Gone counter-phishing

Regarding Robert McMillan’s column, “‘Rock Phish’ blamed for surge in phishing” and Michael Osterman’s column, “Next up: spoofed voicemails?”: It struck me that phishing countermeasures generally consist of attempting to prevent phishing by being aware of its format and then preventing it from entering a system.

While this may be part of the solution, both columns pointed me to another solution: counter-phishing. Counter-phishing would use fake addresses (e-mail and other), fake bank accounts, fake credit cards, fake social security numbers, etc. After all, those phishing want that information to sell to others who will use the information for identity theft and actual theft via the accounts or the fake identity or they will do this themselves.

Imagine you are the criminal element that paid real money for a few hundred accounts/identities/etc. and only later found out most of them are not real or at least not what they seemed to be in the first place. Imagine further there are monitors on all of these phish accounts, social security numbers, etc. and any activity would put the police on their trail. Depending on what the police are counter-phishing for, they can add money to an account, permit limited use of a charge card, etc. to further pull the criminal into their various traps. Imagine hundreds or thousands (hundreds of thousands even or maybe even millions) of counter-phish e-mails, Social Security numbers, bank accounts... and imagine the buyer of the information will be going back to his supplier for a “refund.” It would be hilarious!

The best part is the shoe would be on the other foot, as the phishers now would have to come up with scheme after scheme to avoid the counter-phish information. Of course, eventually they will come up with a counter-counter measure and the white hats would then have to come up with counter-counter-counter measures.

Riley Driver
Wright Patterson AFB, OH

Missing from the list

Regarding “The 50 most powerful people”: It’s curious that no IETF Working Group chair appears on your list. After all, the Internet is developed inside IETF, and VoIP, SIP and IPv6 were made by IETF.

Franck Martin
Vice chairman, Pacific Islands Chapter of the Internet Society
and Internet Society Trustee
Suva, Fiji

Outrage lives

Regarding Mark Gibbs’ BackSpin column, “2007: The Year of Being Outraged?”: I too sometimes wonder where the outrage is. Often I think we just get tired of the fight. It seems that every week there is someone new stealing from us, or creating situations that physically or financially harm us. I could write a letter every day to complain about some situation, but I do not have time for that.

I did, however, complain to Sony. I am so ticked off about the rootkit fiasco that I have decided not to purchase any product that I can trace back to Sony, if there is any way that I can buy it from another company. Will my single effort help to change the world? Probably not, but I have to do what I can.

Michael Q. Adams
Irving, Texas

Yes, I am outraged. I am also outraged that my biggest problems are spam and spyware, and no one seems to be doing much about either of them. Spam and spyware are costing businesses billions (note that you pay for this in higher prices) and that doesn't include the loss in worker productivity. Also note that realized bandwidth would double if all this traffic were erased. Don't tell me nothing can be done about it. I'm outraged that Congress approved spending millions on a bridge in Alaska that no one wants and doesn't go anywhere, and has not yet established a CIA- or FBI-type agency specifically to go after the spam and spyware attackers. Now besides being outraged, tell us what we can do about it. Jack Miller Mentor, Ohio My outrage has mellowed into cold, calculated risk management. Sony is permanently off my list of vendors for any product, for any purpose, because I cannot trust that they aren't (or won't in the future) pull the same thing again. In fact, I assume they are just devoting more effort to making their anti-whatever tools harder to detect. The consequences to Sony? Well, they aren’t going to wither away, or probably even notice my boycott. But I did not buy their cheap DVD player at Sam's the other day. I don't look at their flat screens or laptops. No more Sony CDs or DVDs. No movies they had a hand in producing or distributing. If Sony is the unique supplier of something I want, I may revisit the decision. Otherwise, why should I?

Are other companies doing undesirable things to me? Probably. They join the blacklist when they get caught. I do not lie awake at night worrying. Even outrage cost me more than I am willing to spend. Too much like paranoia. I do not eat store-bought meat. I bought my dogs from folks I know. I don't run Microsoft products except in very constrained environments, when necessary (it is stupid or hopelessly idealistic to not test Web pages in Internet Explorer unless you know your audience doesn't use it). But I cannot manufacture my own video card or batteries.

Whitepapers

• Secure Wireless Printing Options
• Improve Virtual Storage TCO by Comparing Vendors
• Making IT Invisible
• Best Practices for VMware ESX Server
• Virtualizing Storage for VMware Success
• Configuration Assessment: Choosing the Right Solution

View more DATA CENTER whitepapers

Webcasts

• Branch Office Trends and Best Practices
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Tips and Techniques for Remote Data Backup and Delivery
• WAN Optimization Landscape
• Oracle Database 11g: Advances in Compression, Real Application Testing and Data Guard
• Solutions to the Toughest IT Challenges in Remote Offices

View more DATA CENTER webcasts

Special Reports

• Executive Guide: Storage Heats Up
• Data Centers: At the center of the action
• Executive Guide: Virtualization Reality Check
• Executive Guide: Data Center Decisions
• Get More From Your WAN
• Network World Executive Guide: Perfecting Application Performance Management

View more DATA CENTER special reports