Archive for the 'Testing' Category

May 25 2006

Quoted for an article on SearchSecurity

Published by under Apple/Mac,Blogging,CISSP/ISC2,Encryption,Firewall,General,Government,Hacking,Humor,IDS,Linux,Malware,Microsoft,PCI,Phishing, scams, etc.,Podcast,Privacy,Security Advisories,Simple Security,Site Configuration,Testing

Comments I made on my ComputerWorld blog were quoted today in an article on SearchSecurity about the Black Frog/Okopipi project.  After talking to one or two members of the project, I think I oversimplified the challenges Okopipi will be facing, but I’m still dubious abou the project.  It’s something that’s going to have to be handled with great care, and I’m not sure an open source project is the way to go.  Every unsubscribe link is going to have to be verified by a real person, not just a program, and I still see several ways spammers could turn this project to evil.  I don’t think this is reason enough not to at least try, but I don’t believe I’ll be participating in a distributed, P2P anti-spam solution any time soon.

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

May 17 2006

Blue Security closing down

Published by under Apple/Mac,Blogging,CISSP/ISC2,Encryption,Firewall,General,Government,Hacking,Humor,IDS,Linux,Malware,Microsoft,PCI,Phishing, scams, etc.,Podcast,Privacy,Security Advisories,Simple Security,Site Configuration,Testing

It looks like the spammers have won the battle against Blue Security.  The company is closing down their service, having realized that their solution to spam isn’t going to do much more than create an ever-escalating war with the spammers.  I didn’t think an active, attack-back technology like Blue Security ever had much of a chance of being effective, but I’m still a little saddened to see them have to shut down the service.  On the other hand, give it a year or two and I’m sure some other company will try almost exactly the same thing. 

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Apr 17 2006

Fighting phishing by sending false images

Published by under Apple/Mac,Blogging,CISSP/ISC2,Encryption,Firewall,General,Government,Hacking,Humor,IDS,Linux,Malware,Microsoft,PCI,Phishing, scams, etc.,Podcast,Privacy,Security Advisories,Simple Security,Site Configuration,Testing

Mikko at F-Secure had a good idea for fighting phishing.  A significant amount of phishing sites aren’t hosting the images they use, they’re directing the browser to download the real image from bank they’re imitating.  So what if the banks added some relatively simple code to instruct the web server to send a alternative image if they received a significant number of referals to the original image?  Using Mikko’s idea, the bank’s alternative image would include a stamp that would make it clear that the refering site was illegitimate and give the consumer a phone number to call.  The idea could be circumvented by smart phishers, but it would add one more hoop they’d have to jump through.  Even if it only stops the lazy phishers, that’s a couple more percentages of the total scams that wouldn’t work. 

Technorati Tags: ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

« Prev