…how do you primarily rely on network security as we have done for the Web’s life, when the Cloud abstracts the network away?
Gunnar points out IT security has been using firewalls and SSL as primary security
for every network acccess software change since 1995.
In 1999 when SOAP emerged as a firewall-friendly protocol designed for the explicit reason to go through the firewall, that should have been a wake up call to Information Security that the “firewall + SSL” security architecture was past its prime, but here 10 years later we are still hitting the snooze button.
Here many years after we lost email for everybody but aging geeks and banks,
IT security continues to snooze like Rip van Winkle.
While the world changes around it:
Continue reading →
Back in February, Verizon announced it would start requiring outbound mail go through port 587 instead of port 25 during the next few months. It seemed like a good idea to squelch spam. Most other major ISPs did it. People applauded Verizon for doing it.
Unfortunately, it seems that if it had any effect it was short-lived. Looking at anti-spam blocklists on a daily basis, a couple of Verizon Autonomous Systems (ASes), AS-19262 and AS-701, do show dips in blocklist listings on the blocklist PSBL in March. But they don’t last.
Spammers are very adaptable, partly because the botnets they use are adaptable. Good try, Verizon.