On Sunday, May 15, 2005, 8:07:30 PM, Computer wrote: CHS> Thanks for the info. That would explain why my questions were not replied CHS> too. Thought no one was checking. I will resume sending spam.
CHS> Can you explain what you meant by: "This is to prevent any kind of "social CHS> engineering" that might be attempted". Contrary to popular belief, most important security violation hacks are based on social engineering rather than technical means (spyware, breaking firewalls, worms, etc). Since it is very important that our services remain secure, we implement a number of protocols to prevent ourselves from being "tricked" by social engineering. A well known example of social engineering these days is the phishing spam --- the message appears to be from your bank, which you trust, and so when your "bank" asks you to refresh their memory about your information you are tricked into giving it to them --- that is, unless you are hep to the scam. Similar scams happen all the time in larger support organizations where a fake technician or user might call in to support, pretend to be "one of the guys" and ask for a quick password reminder or some other important technical tidbit. Often enough this stranger pretending to be a friend will walk away from the phone call with the password or technical detail they want -- then they can then gain access to the system at their leisure. Along these lines, if someone pretending to be one of our users asks us a question in a spamtrap then we will ignore that content - just in case it is some black-hat trying to trick us. Another aspect of this protocol is that it helps us avoid false positives -- if the text appears to be a legitimate technical question to anyone then by definition it is "not spam" so we will skip it (unless we notice a trend...) Similarly - our false positive process includes software and procedures that check the authentication of the sender to verify that they are really a customer before we respond with any potentially secure information. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html