Week of September 28, 2005
Last postings
Beware of rogue diallers on dial up connections
MetLife offers free ID Theft service to customers
Canadians think 'phishing' is "a cool way to refer to fishing"
Credit check agencies cry foul
"It's ok if you are a pedophile" - More bad news for parents
Can you spot a phishing email?
A UK email security company has come up with a spunky and vaguely useful PR gimmick that allows users take a test to see if they can spot a phishing email. Apparently a sizeable number of UK punters who took the test, failed miserably.
If you think you have this one beat, go on - give it a whirl.
But don't get too cocky if you pass. Remember what they say: there is a scam out there somewhere - with your name on it.
Do you want to hear bad news?
Read the results of this US survey and let us know (info@headfry.com) what you think?
Should there be laws forcing companies to tell consumers about security breaches? What do you want to know in these notices? When should they be sent?
How likely would you be to leave a company sending you such a notice?
What is pharming?
Pharming usually means a situation where bad guys collect, or harvest, as they say, hundreds of email addresses at once. The phishers often just collect data on one person at a time.
Read a good story on steps a bank in South Africa is taking to protect customers, and learn about real life phishing and pharming scams to facilitate money laundering operations.
UK users baffled by techie jargon
As I have long suspected, when security vendors try to be helpful and write jargon infested prose for home users, many people the world over haven't the faintest notion what they are on about.
An AOL survey in the UK found that many Britons do not know what phishing, trojans, or rogue diallers actually mean. The fact that techies are obsessively committed to naming strategies that consist 100% of inside geek humour does not help matters.
The survey revealed, however, that Britons are not congentially challenged dullards, but fully capable of understanding freak geek terminology - if explained in plain English.
What on earth is spear phishing?
As if we hadn't enough of the frightful jargon - here comes another classic. IBM recently (circa August 3, 2005) released a security threat analysis and report, in which they referred to a rise in highly targeted phishing attacks - now known, or so they tell us- as spear phishing.
It is unclear if IBM techies are responsible for coining the horrendous, if vaguely apt phrase (in some higher plane geek speak kind of way), or if there are other guilty parties out there.
In any event, read an article in IT Business Canada - which quotes our very own Mary- on the gnarly subject.
Spyware and Star Wars confusion in the UK
Supposedly 11 per cent of the British population think spyware is "a gadget from Star Wars", according to a survey carried out by NOP and commissioned by security company Blue Coat.
In addition, more than half of those who do not think Dart Vader is using it, were 'unaware that spyware is software on a user's computer that tracks their behaviour and reports it back to a third party'. So they are only moderately better informed than the Lucas admirers.
Where is Princess Leah when you need her?
Spousal password sharing- the root of all evil?
A slightly bizarre article in which an African executive exhorts users to be more savvy about IT security risks- and not to share passwords between spouses.
Indeed, some legislation, and/or ' Voluntary Codes' - as exist in Canada - are frequently interpreted as prohibiting password sharing between spouses.
However, without any indication of marital disharmony, i.e. "I am about to leave you, but I will clean out your account first with our shared PIN", the paranoia around spousal PIN sharing is hard to comprehend. At least on any rational basis.
It certainly does little to shore up confidence in online commerce, or security at large.
But governments have a long history of engaging in scare-mongering to keep the unruly natives under control.
It is far cheaper then orchestrating real change.
Call to Action
To all you frustrated, under appreciated security programmers and developers out there in your Dogbert infested pens, now is your chance to do something noble for mankind.
Send us your ideas for Tip of the Week and we will publish the best. It must be in language that your granny would understand and be able to follow. Assuming your granny is not an MIT graduate. |
 |
 |
We are trying to build a body of knowledge that helps the average user, as well as more sophisticated folk
who already have wads of techno babble infested sites to turn to.
We believe the average user gets little help from anyone, and we sorely need his or her co-operation to
secure cyberspace. The vendors try to communicate with them, but don’t seem to comprehend how truly
mystified the well- educated (non lunk headed) user really is. They make a lot of ill judged assumptions
about what people know, and as a result the message falls flat.
Bill Gates supposedly once said ‘ we don’t talk to end users’. Needless to say, that far sighted strategic insight has long died a death and Microsoft are positively
falling over themselves to get down and dirty with the common man, or woman, as the case may be.
So keep it simple. An ABC of ‘what to do, how to do it, or what to look out for’ is particularly useful.
Remember- you may not be appreciated in your pen, but you can be in cyberspace.
|
