Question of the day: Is email broken? [Scripting News]

Email has been broken for quite some time.  This varient of SoBig spread fast for a bunch of reasons: Default security regarding attachements on Windows is poor; Programatic access to the addressbook is too easy; Access to network resources in Windows is too easy; Firewalls are not properly configured;  Stunned IT depts where still hip deep in mopping up Blaster; and so on.

I think that MSFT really needs to get serious about security.  Windows should be defaulted to prevent the downloading and execution of certain file types.  Merely asking someone if this is really what they want to do is not enough.  No one has a legit reason for sending executable files through email.  There are any number of other transports available for moving files across the net.  Since mining email addresses from the addressbook and cached web pages is a known hole, close it.  Restrict access to the addressbook, prevent the programatic mining of info from cached pages.  Prevent access to the network stack without the explicit approval of an administrator.  Some sort of message that pops up and says a program is attempting to install and run a mail server would be nice.  I'm sure all of this would not really interfere with the day-to-day life of the average user. 

Beyond MSFT, network managers could take the matter into their own hands a bit.  Close all of those ports on your firewalls.  It took some schools 2 days or more to realize closing 135 on the FW would stop Blaster.  Configure your FW and gateways to only handle SMTP traffic from known servers.  There is no reason why Bob needs to have access port 25 coming or going other than to connect to a known domain mail server.  Just block the traffic.  In addition, IT folks must know by now that this is a never ending battle.  Just because you got hit last week with something big doesn't mean you actually have time to stop and regroup.  Yes, it sucks, but it is the way of the world at the moment.  IT now needs to be on the lookout for this stuff all the time and be able to react quickly at the first sign of trouble.

And, don't even get me started on spam...  Let's just say I'de prefer a mix of newsfeeds, IM, shared net storage, and telephone in favor of email any day.

10:00:57 AM    comment []  

Movie Industry Blames Texting for Bad Box Office [Slashdot]

Ok, here's the deal, Hollywood says that kids are texting (a new verb, I think) how much a movie sucks right from the theater thereby driving down box office takes and negating any marketing buzz that has built up.  So what?  Well, more and more of how Hollywood handles movies is focused to getting a big opening weekend with a enough WOF to carry it to the second weekend without much more than a 20-30% dropoff.  Over the course of this summer, some movies have been seeing 30% drop in box office take between opening on Friday and Saturday.  That''s unheard of.  One reason: text messaging.  It must work something like this: Suzy and Don go to see the latest blockbuster first thing on Friday.  They're not impressed.  Each messages 10 friends: 'Skip this'.  Their friends pass on the brief review.  By Friday evening folks are doing something else with their $9.00.  Months of trailers, websites, print ads, TV spots, etc. negated by the buzz of a cell phone.

Now, how does this bear on law schools?  Consider this: students texting in class, or right after class, about what gets covered, prof lecture style, etc.  Opinions are being created on the fly by participants and spread to the community at large.  Faster, easier, and possibly more effective than traditional word of mouth which is really one-to-one at its most basic.  Now word can be spread on-to-many quickly.  First reaction will most likely be to ban texting in the classroom, but this will be hard to enforce.  Next will come blatent attempts to curry the favor of students to generate a good buzz.  Finally this will settle into a mode where the best teachers will rise to the top, their classes well subscribed by students who are connected to each other and the worst teachers will find themselves teaching marginal seminars and required first-year courses.  Just some thoughts.

9:39:20 AM    comment []  

EDS launches desktop service. The computer services company will announce on Wednesday a pay-as-you-go service for managing desktop computers. [CNET News.com]

This service is based upon a Microsoft product: "Microsoft says that in the past it has had tools for jobs such as migrating data, but that this is the first time the company has offered a comprehensive product for helping businesses deploy desktop software.
Microsoft is making the deployment aid available free online. "

The deployment aid looks like a very good resource with links to a lot of useful MSFT tools for deploying and customizing XP and OfficeXP.

7:17:56 AM    comment []