Copyright © 2009 What The Hell? Security
If you believe that Bit.ly is going to solve their shortened URL problem the way they intend to, have I got a story for you.
[Sidebar: Be aware that it's completely safe to click on the links in the previous paragraph. If you don't believe me, select View -> Source [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, phishing, security soapbox | Leave a Comment »
Copyright © 2009 What The Hell? Security
John Pescatore makes a point about warning vs. blocking bad links. But here’s the thing about links: We’re thinking about them all wrong.
Now, of course there are bad links. They end up on blacklists. Let’s pretend they’re more than marginally useful. (If you have issue with that statement, go [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
What the hell? We have it all wrong again.
Listen up everybody. This isn’t about Facebook.
It’s like this. Consider the crime of stealing a credit card number in two scenarios, one offline and one online:
Offline
Online
Victim
Street Pedestrian
Online Pedestrian
Perpetrator
Fraudulent Hot Dog Vendor*
Fraudulent HTML Author
Scene
Street Corner
Any Website
Bait
Hot Dog
Link or Form
Innocent Act
Handing [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
It’s easy to jump to conclusions. I illustrated this to my youngest, who are twins, when they were five.
[Sidebar: I wanted to do this when they were four. But that being the year they learned that racehorses used to end their careers in glue bottles, I figured it was [...]
Filed under: Uncategorized | Tagged: hypertext, security humor, security soapbox | Leave a Comment »
Copyright © 2009 What The Hell? Security
There’s a really good reason that Web security is such a pain. It’s not supposed to be secure.
Sorry to break it to you, but hypertext was thirty years old before we decided to use the Web as a platform for commerce. That’s, what, three years longer than the [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
Copyright © 2009 What The Hell? Security
Assume for a moment that you are a legitimate business entity called Example.com. By legitimate I mean you have been vetted in a way that demonstrates you qualify for an Extended Validation SSL (EV-SSL) certificate, whether or not you actually own one or even want to. You [...]
Filed under: Uncategorized | Tagged: hypertext, security soapbox, ssl | Leave a Comment »
Copyright © 2009 What The Hell? Security
Q: What do phishing and drive-by malware have in common?
A: They’re both irrelevant before you click.
Simple, isn’t it? Eh, not so much.
If it were simple, there’d be an accurate way to anticipate the result of clicking. On links and “Submit” buttons I mean.
Yeah, I know what you’re gonna say. [...]
Filed under: Uncategorized | Tagged: fraud, hypertext, malware, phishing | Leave a Comment »
