march has really not been my month. first i find out that not only have i finally had my very first malware incident but that it had also been present for nearly a year, and then i get fooled into approving a comment that is in actuality spam.
cdman83 has a writeup on the spam campaign, and gunter ollmann got the final word from sophos that it really was someone loosely associated with them (an employee of a company they hired) who was responsible and who they intend to take to task over the fiasco.
perhaps i'm losing my touch in my old age and becoming too trusting, too willing to give the benefit of the doubt. then again, if i'd had the multiple comments that gunter ollmann had i would have had a far less ambiguous dataset from which to draw conclusions from. i guess i shouldn't feel too bad about being fooled, after all i was only fooled into approving a relatively benign comment - sophos was fooled into hiring the company in question in the first place and giving them money.