nanog mailing list archives
Re: Dear RIPE: Please don't encourage phishing
From: William Herrin <bill () herrin us>
Date: Fri, 10 Feb 2012 13:52:45 -0500
On Fri, Feb 10, 2012 at 1:00 PM, Jay Ashworth <jra () baylink com> wrote:
From: "William Herrin" <bill () herrin us> Big problem with clickable objects which lead to PII (personally identifiable information) or passwords. That's how phishing works -- a disguised url that you either see at all or whose incorrect nature slips right past your brain. The only known working solution is to train folks to *never* click security-related URLs in email. Copy and paste only, and only if they're readable and read right.And right there, Bill, is the part we so rarely understand, and it kills us: Even lots of *technical* people just don't understand what "a security- related URL" *is*, and there's almost always no way to teach them. So it's necessary to throw the baby out with the bathwater, and tell them never to click on a link...
Hi Jay, And if we could just train people to never send or accept email attachments, we could get rid of email-spread viruses. Not gonna happen -- the functionality is too useful. Security isn't just about what you can train someone to do... it's also about what you can convince them to do when you're not standing behind them watching -- the instructions that they're willing to internalize. You can't convince people never to click links in an email. It's too useful. You might, however, be able to convince the average person that if a link they clicked from an email asks for a password or asks for any personal information then the message was probably from an impersonator trying to steal the user's identity and they should report it immediately lest they be victimized. Regards, Bill -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Dear RIPE: Please don't encourage phishing, (continued)
- Re: Dear RIPE: Please don't encourage phishing -Hammer- (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Rich Kulawiec (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jeff Kell (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Måns Nilsson (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing William Herrin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing William Herrin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing JC Dill (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Landon Stewart (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 10)