Message-ID: <2u56c1F27ao4cU1@uni-berlin.de>
From: "Lambchop" <holy_saiyan1@_(REMOVETHIS)_hotmail.com>

I went to what Google said was the "SETI Institute" website, and found out
some things that raised a few eyebrows.

Contrast these with the stories on the official SETI@Home website and you'll
see why this seeemed odd.

You seem to be under the classic misapprehension that there is an
organisation called SETI.  There isn't.  There are many organisations
that do SETI.  One of them is the Space Sciences Lab at the University
of California at Berkeley.  Amongst the SETI projects that they run
are SERENDIP, which is an untargetted search using spare resources
at Arecibo, and SETI@Home, which uses some of the data from SERENDIP.
They do other space science research.  They have web sites at 
seti.ssl.berkeley.edu and ssl.berkeley.edu, that cover wider aspects
of their work.

There is also the SETI Institute, which, amongst other things runs
project Phoenix, which is a targetted search that, until this year,
was allocated a few days of time at Arecibo each year as primary 
project at Arecibo (this was part of an arrangement that was made
when Arecibo was upgraded, but has now expired).  They also fund
projects in bioastronomy.  They are a not-for-profit private 
corporation, getting most of their funding from rich industrialists,
e.g. from Microsoft's Allen for their new, full time, SETI radio
telescope.

The SETI Institute generally has much better PR than Berkeley, and
has had cameo roles in various science fiction films.  It is strongly
rumoured that Elly in Carl Sagan's Contact book and movie is modelled
after one of their senior people.  Currently, on the more hard
science newsgroup, sci.astro.seti, one of their people is providing
some of the technical input, whereas none of Berkeley's are, these
days.

2) When investigating the "Join TeamSETI" page, trusty Mozilla Firefox
warned me that the site I was being redirected to a site that had a security
certificate registered not to www.seti.org but to www.kintera.com, which is
owned by Kintera, Inc. This is on Kintera's website.

That's sloppy and makes the certificate no more valuable than if they
had self signed it themselves (i.e. good for encryption but
useless for authentication).

However, many small enterprises will end up giving you certificates
that are owned by companies like Worldpay (who are well known and
can, presumably, be assuumed to authenticate their customers as well
as people like Verisign) and other organisations (e.g. their ISPs)
that I've never heard about.  Usually, in these cases they either hide
this fact by using frames in a way that makes the average user fail to
realise the chain of trust has been broken, or rely on the average SSL
user never realising that there was a chain of trust in the first place,
and not questioning that the address bar no longer matches the company.

I even have an issue with a UK internet bank in that their SSL site's
is very different from their main site name and, although it contains
part of their trading name, is not clearly related, unless you diagnose
the certificate to find the subject.

Generally, the general public and most enterprises don't really understand
how SSL certicates provide security; they confuse authentication and
encryption.

"Kintera is dedicated to helping nonprofit organizations fulfill their
mission by providing Knowledge Interaction technology to build vibrant
communities of supporters, beneficiaries and staff. By sharing a set of

Marketing babble, but basically, from this statement, they seem to be
an organisation that provides non-core services to non-profits.  However,
unless the certificate subject turns out to be the SETI Institute, 
you cannot be sure that you haven't been DNS hijacked to their site,
so maybe you should inform the SETI Institute of a possible security
compromise and refrain from paying through that channel.

Also, membership in "TeamSETI" ranges anywhere from $250-$5,000, depending

I'm not aware of the mailings you refer to.

on the level of membership that you want.  Why would the Search For
Exterrestrial Intelligence program offer discounts on educational materials
and "official" club cards?

Except that there is no such organisation, it is very common for 
non-profits to do that.  They have to use marketing tactics to maximise
their revenue to provide the services or do the research.
That's why you get the screen saver animations in SETI@Home.

I'm not saying that www.seti.org is a fraud, but it does seem suspicious.

www.seti.org and the SETI Institute are very legitimate.

Also, I doubt that if SETI wished to mail us about becoming paying members,
it would be mailed as bulk.

Anything like that that Berkeley sends would be sent bulk, as they don't
have the resources to do otherwise.   The SETI Institute wouldn't have
your address on the basis of S@H participation.