Eclipse 3.0 M8 Released

Eight milestone of Eclipse 3.0 is out.  Most notable among new features and changes in this release are public API for webform-like UI and UI style changes.  I love the webform UI but I am not too fond of some of the UI changes.  It's as if Eclipse team hired a new UI designer who is trying to turn Eclipse 3.0 into a proving ground of sort, using curves where none is needed, adding color accents to icons unevenly, etc.

One skill every artist and designers must have is knowing when to stop.  What the Eclipse 3.0 team is trying to do with these frivolous UI changes amounts to putting lace on jock straps.

SpoofGuard

In Payments News, Scott Loftesness points to a Stanford research project that does what I intended to with my PhishGuard project.  Similar in both name and form, SpoofGuard is an IE-only browser plugin that helps the user against phishing attacks.  They have also made open sourced SpoofGuard so many similar plugins are likely to appear soon.

Update 1:

While SpoofGuard is interesting, it is prototype quality.  If you are interested in a commercial quality solution, be sure to check out Trust Toolbar and Verification Engine from Comodo Group.

Update 2:

Upon closer examination of SpoofGuard, I have to conclude that SpoofGuard is only a temporary solution because it was designed against common phishing practices of today which are mostly sloppy and lazy works thinly covered with cleverly crafted words.  SpoofGuard, for the most part, detects common patterns of mistakes phishers are making today.  As I am expecting the level of sophistication and diligence to rise quickly as anti-phishing technology evolves and stakes rise, I am afraid this 'guard' won't be on guard duty for long unless it evolves as well.

Emergent Conflicts

On the way home from the blogger dinner, I had an epiphany of sort about the effect of Internet on social networks.  The revealation was that, while Internet creates new relationships, it also creates new divisions.  Internet builds new bridges but those bridges are built at the individual level and not at the group level.  At the group level, walls instead of bridges are formed.

My last thoughts as I drove into my house were:

Politeness silences and rudeness divides.

Relationships bind and blind.

Conflicts unite and divide.

Sum it all up and the result is not encouraging.  I hope I am wrong.

Fractal Blogspace

Back in February, I posted about Levitated's collection of awesome paintings and mentioned that it would be cool to use my blogroll to build an Emotional Fractal.  Today, Jared at Levitated sent me exactly that and named it Fractal Blogspace.

Fractal Blogspace of Don Park

Awesome!  Thanks, Jared.  You can view it full size by clicking through.

Good Phishing Story

New York Times has a good article on the growing phishing epidemic.

On how much money phishers make:

In February, Alec Scott Papierniak, 20, a college student in Mankato, Minn., pleaded guilty to wire fraud. He had sent people e-mail messages with a small program attached that purported to be a "security update" from PayPal. The program monitored the user's activity and reported their PayPal user names and passwords back to Mr. Papierniak.

Prosecutors say that at least 150 people installed the software, enabling Mr. Papierniak to steal $35,000.

While most of those prosecuted so far for phishing have been in the United States, eBay, working with the Secret Service, has investigated a series of scams originating in Romania. More than 100 people have been arrested by Romanian authorities. One of them, Dan Marius Stefan, convicted of stealing nearly $500,000 through phishing, is now serving 30 months in a Romanian prison.

On how much it costs companies:

The financial losses of most phishing victims, particularly those subject to credit card fraud, often end up being absorbed by banks and their insurance companies.

But the costs are real."We get 20,000 phone calls every time one of those goes out, and it costs us 100 grand," said Garry Betty, EarthLink's chief executive. "I got so mad one month when we had eight attacks," he said, explaining that he is pressing his legal department to find someone important to make an example of.

100 grand for each attack and it costs nothing but an afternoon for phishers to launch a phishing attack.  If and when the spamming tide turns for the better, we'll also have a growing number of pissed off spammers with the motive and incentives to turn to phishing.  Hmm.

The combined picture is not pretty, even if the phishing attempts are not successful.  Microsoft could also face lawsuits from companies whose bottomlines are being hit by phishers and be forced to remove HTML e-mail feature out of Outlook and add anti-phishing features to IE.

More on Phishing.

Hacker? Me?

Apparently someone who read some of my posts on spoofing and phishing thought I was a hacker and referred me as one at some conference.  What a laugh.  No, I am not a hacker.  I am a consultant and security just happens to be one of many areas I specialize in.  Phishing is also interesting to me because it is also an UI problem.

I take pleasure in creating useful things, not in breaking into places or fooling people.

Fun Lunch

I had a really enjoyable lunch with Phil Stanhope who was in town for Microsoft Mobile DevCon.  He and I share a lot in common such as decades of rich experiences and our architectural visions matched like gloves.  He had also worked at Lotus around the same time I was working for them as a consultant.  Aside from all that, it's always nice to meet another old warrior for a change.