10 of the top-50 research universities give proofpoint CEO Gary Steele … the cone of shame.

 Of the top 50 research universities in the United States (see the rankings here), 20% of them count on proofpoint for protection against email impersonation and phishing attacks. And all 20% of them, that's 10 for you arithmetic-challenged CISOs, have their DMARC enforcement turned off (ie: "p=none"). Which means anybody can pretend to be from these institutions and send email accordingly.

Also joining these esteemed research institutions in giving proofpoint this un-coveted award are the states of Kentucky, New Jersey and Louisiana (read the rankings here). Their state election systems are also protected by proofpoint, who also have their DMARC enforcement turned off (ie; "p=none"). Which means the Russians (or any other malicious state player) can easily phish their election systems to the detriment of actual voters.

Not to mention the gigantic Anthem heist by a newly indicted Chinese pair (see the story here). Yep.  Proofpoint DMARC enforcement set at "p=none" allowed the crooks to use "spear-phishing operations to gain access to PCs on the target networks. This would cost Anthem "$217 million in 2017" in the largest ever data loss settlement at the time. Can you say "Dunce!"

Finally, piling onto the proofpoint dis-commencement address are two of the top-10 Silicon Valley law firms (read the rankings here). Yep. DMARC enforcement is turned off. Which means skulkers can troll for pre-public M&A activities and profit from insider trading. Now you ought to be most concerned about these guys, Gary, because they could sue your sorry butt right back to the stone ages. And name your Washington State University computer science teachers in the suit, just to punish them for not taking better care of the technology gene pool.

Mad Max

#proofpoint #dmarc #phishing #researchuniversities #voterfraud #techlawfirms #garysteele


Popular Posts