[Discuss] box.net

[blu at nedharvey.com (Edward Ned Harvey)]

> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Matthew Gillen
> 
> It's possible that your email address was unintentionally leaked,
> although in the case of the bank, that is much scarier than the other
> explanation (that the bank sold your info to spammers).

Actually, the story behind Citizens Bank was:  When I was new in the
neighborhood at a former residence, I went to the bank to open a new
checking account, and I forgot my new home address.  I mistakenly gave them
the wrong address, a street number which didn't exist, 7 houses away from my
actual house.  The post office was smart enough and friendly enough to
always deliver mail addressed to 320 South Rd, although I lived at 313.
Unfortunately, they never delivered anything addressed to 320 that I
actually wanted to receive.  ;-)

After posting this message about box.net, I got another reply from another
user, who referenced the following:
http://community.box.com/boxnet/topics/after_joining_box_net_my_email_addres
s_is_getting_spammed

I replied with the following:

I agree that box.net, like any other reputable company, isn't going to
underhandedly disclose information like this to spammers.  However, I've
witnessed enough scenarios where some hackers implanted a virus into a GIF
or a JPG or whatever at yahoo, or similar sites...  I believe most likely,
the *actual* cause of the problem here is...  Either box.net as a whole, or
some individuals in the company, or just one of their servers use hacked up
laptops with viruses and junk in them.  They think they have it under
control (as most people do) but ...

Last I knew, the antivirus/antimalware business was a $4b industry.  And
credit fraud/identity theft was a $40b industry.  The job of the bad guys is
to find any unknown or unfixed vulnerability, and exploit it.  The job of
the good guys is to prevent *every* such possible attack.  The bad guys make
their money by stealing from you, or stealing from somebody else on your
behalf.  The good guys must convince you to voluntarily pay them for
protection before you get something bad.  Most users think antivirus should
be free (and consequently don't pay.)  Most users run some kind of
antivirus, but even after their antivirus fails them, they still just use
antivirus and antimalware, thinking they'll be able to clean it out after
the infestation.

Long story short, the good guys are losing.  And when the good guys are
losing, the best strategy is to retreat.

This means...  Yes, you should run antivirus and stuff, but you should not
rely on it.  The only suitable defense is good backups.  At the first sign
of any virus or any junk on your computer, simply nuke the whole thing back
to yesterday.  It's the only strategy that works, but unfortunately, it only
works if you prepared in advance.  Which most people don't do.

In the many, many times that I've helped somebody rid their computer of some
kind of infestation...  99% of the time it's a failure.  The bad guys are
smarter, more motivated than the good guys.  Even if you successfully clean
it, they put hooks in that just immediately re-infest you.

The discussion you referenced is dated seven months ago.  In the last 7
months, they have had plenty of time to get their act straight.  If they
didn't do it yet, I don't believe they will ever be successful.  Not because
they don't care, but because they just don't know how.   It represents a lot
of work, to clean their systems, or they don't know how or which systems
need to be cleaned.