(Note: an older post that never got posted.)

CNN has a new revenue source: t-shirts with CNN headlines. You can create your own with a URL like this:

http://www.cnn.com/tshirt/?headline=Information%20Security%20knows%20where%20you%20go!&date;=1208742566000&hash;=e6019d52c9d91cc8eb4e077d85751edc&return;_uri=http://www.cnn.com/video/%23/video/world/2008/04/20/thatcher.prince.william.chopper.itn

Just replace the text between the “headline=” and “&date;”. Space characters are the “%20” values. There seems to be a limit to the number of characters. And it doesn’t work without the return_uri value. I never have liked creating links with parameter values in them. Too easy to hack the values.

Like in this story, where the Oklahoma state database of criminals can be easily hacked to add the name of your choosing to their database. I believe it’s been fixed, but one of the stories is here from the guy that found it http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx .

As for the CNN T-Shirt page, I don’t think it would be too difficult for someone to create thier own form page that would have an input field for the T-shirt text, then creates the URL for the CNN t-shirt. Don’t know if you could actually order said T-shirt.

Some progress in the email wars, where large messages were killing my mail servers. It seems that the large files were being stored in a temp folder which was not excluded from real-time virus scanning. No indication in the SurfControl (Websense) docs that this was happening. But it was causing much intermittent consternation as mail would get backlogged. When you process over 600,000 messages a day, you can get a pretty impressive six-figure backlog in short order.

So, I have applied their recommended workaround. Some more testing to see if that fixes that particular problem. It took about a week’s worth of daily tech support phone calls (each call over an hour), and lots of file transfers to determine this one.

And my rant on their user forums did get the attention of the support manager. Although they are discontinuing the forums to concentrate on email and phone support only. No sharing of information (or complaints) by end users in a message forum.

Not out of the woods yet, though. Several other major problems with the SurfControl (now Websense) products that are making it difficult to stay with that product. Those problems still need to be resolved.

For a bit of fun, head over to my other place www.securitydawg.com . You’ll find that I am easily amused.

Mail filtering software still takes much of my time. Two of the mail servers yesterday got ‘stuck’ in the same manner as before. It appeared to happen Sunday morning, and I wasn’t able to get to it until that evening. That irriated a few people, but our company doesn’t have 24/7 support (even though the IT dept has asked for funding for that). Most people assume that email is instantaneous, and get irritated when email doesn’t get delivered this very minute.

The interesting thing is that I left a comment about the apparent reduced support at the vendor’s site. And then I got a call from the support department’s boss. After introducing himself, he did the standard ‘break the ice’ greeting of ‘how are you today?”.

To which I answered “irritated”.

I think that was a bit unexpected.

The upshot is that he has assigned my four open cases (one from February, two are several weeks old, and the new one that I mentioned today) to his ‘third-level’ support guy. He (or she) is supposed to call tomorrow. We’ll see if there is any progress.

In the meantime, I am investigating alternatives.

Spent most of the day trying to figure out email problems. And they are mostly caused by our mail filter vendor (Websense, who bought SurfControl). Support for this product, even though we pay mid-5 figures a year for what they call ‘priority support’, is woefully inadequate. You would think that for that price, we’d get better response. All an email gets is an automated response, but no response from the tech support staff.

Well, sometimes you’ll get a response after two weeks that says something like “we’re assuming this matter is closed, since we haven’t heard from you about this issue in a while”. But even an immediate response to that is met with silence.

Even though our support contract doesn’t end until December, I am seriously considering moving to another solution for our email and web filtering. I actually should have pulled that trigger before the last renewal.

Today is the day that you don’t want to believe what you read on the Innertubes … more than usual.

You’ll find lots of allegedly humorous pages trying to fool you. And lots of emails that contain links to malware.

So, be careful out there.

Now, please excuse me while I do a backup to my WORN drive (Write Once, Read Never). Can’t be too careful.

Been working on a vbscript program that checks the update and anti-virus status of a group of computers, storing that info in a nice html file. Almost finished; testing takes about 10 minutes, since it talks to a whole ‘Class C’ IP address range.

And monitoring the anti-spam mail system. There’s a bit more spam that has slipped through our defenses, and it’s difficult to stop those. We’ve been pretty successful in spam filtering in the past.

Our users might be a bit spoiled, though. I get complaints if just a few (under 10) spams slip through each day.We’re blocking 94% of all messages (about 600K a day) as spam. That’s up a bit from the 90% a month ago. Still pretty impressive, though.

And still working on my latest secret money-making web site. Using some free (GPL) software, but there seems to be minimal support of one of the modules I need to use. I may have to delve deeper in the PHP code to fix things.