nanog mailing list archives
Re: ISP phishing
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Thu, 23 Jun 2005 17:01:51 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jun 2005, Gadi Evron wrote:
Joel Jaeggli wrote: <snip>The bigger issue is that users simply don't trust any kind of "official communication" anymore and I don't see anything other than pki that could actually restore that.PKI alone won't solve it, but we are not trying to "fix" phishing here (good thought though!). I agree. Thing is, user-trust or no user-trust, they click by the masses.
I agree, to elaborate:For us, I see an increasing number of situations where our customers are begining to discard messages we send them about their account because the information we're imparting is hard to distinguish from all the other crap that we don't manage to filter.
Claude Shannon could be invoked here. What we have is a noisy communication channel. The phishers are counting on that because the end users are trying to filter all this crap, and the false postive rate of humans trying to distinguish signal from noise is non zero, so eventually people identify the noise as signal. When the noise level gets high enough the signal doesn't get through. There are two solutions really, increase the volume of signal that you send, (basically send more messages) in hopes that get through, apply forward error correction (something that gives the messages a higher likelyhood of being interpreted as signal. If the phishers can replicated the FEC method then the channel gets noisy again.
> Gadi.
- -- - --------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja () darkwing uoregon edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFCu0118AA1q7Z/VrIRAnGQAJ4rNpG1C+kzSDRwlrJEC+EBWemRmQCfUSjv o467gHoKGCm0JGh0VTvbBE4= =Rq+N -----END PGP SIGNATURE-----
Current thread:
- ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Valdis . Kletnieks (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 24)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Mark Tombaugh (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)
- Re: ISP phishing Paul Wouters (Jun 28)
- Re: ISP phishing Robert Boyle (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)
- Re: ISP phishing Tony Finch (Jun 29)
- Re: ISP phishing Mike Leber (Jun 29)
- Re: ISP phishing Suresh Ramasubramanian (Jun 29)