There is an interview on MSNBC with Bill where the readers could actually send the questions. It is all about their foundation and pretty impressive to read: http://www.msnbc.msn.com/id/21212128/site/newsweek/

Roger

There are different ways how to deal with Spam.

One is, to eat it (yes, I know it is an old joke but I still like it…) – see the "official SPAM website" J

If it comes down to e-mail SPAM, the problem is different: Most of the ISPs today are using technical means (say: SPAM Filter), the users do the same and finally, if the SPAM nevertheless reaches the mailbox, the user gets angry and simply deletes the SPAM-mail. This is a pretty expensive process on all sides.

Do you remember the blog I wrote about the "Economy of Cybercrime"? It comes down to the question how the economical view on SPAM looks like: There seem to be a lot of people still being tricked with these mails and actually are doing the business the Spammer promotes. So, the monetary value of spamming looks pretty good – otherwise they would have stopped anyway, wouldn't they? Let's have a look at the cost-side for the spammer: technically there is more cost involved in sending Spam as there was a few years ago. A few years ago you could send mail through a lot of open mail relays – today you have to use botnets, which you often have to pay for. Additionally the Spam filters are getting better and better as well. Nevertheless, the cost on the industry and user side to get rid of it is significant.

What about the risk of being caught and convicted? Well, it is pretty low due to two facts: In certain countries, spamming is not illegal at all. In other countries, the ISP cannot open a case against a spammer – we need the user to actually send the spam in and complain.

This is the reason, why we support two initiatives in this respect:

• Spotspam is an initiative which facilitates legal action against spammers at the international level. This is more than needed as there are close to no spam cases that remain within one single country. If you want to know more about Spotspam, you should visit their website http://www.spotspam.net/index.html
• Another initiative is coming from France. In France we need the end-user to complain about the Spam – but who does this? It is easier to just delete the mail – isn't it? Signal Spam is a platform that allows the user to easily send received spam back to the ISP who can then start to take legal action. This is a very interesting project in my opinion which could (or even should) be replicated in other countries as well. See their website: http://www.signal-spam.fr/en/index.php/frontend. I just found an article today on PCWorld written by Jeremy Kirk, IDG and I like the comments that were put to the article at the end.

Finally it comes down to the same conclusion as with Cybercrime in general: We have to work together to make them pay – and by "pay" I do not necessarily mean money, I mean legal actions. We have to work closely with Law Enforcement in order to catch them and make sure the spammers get what they deserve

Roger

I blogged already several times about Cyber-Terrorism. I think it is important to try to keep the pulse of these developments and to understand what the terrorists are capable of doing. There is an article about a recent event, where somebody tried to gain information about certain devices that ware critical for the critical infrastructure and the possible consequences: Cyber-Attacks by Al Qaeda Feared – pretty scary, I tell you.

But much more interesting is the analysis based on different interviews on the capabilities and about what the counter-terrorists found on the notebook of terrorist. This is pretty interesting to read: What are AlQaeda's Capabilities?

Just a few quotes:

• Richard Clarke (former Whitehouse Cybersecurity Advisor): We, as a country, have put all of our eggs in one basket. The reason that we're successfully dominating the world economically and militarily is because of systems that we have designed, and rely upon, which are cyber-based. It's our Achilles heel. It's an overused phrase, but it's absolutely true.
  It could be that, in the future, people will look back on the American empire, the economic empire and the military empire, and say, "They didn't realize that they were building their whole empire on a fragile base. They had changed that base from brick and mortar to bits and bytes, and they never fortified it. Therefore, some enemy some day was able to come around and knock the whole empire over." That's the fear.
• John Arquilla (Associate Professor of Defense Analysis at the Naval Postgraduate School): What bothers me more than anything else, as I look at the data each year coming out of the various computer emergency response teams, is that hackers could do a tremendous amount more damage than they choose to do. This says to me the threat is real. We need to get our arms around it before people do get serious about making costly, costly disruptions a way of life. ...
• John Hamre (Former US Deputy Secretary of Defense): Terrorists are after the shock effect of their actions, and it's very hard to see the shock effect when you can't get your ATM machine to give you $20. When we had this last worm or whatever it was, I went down to the bank, tried to get money out of the ATM machine, and I couldn't get any money out. Well, it was frustrating to me personally, but it doesn't translate in the same way that flying an airplane into a building does. So I don't think that it has the essential quality that terrorists are looking for, which is this startling impact on society.
  Now if it's possible, for example, to have rolling blackouts in entire cities, that, of course, does have more potential implications. That was much more likely four and five years ago. But in all honesty, I think we've done a lot to warn ourselves about this. In almost every one of these people that run big utilities, there's always some guy in the back that knows how to turn off the computer and turn on the electricity again.
  So I personally think that it's not likely to be a cyber terrorist event in the near term. But it's still a serious problem.

So, how real is it really?

Roger

Wow! Ever thought that you are a phishing-expert? Ever tried to train your users? Carnegie Mellon University developed a game which trains you or tests your knowledge (where ever you are). I like it: http://cups.cs.cmu.edu/antiphishing_phil/

Roger

One of the problems I often see with some of our products is that they actually have some great features but not enough people know about them. Sometimes I am meeting a customer and he or she is telling me that they are just running an evaluation for a new piece of software. When you talk with them, they simply do not know that they actually already bought this functionality – with Windows. One of the examples is the Radius server. Often I met customers using Radius and having spent quite some money – without knowing that Windows Server already has one (for those who are looking for it: It is called Internet Authentication Server (IAS) or Network Policy Server (NPS) in Windows Server 2008).

Another example – however newer – is Windows Cardspace. A cool part of the operating system that helps the user to get back control over his or her personal information as well as passwords.

The best starting point for you to understand how Cardspace works is the One-Minute-Demo you will find here: http://channel9.msdn.com/Showpost.aspx?postid=306082

If you like to get more information on Cardspace, the best starting point is: http://cardspace.netfx3.com/

So, get familiar with it – it is a great technology to be used and give the user back control in the Privacy space as well as helps to prevent phishing

Last but not least, if you would like to use Cardspace with your Windows LiveID, there is the how-to: http://winliveid.spaces.live.com/blog/cns!AEE1BB0D86E23AAC!931.entry

Roger