Why Phishing Works: Interesting paper.Abstract:To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why…. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time…. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed.Here’s an article on the paper.
Browsing Posts published in April, 2006
Introduction to Kismet (5 Apr 2006):Use this only for good.“Kismet detects the presence of wireless networks, including those with hidden SSIDs. It can discover and report the IP range used for a particular wireless network, as well as its signal and noise levels. Kismet can also capture or sniff all network management data packets for an available wireless network. You can use Kismet to locate available wireless networks, troubleshoot wireless networks, optimize signal strength for access points and clients, and detect netwoI’ve used it for years…. It gives a seasoned user the ability to see the switched fabric behind the WAP.
Connecting Two Remote Local Networks:Sometimes we need to connect two or more geographically distrubuted ethernet networks to one broadcast domain. There can be two different office networks of some company which uses smb protocol partially based on broadcast network messages. Another example of such situation is computer cafes: a couple of computer cafes can provide to users more convinient environment for playing multiplayer computer games without dedicated servers.
Web site exposes Air Force One defensesA government document containing specific information about the anti-missile defenses on Air Force One was posted on the Web site of an Air Force base.
AT&T Whistleblower Helps EFF:Insider exposes San Fran ‘Spy room’. More details on AT&T’s alleged cooperation with the NSA over at Wired, in a report containing new insider information. “AT&T provided National Security Agency eavesdroppers with full access to its customers’ phone calls, and shunted its customers’ i..
BOOT CAMP PUBLIC BETAApple’s response to the other aggressive efforts?
IRS Leaves Taxpayer Data Largely Unprotected:LogError writes “Two weeks ago, Department of Treasury received a D-minus grade in the Federal Computer Security Report Card for 2005, down from a D-plus grade in 2004. The majority of Treasury systems are those belonging to IRS. The government-wide computer-security grade for 2005 was D-plus, while Homeland Security and Defense both received an F. Grades are based on reports submitted to Congress by the agencies; the reports are required under the Federal Information Security Management Act of 2002.8 The scores are meant to reflect whether departments meet federally mandated security standards.”
Microsoft Rumored to Join OSDL: As reported on www.valleyofthegeeks.com by Nate OrenstamSources inside Microsoft have reported the company will be expanding their commitment to open source by joining the Open Source Development Lab (OSDL) next week at LinuxWorld in Boston. This appears to be part of a new strategy led by Steve “No Socks” Sinofsky, who has recently been appointed as Senior Vice President of all things Windows, taking over from long time exec Jim Alchin who was planning on retiring when Windows Vista shipped. Or perhaps even sooner, based on the fact that his desk is now in the sub-basement of Building 10 next to the vending machines. “Jim has been a team player,” Sinofsky said in an interview last week. “On the losing team, that is!” Sinofsky said that he had learned much in his career from Bill Gates when he was his technical advisor. “Let’s just say, I’ve got more than few emails and photos that could be pretty interesting to Melinda. I’m just glad Bill saw things my way on some of these, ah, technical issues.” According to insiders, Bill Gates will be working closely Linus Torvalds of the OSDL to open source the next generation of Windows Vista, previously codenamed Longwind. Microsoft employees have speculated that Vista was unlikely to ship in 2006 due to changes in the specifications. Since open source developers don’t have specifications or schedules, the idea was that further slippage would go unnoticed. “Vista could just be a set of RPMs in some further version of Linux, perhaps in late 2007 or even 2008,” commented Buzzy Berkeley from the Goiter Group, a leading market research firm and escort service. “Having cool 3D animation on the Linux desktop would be awesome.
According to the Defense Threat Reduction Agency , the dust cloud from Divine Strake, a massive conventional explosion scheduled to take place at the Nevada Test Site this summer, “may reach an altitude of 10,000 feet (3,048 meters) [but] is not expected to be visible off the Nevada Test Site.”The open-air test will ignite 700 tons of ammonium nitrate/fuel oil, good for 593 tons of high-explosives equivalent, according to the Washington Post . The Associated Press describes the test as the largest-ever open-air chemical explosion at the Nevada site – by a factor of forty. Due to the size of the blast – and its sensitive location at the home of the United States’ erstwhile nuclear test program – DTRA has taken the trouble to warn the Russians ahead of time of the upcoming test.The test’s purpose, according to Defense News, is “to examine ground shock effects on deeply buried tunnel structures.” The WaPo describes the test as “a conventional alternative” to the politically ornery Robust Nuclear Earth Penetrator, or “nuclear bunker-buster.”Here’s my $64,000 question, though: is this (700-ton!) explosive really a conventional “alternative,” or is it a stand-in being used to simulate a low-yield nuke?By the way – a “strake” is “a straightedge used for leveling a bed of sand .”
Setting up Linux compatibility on FreeBSD 6:As a FreeBSD desktop user I occasionally feel left out when it comes to the availability of applications, particularly desktop applications or binary-only browser plugins produced by commercial closed source vendors. Sometimes a good alternative lurks in the vast FreeBSD ports collection, but not always. The version available may lag a couple of revisions behind what I need, or the port might exclude my particular architecture. Fortunately, FreeBSD can run binaries and shared libraries that have been compiled for Linux and other Unix ABIs (such as SVR4 and SCO).
Gallery: 10 Best Internet Spoofs:From endangered bunnies to bonsai kittens, the web’s a great place to pull a prank. Don’t get fooled again. By Drew Curtis.
Is Linux Voice over IP Ready?:A Voice over IP primer with special attention to using it on Linux.
The potential for rich, dynamic applications that run through a browser and are hosted remotely is a key selling point for so-called Web 2.0. Now we are seeing some of the realization of that potential, and Apple looks to be positioned to effectively leverage these new applications. I offer Zimbra as a case in point. Zimbra is a company that has created a rich AJAX application allowing one to view vast amounts of disparate content easily.
Microsoft Security Flaws Create A New Market:
Switching art students to GNU/Linux:This was a new spin on things. This guy got rid of OS X and installed Linux on his art sudent’s Macs.“The students’ reactions to all this was inspiring. They felt empowered by the quality of the software and their ability to upgrade, share, and customize it freely. They also appreciated the immense array of additional GNU/Linux multimedia software available to them.
