Copyright © 2009 What The Hell? Security
If you believe that Bit.ly is going to solve their shortened URL problem the way they intend to, have I got a story for you.
[Sidebar: Be aware that it's completely safe to click on the links in the previous paragraph. If you don't believe me, select View -> Source [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, phishing, security soapbox | Leave a Comment »
Copyright © 2009 What The Hell? Security
John Pescatore makes a point about warning vs. blocking bad links. But here’s the thing about links: We’re thinking about them all wrong.
Now, of course there are bad links. They end up on blacklists. Let’s pretend they’re more than marginally useful. (If you have issue with that statement, go [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
Referring to my previous post, here is the skinny on my Anti-Fraudulent Hot Dog Vendor Detector.
Well, hold on. I’m up to Version 2.0. Before I describe that, I really should explain Version 1.0. Here’s a theoretical average day in its life. Bear with me, there’s actually [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
What the hell? We have it all wrong again.
Listen up everybody. This isn’t about Facebook.
It’s like this. Consider the crime of stealing a credit card number in two scenarios, one offline and one online:
Offline
Online
Victim
Street Pedestrian
Online Pedestrian
Perpetrator
Fraudulent Hot Dog Vendor*
Fraudulent HTML Author
Scene
Street Corner
Any Website
Bait
Hot Dog
Link or Form
Innocent Act
Handing [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
There’s a really good reason that Web security is such a pain. It’s not supposed to be secure.
Sorry to break it to you, but hypertext was thirty years old before we decided to use the Web as a platform for commerce. That’s, what, three years longer than the [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
There’s a belief among CAs (ok, VeriSign) that a merchant can minimize the number of abandoned carts — presumably by promoting them to orders — by introducing trust symbols at checkout. Symbols like the EV-SSL green bar and VeriSign’s logo. Balderdash. Checkout is the last place to do it.
Literally [...]
Filed under: Uncategorized | Tagged: fraud, ssl | 1 Comment »
Copyright © 2009 What The Hell? Security
Convenient to the point I make here, the terms Moore’s Law and Hypertext were both coined in 1965.
Since then, if I’m counting correctly on fingers and toes, CPUs should have improved by roughly a factor of (2 **(((2009 – 1965)*12)/18)) = 676,414,963. The actual number doesn’t matter because I’m [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing, security soapbox | Leave a Comment »
Copyright © 2009 What The Hell? Security
Phishing is so pre-”What The Hell Security.” Here’s what post-click fraud has that phishing doesn’t.
In name:
jargon-free (sorry d00dz)
capitalizes on an understood concept (fraud)
describes its boundaries (the fraud after the click, not the fraud after the card trick)
In meaning:
encompasses all link-aware applications (office apps, browsers, music players, drawing apps, etc.)
encompasses [...]
Filed under: Uncategorized | Tagged: fraud, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
Phishing used to be a bounded phenomenon. Mirriam-Webster Online defines it as “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.“
Translation: Receive an email thick with Romanian accent; click on “Click hear” [sic]; transcribe your PayPal [...]
Filed under: Uncategorized | Tagged: fraud, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
What do you call a ubiquitous security technology that has only ever delivered on half its promise? SSL.
Don’t get me wrong. SSL has proven pretty decent at delivering transport security. For B2B applications requiring mutual authentication, that is. (Ironically, in many cases those applications use manually-exchanged self-signed certificates, [...]
Filed under: Uncategorized | Tagged: fraud, ssl | Leave a Comment »
