October 23rd, 2011 by peter.bassill
Every day I log into my email server and that spam folder mail count has increased. This morning was not different, although when I logged in the email server today and I had spam in my inbox. Started me thinking is Spamassassin had died, it had! So I thought I would post this with comments on why this is very much wrong.
September 7th, 2011 by peter.bassill
In a moment of madness for which I must apologize, I decided it would get a great idea to get an EV certificate for my site. I can almost hear the people falling of their chairs, but serious how hard could it be. Well, here is how hard:
Lets use GoDaddy. Why? The process seems simple and I have some domain names with them so why not also switch to DNSSec while I am at it. Good idea so far? I thought so.
GoDaddy’s EV process: Fix the following:
Dear Secure Certificate Customer,
Thank you for your recent extended validation certificate request. We will need additional information to verify your request.
Phone Bill
We were unable to find a listing for the phone number on your application with your exact company name using the online verification sources that are approved by our auditors. In order to proceed with your Secure Certificate application we will need you to provide us a verifiable phone bill that shows the phone number on your application. The bill will need to be in your company’s name, show the address listed on your application, and cannot be older than 6 months. You can send this documentation through either fax or email.
Whois Update
The domain is registered to a different company name then the company requesting the certificate. We need to verify the requesting company has sole ownership to this domain. The easiest way of confirming this information is to update the whois registrant to be “Hedgehog Security Ltd”. Please make this update. When this is complete or if this can not be completed, please contact us.
HR Contact
Part of our verification process requires us to confirm the name, title, and agency of the approver/signer contact(s) in the application by contacting a member or person who acts as an HR representative of the company. The HR representative cannot also be the requestor, approver, or signer. Please provide us the name of an HR representative, we can contact at the phone number for your company, to validate the approver/signer’s title in the application.
Let me know if I can be of further service.
Step 1 – Well, try searching the UK and not the USA or Canada. Now, I dont know about anywhere else, by BT do NOT list the businesses phone number on the bill. They do however list the company name, account number and reference, but not the phone number.
Step 2 – Have the customer get their WHOIS details correct. Ok, simple enough and a fair enough comment. It was a little out that the chance could be perceived to be picky but ok, lets make it very accurate.
Step 3 – Do what? HR contact? Blimey….. Ok, ill use my accounts, that will be fine.
So, we fix a few items such as the company name on the phone bill and submit.
Hello Peter,
Thank you for sending the phone bill. Unfortunately we will not be able to use the phone bill provided because it is not in the Companies name. Please see the requirements below and send an updated phone bill.
In order to proceed with your Secure Certificate application we will need you to provide us a verifiable phone bill that shows the phone number on your application. The bill will need to be in your company’s name, show the address listed on your application, and cannot be older than 6 months.
Let me know if I can be of further service.
Yes it is. It is clearly in the Companies name, it is listed there just above the address……
So I contacted GoDaddy and it appears that unless I can have BT put the business phone number of the bill then no dice. Ok, how about a refund then? Oh, you cant because you gave me free products?
Godaddy? Go fail at providing services people paid for by asking for documents that simply dont exist.
Seems I am joining the mass of customers leaving then.
March 28th, 2011 by peter.bassill
If there is one thing in the security industry we are drowning in, it is acronyms dreampt up by over payed and over played marketing teams. Not that I think ill of the marketing people, they do a brilliant job and I just wish we had some more of them in our business. APT, or Advanced Persistant Threat, is the latest fad of the marketeers and the box shippers. The amazing and crazy thing about an APT is that it does not exist. In fact, all the APT is is the human between the computer and the keyboard (pink fluffy computer is my preferred term).
As I was thinking about this following yet another phone call from a nameless vendor who has a box to resolve the APT issue, I read through Bill Breeners article here where he is commenting on a conversation between Josh Corman of the 451 Group and security-privacy-compliance expert David Mortman. As every, worth a read.
April 6th, 2009 by peter.bassill
Recieved this forst thing in my email box:
I am Greg Fred Walter,i am offering a loan at a maximum low rate of 4%,both secure and unsecured,every interested applicant should contact us.
Contact Immediately below address greginvestmentlender@gmail.com
The Information Needed From A Client is Listed Below:
Full Name;
Amount Needed:
Phone Number:
Country:
Duration Period:
Age:
Sex:
Email Address:
Monthly Income:
Regards.
Greg Fred Walter
—————
Now of course no one is going to be silly enough to fall for this one are they? Or are they? This particular form of scum is playing on the heavily in need and desperate and with this form of email, he might just get a few takers. I certainly hope not though!