Phishing Dilution

CNET reports that Cyoto is pumping bogus accounts and passwords to phishers, a technique they are calling dilution. The funny thing is that I proposed the same technique at the a APWG (Anti-Phishing Working Group) meeting almost two years ago which I called spoofback.

At the time, technology providers seem to like the idea but bankers seemed daunted by legal ramifications. Well, I am glad someone took the idea and ran with it although it took them two years to do so.

Anyway, the natural extension of the idea is to use the bogus information to catch phishers by trailing flow of bogus money, phishback of sort. IMHO, international regulations should require all financial services should support fake transactions, equivalent of marked greenbacks, to catch them them all.

Storytelling Phish

Let me tell ya about what I think phishers will do next: storytelling. By storytelling, I mean they will send out a series of messages to each target that tells a coherent, memorable, and compelling story over time.

First one might start gently, a notice of sort without any hyperlink. Next one might get more alarming like recommending that password be changed. Again, no hyperlink. With each message, a thread of conversation grows and, because each message mentions contents of previous messages, a story develops. When the phisher feels he has built up enough shared knowledge with the reader to lure him or her into complacency, the trigger is pulled.

60% of “the code” is not 60% of Vista

Just when I was getting used to not blogging, this hell storm of misunderstanding and confusion hits the fan to which I am compelled to respond. Like Dave said, you have to be clueless about programming to believe that 60% of Vista has to be rewritten. Yet David Richards, the reporter, wrote boldly in his first article:

Up to 60% of the code in the new consumer version of Microsoft new Vista operating system is set to be rewritten as the Company "scrambles" to fix internal problems a Microsoft insider has confirmed to SHN.

He is clearly saying that up to 60% of Vista code has to be rewritten. He then posted a followup report in which he wrote:

The marketing director of a key Microsoft partner has confirmed that key elements of Windows Vista are currently being re written.

Note the subtle difference here? Key elements? Where is the 60%? The Acer exec he quotes said:

The decision to delay Vista into the consumer market will have an impact on hardware sales particularly in the Media Centre market. We have been told that Microsoft has bought in programmers from the Xbox team to work on the problems. We have also been told that up to 60% of the code will have some form of re writing or changes made. We are told that Microsoft is concerned at the impact that the delay will have on hardware manufacturers. We have raised our concerns directly with Microsoft.


p dir=”ltr”>Put the bold parts together. The problems clearly refers to areas in the media centre related code, not the whole Vista. The code clearly refers to the area where the problems are. Instead of city-size crater covering millions of lines of code, we are probably talking about a handful of small craters each of which wiped out 60% of a city block. No big news there. Shit like that happens.

What I don't understand is why people are adding noise to noise and clamoring on top of clamoring. Don't we have better things to do? Is this what blogosphere has evolved into? Amplifier of irresponsible journalism?