Lost in Translation? Bill Gates in Korea...

Something very wrong here...

SEOUL, South Korea (AP) — Microsoft Chairman Bill Gates said there will be a vast shift in Internet technology over the next decade as he met Tuesday with South Korean President Lee Myung-bak.

"We're approaching the second decade of (the) digital age," the software mogul and philanthropist told Lee at the start of their meeting at the presidential Blue House, according to a media pool report.

"The Internet has been operating now for 10 years," Gates said. "The second 10 years will be very different."

Excuse me? “The Internet has been operating now for 10 years”???

Uhh, tell that to the National Science Foundation, who switched on the Internet as we know it today in 1983, migrating from the old ARPANET, which had been going since 1969.

He can’t possibly mean the Web, as that’s been going for over 15 years. He can’t even mean Internet Explorer — the first version of which was released in 1994.

Bizarre.

Your Reputation in Peril: Use Outbound Spam Filtering

Whether or not you or I believe Borderware's amazing claim that it filters 98% of spam using reputation alone, it's clear that reputation is increasingly important.

No surprise there, but what's the implication on legitimate email users?

As more and more spam filtering relies on your reputation as an email sender, your reputation gets more and more important. Lest we forget, most spam is sent by malware-infected zombies, some of which could be on your network.

That's why outbound spam filtering is increasingly important. It's not just about being a good 'net citizen -- you need it to protect your reputation.

If you don't keep a lid on spam exiting your network, your reputation will be trashed. In crude terms, your outbound IP addresses will be blacklisted, meaning your ability to send email to your legitimate business contacts will be severely limited.

If a few of your users are unwittingly sending spam, then all of your users will have serious trouble sending legitimate email.

Of course, an outbound spam filter can't, by definition, use sender reputation. It has to rely primarily on content filtering. Those that claim that reputation is the be-all-and-end-all of spam filtering are missing an important point.

With thanks to Proofpoint's Andrew Lochart and David Stanley, for a stimulating conversation last week.

The Media is Bored with Spam?

I moderated a Ferris Research webinar earlier this week. It was intended to be a press-only event, to support a client's press release. Inevitably with these things, a few non-press register, but that's perfectly OK.

The client is a new spam filter vendor, that seems to have an interesting new twist on the problem (I'm reasonably convinced that it's not just a silly FUSSP).

The thing that really surprised me was how few press people turned up. In fact, non-press outnumbered the press folks two-to-one. What's up with that?

I also heard from the client's PR person (hi, Donna) that nobody has anything spam-related on their editorial calendars.

Doesn't the mainstream media care about spam any more? Certainly their readers do, as evidenced by the continuing churn in the spam filtering marketplace.

Any thoughts? Click the comments link below: I'm all ears.

BorderWare claim: Amazing Reputation Filtering (RSA)

BorderWare is making a very interesting claim. It seems to be blocking an enormous proportion of its customers' inbound spam simply using IP reputation.

While most anti-spam vendors these days talk about blocking roughly 75% of the spam using IP reputation (basically a fancy word for DNSBLs), BorderWare's quoted statistic is 98.3%. Wow, that's a lot -- especially considering that the law of diminishing returns almost certainly applies.

This is a good thing because the more spam one can identify and block by reputation, the less spam content one has to examine using techniques such as Bayesian analysis, which are computationally "expensive".

But how does the company achieve such a high figure? By slashing the time taken for new entries to be added to its centralized reputation database (BSN, or "BorderWare Security Network" -- soon to be rebranded as "Reputation Authority").

These days, new zombie spam sources don't hang around to be detected, they get sending as soon and as fast as they can -- the botmasters have realized that a fresh, undetected spam source is far more effective than an old, known source. Minutes count; in fact in the spameconomy, time is money.

Proofpoint has a Reminder: It's Still Here (RSA)

Proofpoint has a new VP of marketing, and not a moment too soon. Andrew Lochart is the first to admit that his new employer has been very quiet recently, and he aims to change that.

Aside from the recent $20 million funding round and the additional 40 employees hired already this year, he reminds us that Proofpoint recently launched a hosted email security service, Proofpoint On Demand. This means that Proofpoint now offers its technology as a service, as software, as an appliance, and as a virtual appliance (a virtual-machine image of the appliance).

Sticking with what seems to be a "hybridized" theme, customers can mix and match the different form factors, while still managing them all from a single console. Handy, that.

2factor: Interesting Encryption Technology (RSA)

2factor is primarily an encryption technology licensing business -- the company sells its technology to OEMs. The core technology is called Real Privacy Management (RPM).

It works by calculating symmetric private keys (i.e., it doesn't use a public/private key pair). Each party in a transaction has a private key, which it presents to a trusted intermediary. The pair of keys defines a series of encryption keys, to be used in sequence.

