ISP phishing

Joel Jaeggli joelja at darkwing.uoregon.edu
Fri Jun 24 00:01:51 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 24 Jun 2005, Gadi Evron wrote:

> Joel Jaeggli wrote:
>
> <snip>
>
>> The bigger issue is that users simply don't trust any kind of "official
>> communication" anymore and I don't see anything other than pki that
>> could actually restore that.
>
> PKI alone won't solve it, but we are not trying to "fix" phishing here
> (good thought though!). I agree.
>
> Thing is, user-trust or no user-trust, they click by the masses.

I agree, to elaborate:

For us, I see an increasing number of situations where our customers are 
begining to discard messages we send them about their account because the 
information we're imparting is hard to distinguish from all the other crap 
that we don't manage to filter.

Claude Shannon could be invoked here. What we have is a noisy 
communication channel. The phishers are counting on that because the end 
users are trying to filter all this crap, and the false postive rate of 
humans trying to distinguish signal from noise is non zero, so eventually 
people identify the noise as signal. When the noise level gets high enough 
the signal doesn't get through. There are two solutions really, increase 
the volume of signal that you send, (basically send more messages) in 
hopes that get through, apply forward error correction (something that 
gives the messages a higher likelyhood of being interpreted as signal. If 
the phishers can replicated the FEC method then the channel gets noisy 
again.

  > 	Gadi.
>

- -- 
- --------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja at darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFCu0118AA1q7Z/VrIRAnGQAJ4rNpG1C+kzSDRwlrJEC+EBWemRmQCfUSjv
o467gHoKGCm0JGh0VTvbBE4=
=Rq+N
-----END PGP SIGNATURE-----



More information about the NANOG mailing list