So yesterday I received a rather interesting email. Subject: "INFOSEC Scholarships & Fellowships for PhD or MS + Free CISSP Exam Prep Events." Hm, I didn't know that "information security" suddenly became an all-caps acronym. How come no one asks me first about these things? Anyway, it purports to come from the University of Fairfax, who seems to be outsourcing their spam to IQMailer.net. I suppose if you're gonna set up an outsourcing business, spam is as good as anything. There's no paperclip icon next to the message, so I open it. Sure enough, it's an ad enticing me to "advance my INFOSEC career to the next level" (the next time I hear "to the next level" I'm gonna throttle whoever says it) because "the federal information security budget will grow to $20B+ by 2008, will your INFOSEC career grow as fast?" I'm so happy that the University of Fairfax and Aladdin Knowledge Systems care so much about me! I'm honored! Yeah right.
Here's the clueless, somewhat frightening, and hugely ironic part. This message -- sent to me because I'm a subscriber at SearchSecurity.com, advertising a way to learn more about security through courses and exam prep, had an ActiveX control attached! You'd think that people teaching security would know better, and you'd also think that SearchSecurity.com would know better too and at least make sure the email abides by standard security practices. I guess not. Shame on you SearchSecurity.com, and shame on you University of Fairfax. You're doing exactly the wrong things to appeal to your intended audience.