Phishing Dilution

CNET reports that Cyoto is pumping bogus accounts and passwords to phishers, a technique they are calling dilution. The funny thing is that I proposed the same technique at the a APWG (Anti-Phishing Working Group) meeting almost two years ago which I called spoofback.

At the time, technology providers seem to like the idea but bankers seemed daunted by legal ramifications. Well, I am glad someone took the idea and ran with it although it took them two years to do so.

Anyway, the natural extension of the idea is to use the bogus information to catch phishers by trailing flow of bogus money, phishback of sort. IMHO, international regulations should require all financial services should support fake transactions, equivalent of marked greenbacks, to catch them them all.

Storytelling Phish

Let me tell ya about what I think phishers will do next: storytelling. By storytelling, I mean they will send out a series of messages to each target that tells a coherent, memorable, and compelling story over time.

First one might start gently, a notice of sort without any hyperlink. Next one might get more alarming like recommending that password be changed. Again, no hyperlink. With each message, a thread of conversation grows and, because each message mentions contents of previous messages, a story develops. When the phisher feels he has built up enough shared knowledge with the reader to lure him or her into complacency, the trigger is pulled.

60% of “the code” is not 60% of Vista

Just when I was getting used to not blogging, this hell storm of misunderstanding and confusion hits the fan to which I am compelled to respond. Like Dave said, you have to be clueless about programming to believe that 60% of Vista has to be rewritten. Yet David Richards, the reporter, wrote boldly in his first article:

Up to 60% of the code in the new consumer version of Microsoft new Vista operating system is set to be rewritten as the Company "scrambles" to fix internal problems a Microsoft insider has confirmed to SHN.

He is clearly saying that up to 60% of Vista code has to be rewritten. He then posted a followup report in which he wrote:

The marketing director of a key Microsoft partner has confirmed that key elements of Windows Vista are currently being re written.

Note the subtle difference here? Key elements? Where is the 60%? The Acer exec he quotes said:

The decision to delay Vista into the consumer market will have an impact on hardware sales particularly in the Media Centre market. We have been told that Microsoft has bought in programmers from the Xbox team to work on the problems. We have also been told that up to 60% of the code will have some form of re writing or changes made. We are told that Microsoft is concerned at the impact that the delay will have on hardware manufacturers. We have raised our concerns directly with Microsoft.

<

p dir=”ltr”>Put the bold parts together. The problems clearly refers to areas in the media centre related code, not the whole Vista. The code clearly refers to the area where the problems are. Instead of city-size crater covering millions of lines of code, we are probably talking about a handful of small craters each of which wiped out 60% of a city block. No big news there. Shit like that happens.

What I don't understand is why people are adding noise to noise and clamoring on top of clamoring. Don't we have better things to do? Is this what blogosphere has evolved into? Amplifier of irresponsible journalism?

New Golf

What I've been doing for the past 6 months in my spare time has now become a new meme: New Golf.

It doesn't matter if it is or not. What matters is that I am having fun and I know there are rich veins of ideas in there. For now, I managed to mine some good stuff that could become a keystone of the next generation group communication technologies. It's not about 3D graphics and it's not about immersion. It's not even about what WoW has but more about what it lacks.

InfoCard technical docs

Apparently I missed the release of two technical PDF docs explaining InfoCard at the XML level:

Hmm. Looks like enough is there for anyone interested in integrating InfoCard into webapps. I'll have to browse around WinFX SDK to see if I have all the bits to do the same for client-side apps.

Andy Harjanto's InfoCard development blog looks helpful too.

Layered Client Virtualization

By layered client virtualization, I mean stackable secure application containers. Each container contains one or more applications (i.e. IE or Outlook) or platform components. At each level, view 'down' defines the complete running environment. Theoretically, each browser window can be a complete PC. Even if a malware gets downloaded and executed, it is contained within the stack and so are any damages it causes. Each stack sees a controlled copy of the physical drive, changes to which is limited to the stack (if a stack deletes a file, the real file is not deleted but it is no longer visible to the stack).

Imperfect Crimes

From FAQ: When Google is not your friend

A North Carolina man was found guilty of murder in November in part because he Googled the words "neck," "snap," "break" and "hold" before his wife was killed. But those search terms were found on Robert Petrick's computer, not obtained from Google directly.

<

p dir=”ltr”>Good grief, now you can't research before committing a crime without jumping through anonymity hoops.

Teamwork in the Game World and Business World

The gamer's computers are typically more expensive than business computers these days. I am not quite sure when the switch happened but it used be the other way. Likewise, I think gamers are more efficient at working together than their business world counterparts.

In World of Warcraft, reaching level 60 seems like the finishing line until you've reached it. Not even close. A whole new world of end-game instances (dungeon of sort) opens up when you get to level 55 or so. While it is possible to become level 60 without ever grouping with other players (known as soloing), end-game instances require 5 to 40 players to work together.

What startled me the most was the huge difference quality of teamwork makes in the game world. For example, Zul'Gurub is an instance designed to be raided by a 20-man group. With solid teamwork, it can be cleared by 10 man in an hour without wiping (every man killed). With bad teamwork, full 20-man group might end up spending 10 hours in there, wiping at every boss.

A good teamwork requires many ingredients such as experience, focus, and awareness. Good tools can augment and amplify teamwork. TeamSpeak, for example, promotes focus and enhances awareness by eliminating the need to type. Best form of teamwork requires no communication at all because everyone knows what needs to be done and in what order. But often a team has to improvise. At such times the leader can bark out short abbreviated orders between mob clusters, keeping the team moving fluidly with only occasional rests. That is, if every member of the team is using TeamSpeak or another tool like it.

As a consultant, I've worked at large number of companies and witnessed wide variety and quality of teamworks. At best, I've seen plenty of bad and ugly teamworks. I've seen occational good teamwork but, all too frequently, it lasts only a short while because teamwork is often brittle to change. I've never seen the kind of teamwork in the business world that I've seen in the game world. Even worse, I've never seen in the business world the kind of effort gamers make to improve teamwork.

What I have seen glimpse of in the game world is the next generation of groupware. IMHO, the key difference between today's groupware and what I envision is the intimacy. Group members don't just separately and occasionally exchange emails and chat over IM. They are in full contact all the time and each of them are fully aware of what others are doing at all times.

Powerful and exhilarating. Perhaps, even scary.