Slashdot Mirror
Dealing with Phishing
Apu writes "SecurityFocus has published an interesting interview with Rachna Dhamija, co-author of the paper 'Why Phishing Works' and creator of Dynamic Security Skins (a plugin for Mozilla).
She presented some very interesting results from her research efforts, for example 'simply showing a user's history information ("you've been to this website many times" or "you've never submitted this form before") can significantly increase a user's ability to detect a spoofed website and reduce their vulnerability to phishing attacks.' She also suggested to 'make it easy for users to personalize their interfaces. Look at how popular screensavers, ringtones, and application skins are — users clearly enjoy the ability to personalize their interfaces. We can take advantage of this fact to build spoof resistant interfaces.'"
I can agree that while something like this could help those who are not knowledgable about such things in the digital world, I wonder if perhaps we should be taking steps back to make sure people actually stay informed of such dangers.
For example, I'm creating the front-end for an application and one of the requests was that we build in such things as making sure "male connectors" on parts don't get matched up with other "male connectors", since logically only "female connectors" should work anyway. Now its no real sweat off my back, but it made me think where is the line between common sense and ignorance?
(Of course, no one will ever be able to get anything done, but the geek factor would be impressive if you could actually make a 'musical protocols' plan work...)
Quo usque tandem abutere, Nimbus, patientia nostra?
From your f****** MSFT link above...
... ... "What are you trying to do?" ... ... ... "We appreciate your feedback."
Was this information helpful? Yes, No, I don't know
I clicked on "I don't know"
and it asked me
and I entered "I don't know"
and it responded
Thank you Microsoft.
Can I pay you to never say that word again?
Well, I guess we know what's in your wallet.
Me too, and not just English spam... I get it in Spanish, Japanese, and Chinese. Sometimes, they come with nice pictures. One of the Chinese ones was for a $400, 6" long dildo...
At least thats what I think it was. It looked like a dildo, and it said 6" and $400.
I also get lots of 419s, but never any from Nigeria.
Why does this remind me of FaceXpaces?
Ignore this signature. By order.
I swear that some marketing departments get their e-mail designs from looking at spam. I've have seen some legit corporate e-mails that look so close to previous phishing spam that you would think that they did it on purpose.
The only explanation that I can think of is that they see the phishing spam e-mail, think that it's from their own company, and then design new e-mails to look the same.
Doubt it? We're talking about the marketing department....
if bogus userids and passwords were entered into the bogus phishing portal, then the cost of doing business for the phishers would get very high.
;)
I like it. Maybe another little button like "mark as spam", but in this case it's "mark as phish". When you click "mark as phish" your e-mail plugin does the following:
1) Grabs the source for that page that is linked in the Phishing e-mail
2) Skims the HTML for input fields, generating junk data based on some simple algorithm
3) Submits/Posts the junk data to the address given in the HTML form.
Maybe while we're at it someone can create an "Eliza" like program that would be triggered with a "mark as 419 scam" that would maintain a threaded e-mail discussion with the scammer for weeks. This would keep them busy and prevent them from preying on all the low hanging fruit on the internet. Eat your heart out Turing!
Urge to post... fading... fading... RISING!... fading... fading... gone.
This story is useless without pics.