Major security vulnerabilities have been recently fixed in their products, but Microsoft still neglect to recommend NOT to send and receive Office documents as attachments in their security bulletin.  This, despite the fact that it is the recommendation of security professionals, AND they have already recommended not to send and receive their formats via email without taking precautions!
...

In my experience, one of the worst problems with email is that people trust it.  If anything looks remotely plausible to them, they'll click on it: URLs, attachments, whatever!  In fact, the issue of plausibility never really occurs to them.  I want to train my end users not to trust unsigned emails, but this has to be done in a way that is non-invasive to their day-to-day work.

What i would like to see is integrated, end-user-transparent S/MIME and OpenPGP support for Novell GroupWise and Hula.  The goal: to create a product that trains users to look for valid signatures as a matter of course and expect valid signatures when they receive messages from colleagues and other trusted sources.
...

The Email problem

Email has become the most common means for IT companies to communicate with their clients.  Unfortunately, some companies do it better than others.  The most basic mistake that most companies make in sending their emails is not making them verifiable. Email doesn't in itself provide any mechanism for ensuring the genuineness of its content.  Various types of malicious code (e.g. spyware, viruses/worms, phishing scams) use this lack of inherent genuineness to trick users into behaviour that can harm them and their computers....

Apparently, Tom Eastep's retirement from the Shoreline Firewall project is big news (as much as you can call being slashdotted "big news").  It has been seen as the death knell for non-corporately-supported free software projects, as they can't seem to sustain a sufficiently large developer community to gain critical mass.

What people don't realise is that this is not about free software projects in general, or even about Shorewall.  It's about Tom.  I've known Tom (electronically) for a few years now, and he has always been someone who found it hard to let his project go.  Over three years ago he identified that he couldn't keep up with the project and needed to cut back.  He also asked for help on a number of jobs relating to Shorewall.  If i remember correctly, some jobs he got help with, some he didn't.
...

This morning, i had an interesting message in my snort daily summary:
ATTACK-RESPONSES id check returned root

"That doesn't sound good", i thought, and went searching for an answer. The first few results seemed to indicate that a false positive was likely. Looking up the IP address, i found that it was one of the addresses belonging to irc.freenode.net. Looking up my IRC logs, sure enough, someone had cut & paste the output from a Linux command including the outputs of the id command, showing the uid as root.

Another hit in the first page of results was http://lists.sans.org/pipermail/list/2002-August/053676.html, which describes a similar event when viewing http://www.incidents.org/detect/rating.html.