When Security is Bad for Security

Posted on Tuesday September 21 2010 by hell if i know

Copyright © What The Hell? Security There are 3 kinds of security in business:  Good security, acceptable security and bad security. Good security is the kind that works for the business and for the people who work in it.  It aligns with universally known objectives, and is communicated in a way that motivates people to [...]

Filed under: fraud, security, security sense, security soapbox | Leave a Comment »

VeriSign Says “What The Hell? Security” Blogger Was Right

Posted on Tuesday June 8 2010 by hell if i know

Copyright © What The Hell? Security MOUNTING VIEW, June 7, 2010 — VeriSign today acknowledged that the real reason it sold its Authentication Services business to Symantec is that it felt remorse over its SSL bribing business model after reading a post at What The Hell? Security. “Once that What The Hell? Security guy exposed us, we knew [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | Leave a Comment »

Phishing: Full or Responsible Disclosure?

Posted on Sunday May 16 2010 by hell if i know

Copyright © What The Hell? Security I’m on the horns of a dilemma. I’ve come up with a few phishing use cases not yet witnessed in the wild. Should I exercise full disclosure or responsible disclosure? That’s a completely nonsensical question of course. Who the hell would I report it to? Onguard Online? Phishtank? APWG?  [...]

Filed under: fraud, phishing, security | Leave a Comment »

Fishing for Red Herring Phishing Solutions

Posted on Tuesday April 13 2010 by hell if i know

We interrupt The 9 Laws of Phishing to bring you two important questions sponsored by the Incorrectly-Thinks-Email-Is-Broken Coalition, newly joined by eCert. Question 1: What is the most dangerous sport? Boxing?  Sky diving?  Running with the bulls in Pamplona? Answer: Whatever you said, you weren’t even close.  It’s fishing.  No kidding.  Fishers experience more per [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | 2 Comments »

Bit.ly Fantasizes of Combating Twitter Scams

Posted on Tuesday December 8 2009 by hell if i know

Copyright © 2009 What The Hell? Security If you believe that Bit.ly is going to solve their shortened URL problem the way they intend to, have I got a story for you. [Sidebar:  Be aware that it's completely safe to click on the links in the previous paragraph.  If you don't believe me, select View [...]

Filed under: fraud, hypertext, phishing, security, security soapbox | Leave a Comment »

Blocking Dirty Bits Not As Good As Identifying Good Bits

Posted on Thursday December 3 2009 by hell if i know

Copyright © 2009 What The Hell? Security John Pescatore makes a point about warning vs. blocking bad links.  But here’s the thing about links:  We’re thinking about them all wrong. Now, of course there are bad links.  They end up on blacklists.  Let’s pretend they’re more than marginally useful.  (If you have issue with that [...]

Filed under: fraud, hypertext, phishing, security | Leave a Comment »

Next Page »
Follow

Get every new post delivered to your Inbox.