I can't begin to tell you...
...what fun responding to this one has been. The well-known mail filtering service that, when I pulled them to see when they'd be adding detections, seeing as 11/14 test mails using variants (available at http://mailsploit.com), responded with a ouzzled-sounding request for samples... First line eventually responded that he'd be escalating it to "security engineers".
These days, there seem to be quite a lot of young, startuppy firms who, despite pedalling some sort of of buzzword laden hipster magnet nonsense (that The Business insists it needs to use), really do seem to properly Get It about security. They respond quickly to news about vulnerabilities, researches mailing security@bizzystartup.com get a reply from someone with clue within an hour or two, they have immediate answers to questions about their security practices. When they inevitably suffer some kind of incident, hey go public very quickly and share info openly and transparently as possible. They give researchers public credit. They have people's they spend money,.. they are, in short, everything my employer is not.
And yet my employer is knocking on the door of a billion (sterling) profit a year, and startups that get it are acquired by clueless multinationals or bought out to be shut down.
The wheels grind slowly, slowly. I hope they do grind small, even if I don't live to see the day. The karma is in the post - right, kids?
Right?
Mine's a double....