Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts

Friday, September 11, 2009

Lessons I Learned from Cyber Crime, an Article Series

I have been slow on updating this blog due to blogging on Dark Reading. I will make amends and start updating here more often. I will also start to cover my more interesting blogs on Dark Reading, here. You can also read my personal blog where I write about things I find interesting, or funny.

A few months ago I wrote a short series on some of the lessons I learned from the world of security and cyber crime. About systems and networks, people and communities, and finally, projects and making things happen, the first one begins with:
"The history of anti-spam teaches us about half-baked ideas and how people succeeded or failed to implement them. The analogy of evolution, while limited, demonstrates how reactionary solutions can achieve strategic goals before they are made obsolete by countermeasures.

How do you herd cats? In a series of blogs starting today, I'll explore the history of fighting cybercrime and how and why certain solutions worked while others failed, how we can recreate success, and what lessons we can distill to build business solutions, affect change in communities -- and even fight terrorism."
The three posts in question, are:

1. Lessons From Fighting Cybercrime
"... Criminals were forced to evolve in a desirable direction, which is a victory on its own. Evolution in capabilities occurs to circumvent security measures. By limiting the spammers' options they evolved to a technological battleground where we have more control."
2. Lessons From Fighting Cybercrime, Part 2

"... It enumerates ways by which "new" and "amazing" suggestions on solving the spam problem go wrong... If only "everyone" (or most people) used their solution or "forced users" to act counter intuitively (and similar truisms), spam would be "gone". It is well worth a read.

Trying to map how some solutions work while others can't even get off the ground and seeing how communities and social systems change is fascinating. The examples above and many other lessons of fighting cybercrime are illuminating. Especially when we consider they are mostly derived from failures of technical solutions to solve a human problem, a common design fallacy this day and age."

3. Cybercriminals: More Obvious Than They Think?
  • "...Let me pose it this way: It's a hot summer day, and you're drinking a beer at the beach. People are having fun and relaxing. Suddenly, you see a person wearing an heavy coat. Is this suspicious?"
  • "... Encryption is a great tool, but it also draws attention to you for using it. In your organization, how likely is an attacker to identify important resources just by watching for encrypted traffic? In some cases, it may be better to stay obscure, in the background as noise, than to use encryption. If the malware sample is new and therefore undetected by antivirus, then the same unfortunately applies to malware authors."
I hope you find these posts interesting. Do share your thoughts with me. Any anecdote, epiphany or even just an insight from your own experience will be appreciated.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron
Posted by at No comments:
Labels: , , , , , , , , , , ,

Sunday, October 12, 2008

Are you getting your news from spam? My mother does.

This is a story about my mother and Obama.

My mother: "Have you heard about Obama? Really impressive guy."
Me: "What about him?"
My mother: "x, y and z."
Me: "Where did you hear about this?"
My mother: "I read email too, you are not the only one who is into technology."

Luckily, my mother bases her opinion on more than just spam messages, being an educated woman. I am not sure about others.

I refused to believe this. I still do. Yet, it is true. More and more people get their news from spam, and worse--Form political opinion based on what they read in it, especially when their friends send it to them in chain letters ("hey, you have to see this!").

Be it political spam targeted to change the minds of voters, or regular malicious spam, catching eyes with political blurbs so that users will open the email messages. These messages reach people, and they read them.

I don't have exact numbers, as I am unaware of research which tried to measure it. I am however, now facing the truth. What made me wake up was my mother.

Speaking with friends, my mother is far from the only person to be influenced by such email messages, though.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron
Posted by at No comments:
Labels: , , ,

Tuesday, September 16, 2008

I should be shocked

From the nothing-is-holy and it-unfortunately-makes-sense departments.

I just received a 419 Nigerian spam attempt, but the means in which it reached me should have my blood boiling with anger.

It was sent as a comment to a eulogy I wrote in a Guestbook opened after the death of a friend.

How dare them, you ask? It only makes sense--I opened the message, didn't I?

Gadi Evron.

Follow me on twitter! http://twitter.com/gadievron
Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)