Varonis: the jelly-to-the-peanut-butter of net file shares

This isn't my usual area, but I had such an interesting and thought-provoking meeting with Varonis's Johnnie Konstantis that I wanted to blog a few notes...

Varonis produces a management tool to help IT do "unstructured data governance." In other words, it helps people manage the random dumping grounds of opaque files sitting around on shared drives. Compliance and e-discovery are the watchwords here.

Varonis is very proud of its EMC partnership. EMC resells the product to its disk array customers. EMC is also a customer: with 40K users of 420 file servers storing almost a petabyte of data.

More notes:

• It integrates with ActiveDirectory and ensures that file system permissions adhere to policy.
• It offers a richer user interface for permissions than Windows itself.
• You can navigate and drill into Windows server access logs, which is useful for e-discovery.
• It also helps you ensure your super-users aren't snooping on sensitive data.
• It helps you find the business owner of data, which is important for e-discovery.
  
• It can flag potential permission revocations (e.g., where a user hasn't used that permission in a while, because the user has changed jobs)

Jeremy Jaynes gets a free pass?

It's déjà vu all over again. I see that Jeremy Jaynes has won his most recent argument in Virginia that the state's anti-spam law is unconstitutional. (Once again, thanks to Slashdot for the heads-up.)

Jaynes would have us believe that spamming is protected speech under the U.S. First Amendment. The court didn't exactly say that, but concluded that the law as written was overly-broad, because it didn't explicitly differentiate between commercial speech and any other kind of speech (e.g., political expression).

While I agree that anti-spam laws shouldn't restrict political speech, I have a couple of issues with this decision:

1. Spam is spam, whatever the content; I'd hate this to be seen as a license for nut-jobs to fill my inbox with political rants.
2. Doesn't the U.S. constitution already make it clear that commercial speech isn't unprotected?

As I noted back in March, it was worrying that the previous decision was split 4-to-3.

Again, I say I find it really hard to believe that the American founding fathers intended my inbox be full of spam.

More at today's IT Blogwatch EXTRA...

Scott Richter Settles Another Spam Suit

Oh looky, it's our "friends" Steve and Scott Richter in the news again. This time, they've settled with MySpace for $6 million after being accused of spamming thousands of MySpace.com users -- and using phished accounts to do it (see today's IT Blogwatch for more).

Of course, Scott gave up spamming some time ago. Or did he? Brian Krebs today offers an interesting investigation into domain registrations of spamvertised Web sites:

More than three quarters of all Web sites advertised through spam are clustered at just 10 domain name registrars ... Out of the 15,000 spam-advertised domains we examined, nearly half -- 7,142 names -- were registered through a Broomfield, Colo. company called Dynamic Dolphin ... the seventh most-popular registrar among spammers ... [and] owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. The CEO of Media Breakaway is none other than Scott Richter, the once self-avowed "Spam King" who claims to have quit the business. Anti-spam groups also have recently implicated Media Breakaway in the alleged hijacking of more than 65,000 Internet addresses for use in sending e-mail and hosting commercial Web sites.

Remember kids, Rule #1: Spammers lie.

Jeremy Jaynes Lost Appeal, but...

Hmmm, so I see that Jeremy Jaynes has lost his appeal in Virginia that spamming is protected speech under the U.S. First Amendment. (Thanks to Slashdot for the heads-up.)

Jolly good, and no surprise there, I think. However, why on Earth was it a 4-to-3 split decision? What were those three state supreme court judges thinking?

Well, according to the AP:

Justice Elizabeth Lacy wrote in a dissent that the law is "unconstitutionally overbroad on its face because it prohibits the anonymous transmission of all unsolicited bulk e-mail including those containing political, religious or other speech protected by the First Amendment."

Oh, balderdash. I find it really hard to believe that the American founding fathers intended my email to be full of spam.

Alan Ralsky Indicted

Well well. It seems the Feds have decided that Ralsky has been helping the Russian stock kiters...

A federal grand jury indictment was unsealed today in Detroit charging 11 persons, including Alan M. Ralsky ... in a wide-ranging international fraud scheme involving the illegal use of bulk commercial e-mailing, or "spamming" ... The charges arose after a three-year investigation ... revealed a sophisticated and extensive spamming operation that, as alleged in the indictment, largely focused on running a stock “pump and dump” scheme.

Much, much more at today's IT Blogwatch.

(Happy new year, by the way.)

Soloway Arrested

I guess it's OK to call Robert Soloway a spammer -- he's already been convicted in U.S. civil charges of spamming in 2003.

This time though, he's been arrested on criminal charges, brought by the FTC. The list of laws he's alleged to have broken is extensive:

• 10 counts of mail fraud
• 5 counts of wire fraud
• 5 counts of identity theft (aggravated)
• 13 counts of money laundering
• 2 counts of email fraud (the only counts related to the CAN-SPAM Act)

If convicted, the possible penalties add up to a very long time in jail. Aunty Beeb thinks 65 years, but that estimate might be on the high side...

Assuming that he didn't give up spamming in 2003, his arrest (so far without bail) should at the very least cause less spam to be sent (i.e. the spam that would have been sent by him while he's under arrest). If he gets jail time, so much the better.

So far, all the high profile civil spammer convictions have involved fines, with the exception of Jeremy Jaynes. These fines seem on the face of it to be large, but in comparison with the money earned by successful spammers, not so much.

While those convictions increased spammers' fear of getting caught, they also served to publicize the amounts that successful spammers can make -- it may have actually encouraged new spammers to enter the game. That's the law of unintended consequences in action.

This is how the law works. Laws encode a society's terms of acceptable behavior. The credible threat of punishment removes the incentive for bad actors to... well... act badly.

The various laws that prohibit spamming just got much more credible.

More: Seattle PI / TechMeme