Tuesday, April 26, 2005


The phishers made news at slashdot!"

Monday, April 25, 2005

phishing at IU

Recently, a group of researchers at IU did a phishing experiment to see how many people would fall victim to a clever FaceBook scheme.

Lots of people got mad.

Get over it people, no harm was done. Waste your riotous energy on stoping the Phishers that present real harm -- the PayPal and eBay phishing schemes.

gmail phishing tactics

Apparently gmail helps prevent phishing attacks by putting an obnoxious notification on suspect emails ... and also removing clickable hyperlinks! This is cool, I must find more info about this, though their tactics are probably secret on purpose.

Also, it's good to see that along with spam headers on emails, there's also a new Received-SPF header.

(Link) Thanks, JD.

Wednesday, April 20, 2005

discover sells phone numbers

For the last few days, once a day, some "unknown caller" has tried to reach me on my cell phone. I answered it tonight, and was asked if I wanted to take a survey. I said I would if they told me how they got the number... "Discover Card provided us with a list." I asked if they were aware it was a cell phone and they were spending my money as we spoke, and the guy on the other end kindly told me he'd remove me from their list ... and then hung up.

Could I have my ten cents to be reimbursed for the call?

Nah, it's not really necessary, but ANNOYING nonetheless. I believe a nastygram is in DiscoverCard's future.

the talk

I gave a lecture at the University of Minnesota on the 15th, and it was loads of fun. I was relatively surprised, though, that none of the faculty showed up for the talk -- if not only to heckle me. I talked about visualizing secure protocols... including a private polling method known as Randomized Response Technique (for the mathy people). This is kind of cool, being invited and all, I feel important.

Thanks to all those involved for throwing a plane ticket and free meals my way. It was a blast.

BTW, slides are available on my website.

Now to get off my high horse, I must add that my interest in the spoken area (privacy & crypto protocols) keeps growing, and I hope to submerge myself fully next year. I had planned to find a dissertation area this year, but yeah... that didn't work. We'll see how deep in it I can go next year.

reeses paper cups

I opened up a Reese's Peanut Butter Cup today (mmm) and it was triple-cupped. That is, it had three of those paper things holding the yummy chocolate and peanut phlegm together. Do I win a trip to the factory?

Monday, April 18, 2005

what could it have BEen?

Browsing the web tonight I found a couple of things from my past:

CyberDog! Any mac enthusiasts out there remember OpenTransport and all the magic-box component-architecture network goodies that Apple was pushing back in the day? I never fully understood what they did, but as I look back on them now they seemed to make sense.

That got me browsing. What ever happened to Copland? That was Apple's "revolutionary" new operating system that stopped revolving into Be around about '96, bit the dirt, and was ousted just before Jobs came back. I was a bit sad to see it go (and the genuine pure Gershwinesque Rhapsody too) but both technologies would have dragged Apple into the pit of dispair.

I kind of wonder what would have happened if Apple had gone the BeOS way instead of the NeXT way (notice the shady capitalization on both names? hm....) Would Apple still be around? Would I be typing this on a spiffy 12" PowerBook right now? Would my OS be a billion times faster (like Be) but still stable as hell (Be + OS X)?

Monday, April 11, 2005


Today I stumbled across a couple of quotes from a talk I saw on March 10. Simson Garfinkel provided some insight to usable security.

"We can never make a system completely secure... but we can make the attacks more expensive and more difficult."

How true, isn't that the whole idea behind computer security? An arms race?

He went on to explain that all of computer security boils down to secure, authentic messaging.

He concluded his talk about digital signatures (specifically a usability study he did with email) by mentioning that people should sign mail. The general paradigm about signing mail is successful with a decent interface, even if people are not "cryptographically aware." Unfortunately, digital signatures are not an effective countermeasure for phishing.

He also concluded that people who use webmail or other web applications will have trouble switching to an interface that is event driven -- or vice versa. This creates a dilemma in the design circuit. Do we design apps for web application users or for classic window-based GUI users?

Interesting thoughts.

Wednesday, April 06, 2005


Wow. "New dual-core Pentium thrashes through speed tests." Is this good? This headline makes all the OS nerds out there cringe -- thrashing is a BAD thing, not a good thing. Anyway, do this: put a mental image into your head of an intel exec thrashing.



Monday, April 04, 2005


Paper reviewers: 2
Sid: 0