2factor says the benefits are:

1. Very fast encryption (the calculations can be done using register arithmetic); perhaps 100x as fast as Diffie-Hellman, for example.
   
2. Provably secure, unlike elliptic curves for example.
3. The trusted-intermediary architecture can be generalized, permitting a federated model.
   

Voltage also has a Hybrid Service (RSA)

Hybrid services seem to be quite the theme on this weblog, for some reason. I just talked to Voltage Security, which announced something called "Connected VSN" today.

Now, I know what VSN is -- the Voltage Security Network. It's a hosted service that implements the key management for Voltage-style identity-based encryption (IBE). The idea being that instead of on-premise key management, you centralize the key generation in the cloud. This is similar to the architecture used by Identum (now part of Trend Micro). But what's the "Connected" bit all about?

There's a class of customer who wants to do outbound encryption at the gateway -- possibly driven by local policy -- but doesn't want to provide the decryption service to non-local users. This type of hybrid architecture is what Connected VSN is for.

The sender has an on-premise Voltage appliance that manages keys and performs outbound encryption. Recipients then use the VSN service hosted by Voltage to decrypt the message.

IronKey: an Encrypted USB Flash Drive on Steroids (RSA)

Update (April 16): IronKey yesterday “announced full FIPS 140-2 Level 2 security validation ­ at the product level, rather than the more typical component-level validation.” Shame it’s “only” level 2, but I guess that’s a start and is probably more than adequate for the vast majority of applications.

IronKey isn't just another encrypted USB flash drive-key-stick-thingy. For a start, the company makes a big thing of their claim that IronKey is the only such device designed from the start to be secure (as opposed to a flash drive that's had security "bolted-on", presumably). Well, that's an interesting claim, but of arguable merit. However, there are other aspects that are worth talking about:

1. This key will self-destruct -- if you try to disassemble it, or if you enter the wrong password too many times, the IronKey doesn't just wipe itself, it destroys the flash memory, the company says.
2. It's not just a device, but also a service -- if you register the device on IronKey's Web site, the company offers password recovery/escrow and access to IronKey's own TOR anonimizing network (i.e., a private network, not the usual public one).
3. It also acts as a 2FA device -- a firmware update will add the necessary logic to make it act as a Verisign VIP device, for two-factor authentication. An "enterprise" version of the device will also have similar support for RSA SecurID.
   

Shipping now for Windows XP and Vista. Mac and Linux support are "nearly ready".

Love him or hate him, the episode of Steve Gibson's podcast about IronKey has more about the device, including an interview with IronKey CEO, Dave Jevans (yes, that Dave Jevans).

Trend Micro's Hybrid Hosted Service (RSA)

Trend Micro takes an unusual approach with its hosted ("managed"; "in-the-cloud") email security service. Rather than trying to do everything, it sticks to what a service is good at.

Trend is applying the Pareto principle (a.k.a. "80/20 rule"). The company promotes a "hybrid" approach, with the hosted service implementing only a first level of spam filtering based on reputation -- filtering roughly 80% of the inbound spam. The remaining email is passed on to spam filtering appliances on the customers' premises, to deal with the other 20%.

The on-premise appliance can therefore more easily be customized to conform to local policy. When it comes to filtering spam using content, it's best to have an understanding of the types of legitimate content that the organization sends and receives -- the obvious example is medical organizations, who may well expect to receive email about a certain blue pill who's name begins with 'V'.

Of course, organization-specific customization ''can'' be done in the cloud -- there's nothing intrinsic about it that forces it to be on-premise, but this split in responsibilities seems like it has merit.

Off to RSA

I'll be at the RSA conference next week, Monday-Wednesday. I'll also be doing other meetings in the SF bay area on the 3rd and 4th.

If you want to meetup or just get in touch, best bet is by email or text (+447789200701).

Your humble, award-winning blogwatcher

Update: for those of you clicking through from Yahoo Finance's Apple page, no I don't know why, either. But welcome, anyway! Feel free to read some more of my stuff.

Golly. My IT Blogwatch thingy over at Computerworld was just recognized as one of three Computerworld blogs to swing a Jesse H. Neal Award.

If you peer really carefully at this pic, you'll see my idiot-grin in the screen shot...



The very not-dead Linda Rosencrance says:

Computerworld today won Jesse H. Neal Awards for best Web site, best online series for its coverage of Apple Inc.'s Leopard operating system, and best blog ... "I don't think it's a stretch to say this may well be the single most outstanding accomplishment in the history of Computerworld," said Don Tennant, vice president and editorial director of Computerworld. ... The blog award recognized three blog posts in particular, one from the Web site's daily IT Blogwatch written by Richi Jennings, and others written by Ian Lamont and David Ramel. more

Blush.