ISP phishing
Joel Jaeggli
joelja at darkwing.uoregon.edu
Fri Jun 24 00:01:51 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 24 Jun 2005, Gadi Evron wrote:
> Joel Jaeggli wrote:
>
> <snip>
>
>> The bigger issue is that users simply don't trust any kind of "official
>> communication" anymore and I don't see anything other than pki that
>> could actually restore that.
>
> PKI alone won't solve it, but we are not trying to "fix" phishing here
> (good thought though!). I agree.
>
> Thing is, user-trust or no user-trust, they click by the masses.
I agree, to elaborate:
For us, I see an increasing number of situations where our customers are
begining to discard messages we send them about their account because the
information we're imparting is hard to distinguish from all the other crap
that we don't manage to filter.
Claude Shannon could be invoked here. What we have is a noisy
communication channel. The phishers are counting on that because the end
users are trying to filter all this crap, and the false postive rate of
humans trying to distinguish signal from noise is non zero, so eventually
people identify the noise as signal. When the noise level gets high enough
the signal doesn't get through. There are two solutions really, increase
the volume of signal that you send, (basically send more messages) in
hopes that get through, apply forward error correction (something that
gives the messages a higher likelyhood of being interpreted as signal. If
the phishers can replicated the FEC method then the channel gets noisy
again.
> Gadi.
>
- --
- --------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQFCu0118AA1q7Z/VrIRAnGQAJ4rNpG1C+kzSDRwlrJEC+EBWemRmQCfUSjv
o467gHoKGCm0JGh0VTvbBE4=
=Rq+N
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list