Get the LinuxSecurity news you want faster with RSS
Powered By
Browsers, Phishing, and User Interface Design
Source: SecurityFocus.com - Posted by Eric Lubow
Occasionally a criminal is so, well, clever that you have to admire him even as you wish that he spends the rest of his life in jail. Take Arnold Rothstein, for instance. One of the kingpins of organized crime in New York City during Prohibition and before, the "Great Brain," as he was termed, was more than likely behind the infamous Black Sox scandal, in which the 1919 World Series was fixed in favor of the Cincinnati Reds. He is also widely credited with inventing the floating crap game immortalized in Guys and Dolls. Like some character out of a Damon Runyon story, Rothstein's "office" was outside of Lindy's Restaurant, at Broadway and 49th Street, and he associated with gangsters whose names still trip off the tongue three-quarters of a century later: Meyer Lansky, Legs Diamond, Lucky Luciano, Dutch Schultz. When it comes to colorful, clever criminals, Rothstein is at the top of the heap. And then, on the other end of the scale, today we have the phishers. Scumbags of the Web, phishers vomit out emails to as many millions of people as they can possibly reach, hoping that a tiny few will respond to their fraudulent request to update their account information at PayPal, eBay, or CitiBank (or just about any other bank you can imagine). This is an enormous problem, and it's not getting any better. I recently read a fascinating study that shows just why that's the case.
If you haven't read "Why Phishing Works" (850 kb PDF) - written by Rachna Dhamija, J. D. Tygar, and Marti Hearst - stop what you're doing now and go get it (or at the very least, read a short summary of what it offers). In just ten pages, your eyes will be opened to just how much of a problem the public - and the security people tasked with protecting them - really face. I knew it was bad, but I had no idea it was this bad.
