http://blogs.msdn.com/brandonhoff/archive/2004/03/12/88793.aspxI'm not going to reveal anything revolutionary here, but it's important nonetheless..... IMO, if there's one site that you need to pay attention to at Microsoft, it's this one: http://www.microsoft.com/security/security_bulletins/ You hate websites? Oren-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/brandonhoff/archive/2004/03/12/88793.aspx#88849Sat, 13 Mar 2004 00:23:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:88849Jerry PiskAnd why exactly should I trust an RSS feed anymore than e-mail? If they're not secured (S/MIME or SSL respectively) neither should be trusted. And if they are secured (e-mails signed and RSS feeds authenticated) then you can trust either. Saying e-mail insecure, RSS feed secure is too much simplification... Afterall, it's not that difficult to spoof a web site, as long as it doesn't use SSL (then you'd have to come up with a trusted certificate to a well known site). And you can trust e-mails, as long as they're signed (and of course, you verify the certificate, as you would with SSL).http://blogs.msdn.com/brandonhoff/archive/2004/03/12/88793.aspx#88862Sat, 13 Mar 2004 01:18:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:88862Brandonok, so NO MORE CONCERNS was a blanket statement that probably should be retracted, thanks Jerry. With the incredible simplicity in which SMTP is spoofed, and the difficulty for the average person to understand how to verify and handle digital certs. Excellent point however Jerry, I concurhttp://blogs.msdn.com/brandonhoff/archive/2004/03/12/88793.aspx#89000Sat, 13 Mar 2004 09:15:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:89000Jerry PiskBrandon, I actually wanted it to point out that spoofing web sites is not as difficult as most people think. A simple hosts file entry will have you downloading malicious code while you think you're getting critical updates from Microsoft. Especially since most Windows users run as Administrators, so they do have enough rights to change their hosts files (offtopic rant: would someone please explain why WinXP creates user accounts as Administrators? At least the first one, but how many users actually create an extra account just to get around this). <br> <br>But my points about signed e-mails still stand...http://blogs.msdn.com/brandonhoff/archive/2004/03/12/88793.aspx#6525055Mon, 26 Nov 2007 06:21:29 GMT91d46819-8472-40ad-a661-2c78acb4018c:6525055TIP: Quick thoughts on Security....<p>PingBack from <a rel="nofollow" target="_new" href="http://feeds.maxblog.eu/item_943214.html">http://feeds.maxblog.eu/item_943214.html</a></p>