Home page logo

nanog logo nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing
From: Jay Ashworth <jra () baylink com>
Date: Fri, 10 Feb 2012 13:59:36 -0500 (EST)

---- Original Message -----
From: "William Herrin" <bill () herrin us>

And if we could just train people to never send or accept email
attachments, we could get rid of email-spread viruses. Not gonna
happen -- the functionality is too useful.

Security isn't just about what you can train someone to do... it's
also about what you can convince them to do when you're not standing
behind them watching -- the instructions that they're willing to
internalize. You can't convince people never to click links in an
email. It's too useful.

I did admit that it was throwing the baby out with the bathwater.

Being able to drive across someone's golf course to get to work is
convenient for me as well, but I'm still forbidden to do it.  This is a
tragedy of the commons problem -- since the biggest target for zombies
on PCs is probably spambots ...

You might, however, be able to convince the average person that if a
link they clicked from an email asks for a password or asks for any
personal information then the message was probably from an
impersonator trying to steal the user's identity and they should
report it immediately lest they be victimized.

Yup.  Just like Steve just did in the posting that started this.

Y'know: the thing that only looked like a phish.

-- jr 'and don't even get me started on e-cards' a
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]