Previous Blog Entry Next Blog Entry

VR & IM Security

November 21, 2006

Aaron Schmidt points to a post from Oregon’s Statewide Digital Reference Coordinator, Caleb Tucker-Raymond: a spam filter for questionpoint.  What, you might ask, would QuestionPoint need a spam filter for?  Well, questions come in via web forms, and like all web forms (like blog comment forms), they get spammed.  Fortunately, Caleb believes he has come up with a solution for his library.  The sad thing is that individual organizations are having to figure this out.  It would be nice if QuestionPoint developers would take this problem into consideration.  I can’t believe they haven’t been told about it.  Caleb writes:

I haven’t used Meebo or other web IM clients much, so I’m not sure if
embedding and HTML image or movie or piece of malicious code would be a
problem, but something tells me the IM people have it figured out
already.

Indeed…I don’t get spam in IM.

Aaron also points out that librarians and their IT staff have always assumed that these big name web-based chat services (QuestionPoint, Docutek, Tutor.com) are safe and not a security threat but that IM is.  Why is that?  Lack of familiarity with "the new," I would guess.  A guess that if you pay for it, it’s inherently good and safe.  An assumption that if a company puts its name on it, it’s safe (yeah, Microsoft has done a really good job with that one *guffafw*).

“VR & IM Security”

  1. Anonymous Says:
    November 21st, 2006 at 2:45 pm

    sarah

    i’d like to disambiguate the two posts you’re referencing -

    11/7/2006 “more colors and strange fonts in transcripts” has the quote about the IM people having figured it out already
    http://www.oregonlibraries.net/staff/index.php/2006/11/07/more-colors-and-strange-fonts-in-transcripts/

    11/9/2006 “A spam filter for questionpoint” discusses how we divert spam received by our e-mail forms. http://www.oregonlibraries.net/staff/index.php/2006/11/09/a-spam-filter-for-questionpoint/

    i am glad aaron pointed these out as related issues (he links to three posts), i wasn’t even thinking of that at the time. you’re right, of course-qp chat spam *could* contain malicious code or even embedded youtube videos ;) . it wouldn’t be executed until a librarian opened the transcript after the chat, but reviewing for quality is something we are all encouraged to do.

    i did report the html-security problem through their support channels, but maybe this kind of attention will spur them to action.

  2. Sarah Houghton-Jan (LiB) Says:
    November 21st, 2006 at 3:19 pm

    Thank you for providing both links. And thank you for raising these issues, which are important to all of us.

Leave a Reply

LiB's simple ground rules for comments:

  1. No spam, personal attacks, or rude or intolerant comments.
  2. Comments need to actually relate to the blog post topic.