntlet Firewall systems.
>
> Additionally, I have 20+ years in QA/QC--including the design and
> implementation of inspection programs and practices, and a few years as a
> Quality Manager--and am a nationally Certified Quality Auditor for ISO9000
> functions. And, I will be sitting for the national Certified Software Quality
> Engineer (CSQE) exam on Oct. 19th. I can write Perl, HTML and other stuff,
> too. I customarily work from home (I have a 24x7 T-1 into the house) one
> or two days a week, and put in "face time" the other days. I would like
> to be able to continue a similar schedule.
>
> I'm looking for a similar permanent--or long-term (2 year min.)
> contract--position. I just bought a house in Reston, so I'm not willing
> to move my family or do a job that requires too much travel or home
> absences right now. I will, however, be a panel member at the Computer
> Law Conference in Los Alamos NM in January, as well as a
> roundtable speaker for the Security Software Quality conference in DC in
> January. I also do frequent presentations for Quality societies on
> "Quality Resources on the Internet", in relation to my QUALITY.ORG domain.
>
> If you can help or know of a position, please feel free to contact me
> directly and/or to pass this URL and note on to your colleagues and friends.
>
> Thanks.
> Bill
>
> ==============================================================================
> Bill Casti, CQA Email: bill@info-sec.org
> Pager: +1 800 604 6149 Fax: 703 834 8209
> ------------------------------------------------------------------------------
> Browse my homepage and resume at: http://www.casti.com/casti/Bill.html
> ==============================================================================
