[Cryptography] phishing attack again - $300m in losses?
Steve Furlong
demonfighter at gmail.com
Mon Feb 16 11:36:03 EST 2015
On Sun, Feb 15, 2015 at 9:35 PM, Christian Huitema <huitema at huitema.net>
wrote:
>
> On Sunday, February 15, 2015 6:45 AM, ianG wrote:
> > It is clearly the fault of the browser [1]. All the finger pointing --
> > user responsibility for social engineering, mailer, standards -- is just
> > that, finger pointing in ways to move the angst away from the mind of
> > the owners of the browser projects. The successful strategy for doing
> > nothing has been a mix of "It's not our fault" and "we're working in XYZ
> > cartel..."
>
> The usual finger points "between the keyboard and the chair." But
obviously
> this is not sufficient.
Agreed. Any plan which relies on "if only everyone would behave
responsibly" is doomed to failure.* This problem will have to be solved
with technology, not laws or education. I, too, fail to see any way to make
this happen. Making phish-proof tools available hasn't worked.
I'd guess that getting rid of the tight integration between MS Windows, IE,
and MS Office would solve most of the problem, but I don't see that
happening -- it's too conveeeeenient for the users. A big corporation
losing big bucks might lead to a policy of firing anyone who falls for a
phishing attack. Ian's mention of a government being nailed because an
employee fell for one might do the trick.
Conceivably, an artificial intelligence sitting between the user and the
links he clicks would do it. I'm not confident of this. The providers of
the back-end processing for such AIs as we have now do not seem to be any
more secure than any other business.
Probably we're going to have to accept the current state of affairs as
"normal". At least until some game changer comes along, probably something
that isn't even intended to fix this problem.
* Now, if you want to talk about improving humanity, preferably by getting
rid of the stupidest 90% of the species, that's another matter...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150216/d6a2c920/attachment.html>
More information about the cryptography
mailing list