The 9 Laws of Phishing (Part 3)

Posted on Sunday June 27 2010 by hell if i know

Copyright © What The Hell? Security [ Part 1 | Part 2 | Part 3 ] (continued ) The 9 Laws tell us quite a bit about designing a viable platform solution.  Let’s step through them again, sketching as we go. Law 1:  Phishing Is About Commerce Web 1.0 was all about commerce.  Only we [...]

Filed under: certificate authorities, hypertext, malware, phishing, security, security sense | Leave a Comment »

VeriSign Says “What The Hell? Security” Blogger Was Right

Posted on Tuesday June 8 2010 by hell if i know

Copyright © What The Hell? Security MOUNTING VIEW, June 7, 2010 — VeriSign today acknowledged that the real reason it sold its Authentication Services business to Symantec is that it felt remorse over its SSL bribing business model after reading a post at What The Hell? Security. “Once that What The Hell? Security guy exposed us, we knew [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | Leave a Comment »

Phishing: Full or Responsible Disclosure?

Posted on Sunday May 16 2010 by hell if i know

Copyright © What The Hell? Security I’m on the horns of a dilemma. I’ve come up with a few phishing use cases not yet witnessed in the wild. Should I exercise full disclosure or responsible disclosure? That’s a completely nonsensical question of course. Who the hell would I report it to? Onguard Online? Phishtank? APWG?  [...]

Filed under: fraud, phishing, security | Leave a Comment »

The 9 Laws of Phishing (Part 2)

Posted on Wednesday April 28 2010 by hell if i know

Copyright © What The Hell? Security [ Part 1 | Part 2 | Part 3 ] (continued) Picking up at Law 9 of my 9 Laws of Phishing manifesto: 9. The solution is a platform. So why a platform?  Because the phishing problem itself spans a number of platforms:  devices, operating systems, and applications to name [...]

Filed under: certificate authorities, hypertext, phishing, security, security soapbox, ssl | Leave a Comment »

Fishing for Red Herring Phishing Solutions

Posted on Tuesday April 13 2010 by hell if i know

We interrupt The 9 Laws of Phishing to bring you two important questions sponsored by the Incorrectly-Thinks-Email-Is-Broken Coalition, newly joined by eCert. Question 1: What is the most dangerous sport? Boxing?  Sky diving?  Running with the bulls in Pamplona? Answer: Whatever you said, you weren’t even close.  It’s fishing.  No kidding.  Fishers experience more per [...]

Filed under: certificate authorities, fraud, phishing, security, ssl | 2 Comments »

The 9 Laws of Phishing

Posted on Monday April 5 2010 by hell if i know

Copyright © What The Hell? Security [ Part 1 | Part 2 | Part 3 ] What the hell is it about phishing that makes it seem so intractable? First off, let’s talk intractable.  An uncontrollable or incurable problem. Computational complexity theory adds a convenient twist: A problem that can be solved, only not fast enough [...]

Filed under: certificate authorities, hypertext, phishing, security, security soapbox, ssl | Leave a Comment »

Next Page »
Follow

Get every new post delivered to your Inbox.