Re: TECH: Accountability and the Internet

[Dan Robinson <DAN@INFO.HWWILSON.COM>]

Let's put Karen Schneider's postings into perspective.
 
1.  She didn't name any names on the list.  All her communications
with the parties involved have been private.
 
2.  She alerted a school or a system that someone else was using their
address to send email. She possibly also alerted them to the fact
that it is possible and maybe heightened security awareness.
 
3.  She has possibly identified another system as to email security
problems.  [see the rest of #2].
 
4.  It is possible that the suspect email did come from site #2. If
it did, the site and/or network will probably be thankful that they
were warned and take steps to protect themselves.
 
5.  It is possible that site#2 has been spoofed from site#3, #4, etc.
If Karen (and helpers) are lucky and/or skillful they may be able to
track down the person who sent the message.  Then administrative or
legal options may come into play.
 
I don't see how this is different from a virus alert.  The event did
take place and others should be warned that it can happen. Some extra
care in learning about how programs work and putting policies in place
may save some other system from having this problem.
 
I find it interesting that Netscape is going to great lengths to
provide a secure method of transmitting financial data, but does not
provide a way to secure its own program from unauthorized uses.
 
 
Dan Robinson
dan@info.hwwilson.com