Jason Pearce

Lambda Chi Alpha uses several third-party web-based services. One of which is RegOnline, a service that enables our office to process event registrations and credit card payments online.

In many cases, RegOnline works as expected. Users visit their site to register for an event and our staff is able to manage their registration. When it comes to printing name badges, however, RegOnline falters.

RegOnline’s name badge widget runs on Active X, which as you know, requires a Windows OS and Internet Explorer. But wait, there’s more; the badge widget also requires that the user has Administrative privileges.

Requiring users to have Windows and IE is frustrating, but tolerable. But requiring them to also have Administrative privileges is bad business. In our office of 35 employees, only three folks have such privileges, and that’s our IT team. I suspect most businesses operate this way.

For a company whose sole business resides on the web, it baffles me to find unnecessary audience-narrowing services such as RegOnline’s badges.

Looks like Jon Maddox wrote a plugin for Xbox Media Center that enables XBMC to view photos you’ve stored on Flickr.

I’ve recently read reports that phishing email traffic now exceeds virus email traffic.

I conducted a survey of my work email in box upon returning from vacation and found 74 percent of the messages were legit, 18 percent were spam, 6 percent were phishing attempts, and 2 percent were viruses.

One of the suspected phishing attempts was this message from Verisign, a company that focuses on internet security services.

—–Original Message—–
From: VeriSignSurvey@walkerinfo.com
Sent: Thursday, April 28, 2005 3:56 PM
To: Pearce, Jason
Subject: Reminder…VeriSign Requests Your Feedback

This is a reminder about the VeriSign customer relationship program. You should have recently received an invitation to participate.

This program is designed to help VeriSign better understand your needs and concerns, drive those concerns throughout VeriSign, and deliver genuine value to enhance our business relationship.

We know your time is valuable — but we do hope that you choose to participate.

Please click on the hyperlink below and follow the instructions to complete the survey. Your survey will go directly to Walker Information who will process and analyze the data.

We look forward to hearing from you and greatly appreciate your feedback.

https://survey.walkerinfo.com/

(If you have any problems using this link or address, please contact support@walkerinfo.com)

If you feel you have received notice of this opportunity in error, please respond to this email and simply place the word “DROP” in the Subject box.

The sender of this message is @walkerinfo.com, the URL is walkerinfo.com, yet it is supposedly a VeriSign survey.

Though I assume VeriSign has outsourced the survey process to Walker Information, how is one to know? This could be a classic phishing attempt for me to reveal a bunch of information about Lambda Chi Alpha or me individually. Or, it could be a legitimate survey from a company I trust.

It’s a shame that phishing attempts have brought me to globally and promptly delete any request for information that shows up in my in box, but it has.

Lambda Chi Alpha has the same problem. We use different third-parties and domains to send out HTML email newsletters, to process conference registrations, and to accept online payments. As users become more aware of phishing, how can they trust that Lambda Chi Alpha is the source of the content if it doesn’t come from us?

They can’t and they shouldn’t.

A security company like VeriSign should recognize this problem and integrate all third-party services into their own domain and communications. And so should Lambda Chi. I’ve got my work cut out for me.