Copyright © 2009 What The Hell? Security
What does SSL stand for? H-Y-P-N-O-T-I-S-M.
No, really. Give me the first answer that comes to your mind. Don’t filter it. Why do you purchase SSL certificates for your site?
You answered something having to do with security, right? You are so not right. What you’re doing is buying [...]
Filed under: Uncategorized | Tagged: security soapbox, ssl | Leave a Comment »
Copyright © 2009 What The Hell? Security
Assume for a moment that you are a legitimate business entity called Example.com. By legitimate I mean you have been vetted in a way that demonstrates you qualify for an Extended Validation SSL (EV-SSL) certificate, whether or not you actually own one or even want to. You [...]
Filed under: Uncategorized | Tagged: hypertext, security soapbox, ssl | Leave a Comment »
Copyright © 2009 What The Hell? Security
Convenient to the point I make here, the terms Moore’s Law and Hypertext were both coined in 1965.
Since then, if I’m counting correctly on fingers and toes, CPUs should have improved by roughly a factor of (2 **(((2009 – 1965)*12)/18)) = 676,414,963. The actual number doesn’t matter because I’m [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing, security soapbox | Leave a Comment »
Copyright © 2009 What The Hell? Security
Phishing is so pre-”What The Hell Security.” Here’s what post-click fraud has that phishing doesn’t.
In name:
jargon-free (sorry d00dz)
capitalizes on an understood concept (fraud)
describes its boundaries (the fraud after the click, not the fraud after the card trick)
In meaning:
encompasses all link-aware applications (office apps, browsers, music players, drawing apps, etc.)
encompasses [...]
Filed under: Uncategorized | Tagged: fraud, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
Phishing used to be a bounded phenomenon. Mirriam-Webster Online defines it as “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.“
Translation: Receive an email thick with Romanian accent; click on “Click hear” [sic]; transcribe your PayPal [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
What do you call a ubiquitous security technology that has only ever delivered on half its promise? SSL.
Don’t get me wrong. SSL has proven pretty decent at delivering transport security. For B2B applications requiring mutual authentication, that is. (Ironically, in many cases those applications use manually-exchanged self-signed certificates, [...]
Filed under: Uncategorized | Tagged: fraud, ssl | Leave a Comment »
Blogger’s Notice: The following material was plagiarized from a movie script to make the blogger’s point for him. Any resemblance to named companies and technologies is definitely intentional. No animals were harmed in the cutting-and-pasting of this satire.
General Verisign: You want informed browsing?
Cruisin’ Consumer: I think I’m entitled to it.
General Verisign: You want Base64 [...]
Filed under: Uncategorized | Tagged: phishing, security humor, ssl | Leave a Comment »
Copyright © 2009 What The Hell? Security
Q: What do phishing and drive-by malware have in common?
A: They’re both irrelevant before you click.
Simple, isn’t it? Eh, not so much.
If it were simple, there’d be an accurate way to anticipate the result of clicking. On links and “Submit” buttons I mean.
Yeah, I know what you’re gonna say. [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
Not sure about you, but I’m heartened by the fact that phishing and drive-by malware are working so well today. It means the Web is in tip-top shape.
Think about it. A Web that doesn’t display persuasive content, or execute retrieved code, would be irrelevant to [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
This much is hardly news, but six months ago two Microsoft researchers published a paper titled A Profitless Endeavor: Phishing as Tragedy of the
Commons. It presents a provocative case that the aggregate financial impact of phishing is on the order of 1/50th that suggested by surveys of U.S. online [...]
Filed under: Uncategorized | Tagged: phishing | Leave a Comment »
