[fc-discuss] Financial Cryptography Update: The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you

iang@iang.org iang@iang.org
Wed, 3 Aug 2005 19:44:38 +0100 (BST)


 Financial Cryptography Update: The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you 

                            August 03, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000526.html



------------------------------------------------------------------------

Dramatic increase in threats to IM (instant messaging or chat) seen as
the IMLogic Threat Center reports a 28 times increase over the last
year.

http://www.hackinthebox.org/modules.php?op=modload&name=News&file=artic
le&sid=17628

Right on cue.  A new tool to download for your browser shows that
independent researchers at Stanford know where to put the protection: 
Spoofguard detects and warns against phishing, and PwdHash augments the
password calculation to make each transmitted password site-dependent.

http://crypto.stanford.edu/PwdHash/
http://www.messagingpipeline.com/showArticle.jhtml?articleID=166404126

Good stuff guys!  We need to induct you into the anti-fraud coffee room
before you get swallowed up by the anti-borg of secret committees in
smoke-filled rooms.

And in Korea is looking to legalise class-action suits in cases where
small losses make it uneconomic for victims to punish negligent
providers.

http://times.hankooki.com/lpage/biz/200507/kt2005073119461711870.htm

Much as I wonder if class action suits aren't a net loss to society and
shouldn't be treated within the threat model rather than the security
model, they do seem to be the only non-technical defence that suppliers
will listen to.  Such suits and others by regulatores are filed against
data providers (and losers), banks and Microsoft on various causes. 
Nobody has yet pinned one directly on phishing, but I give it a better
than evens chance that it will be tried on the banks, and then on the
software suppliers.

http://www.digitaltransactions.net/newsstory.cfm?newsid=669

Although it is hard to decipher, a new report from IBM reports that
spam is down from 83% of all email to 67% in June.  That's the "good
news."	The bad news is that it's almost certainly because phishing and
viruses have skyrocketed even this year, with IBM reporting that
phishing has now reached around 20% and viruses around 4% of all email.
 The article is ridiculously muddled in its use of numbers, but I make
that around a 91% garbage rate in email.

This to my mind confirms predictions made here that phishing is still
the #1 threat to email (by value!) and browsing and Internet commerce; 
viruses are now economically being driven by phishing;	and email is
dying under the one-two punch of spam and phishing.

Is phishing and related fraud becoming the #1 threat to the net, or is
it already there?

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/