[attrition] Fred Cohen's New Philosophy: "Let's Spam our Colleagues"
security curmudgeon
jericho at attrition.org
Wed Mar 29 10:30:09 EST 2006
This is a rant about some sleazy security marketeering.
Noted security expert Fred Cohen's got a book coming out, and that's
certainly good news for him and his readers -- as a fellow author, I wish
him well. However, what is NOT good news is that Chet Uber of
SecurityPosture.Com has taken it upon himself to spam the Internet community
repeatedly about the book in recent weeks. Further and more disturbingly,
in personal e-mail, Fred has confirmed his endorsement of Chet's spamming
activities, despite his (Fred's) own lengthy anti-spam philosophy found on
his personal website (http://www.all.net/spam.html). Hypocrisy, no?
So why is this spam "annoying than usual?" Let me count the ways --
1. Repeated reporting of this item to his ISP (Cox.Net) reporting previous
instances of this note have gone unanswered.
2. It starts off with the famously-spammy catchphrase "You have got to
read..." (No, I really don't....)
3. Chet includes the ENTIRE table of contents in the body of the spam. I'm
surprised he didn't include a listing of charts or photos as well. (It
probably prints out to 2 pages on paper.)
4. Chet includes a VERY lengthy book review in the body of the spam. Given
the size of his spam note already, one wonders why he only included a single
review.
5. Chet's e-mail header/footer implies that he is responsible and against
unsolicited e-mail, yet he chooses an "opt-out" format to manage his spammer
list. "Opt-out" by default is a very impolite way of building/managing
e-mail lists and akin to "asking permission later." (The fact they're
harvesting e-mails in the first place is another story, however.)
6. Various security folks report that it seems Chet/Fred are harvesting
e-mail addresses from various sources -- including, according to one person,
e-mail addresses found in conference attendee rosters, and another whose
"receive-only" account received these spam notes. (And folks wonder why I
don't give ALL contact information to event organizers...)
On a related note, as I made final edits to this note today, I received two
different copies of another Chet Uber Spam (CUS) that appears to be his
own personal security newsletter. I've never spoke with Chet, and to my
knowledge, never opted-into anything he produces....so again, here's a case
of a security firm apparently harvesting email addresses and spamming their
colleagues. How disgusting.
Fred and Chet, welcome to my spam blacklist, and congratulations on joining
the roster of those security organizations whom I hold in professional
contempt.
Rick
-infowarrior.org
More information about the attrition
mailing list