Identity theft went from an obviously-serious looming threat in 1999 to America's #1 white collar crime. Why is malware (of all stripes) such a rampant problem today?
Let me suggest that if the Justice Department recruited for competence instead of religious and political zealotry, problems like this might have been addressed. Will it get better if we move from Bush/McCain to McCain? Does McCain even have a clue what malware is?
Read the following article. This illustrates criminal misconduct WITH IMPUNITY. It illustrates conduct by criminals who have confidence in the incompetence and indifference of the law enforcement community.
WE NEED CHANGE NOW!
Call out a phisher, get attacked by malwareUsers tired of phishing attacks who retaliate by talking back are being targeted with exploits designed to hijack their computers, a security researcher said today. In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of a username or password, said Joe Stewart, director of malware research at SecureWorks Inc. Users who know better than to divulge their online banking username and password in the forms linked from phishing e-mails, but who use words such as "phish" or a wide range of what Stewart called "bad language," are targeted for a follow-up malware attack. "The phishers are looking for three things," said Stewart. "First, if you don't fill out the form completely, second, if you use the term 'phish.' And three, if you use any kind of bad language." (Computerworld 8/26/08)
Call out a phisher, get attacked by malware
Crossposted at DailyKos
Reading Reaper0bot0's diary tonight reminded me very much of all the Internet Security debates I have been involved with since the early nineties. I invented one of the early firewalls (BorderWare), and since that time it has been my mixed pleasure and angst to engage in heated debates that are very very similar to this one.
The people who know a lot about Internet security are by and large very smart technical geeks who spend all their time thinking and worrying about keeping bad folks from doing nasty things. We get really passionate about it - if we screw up people are harmed. In some areas of our profession like Critical Infrastructure (which I focused on 2005-2007), when we screw up, people die.
Tempers get very sharp about the specific things we should do, and how we can do them. The worst part? I never know whether what I believe to be the right thing to do is not horribly wrong, and may lead to horrible consequences. But since the alternative is doing nothing, I have to do the best I can and live with the results.
I am becoming increasingly alarmed with the recent snooping into various U.S. Citizens' passport files and the United State's Information Security grades in conjunction with the topic of electronic voting. Speaking of those grades, the Dept of Veterans' Affairs didn't even turn in their rating (which I can understand after the millions of records that were breached in their systems) and there is a grade of F for almost 10 government agencies, including our Department of Defense - view the PDF by clicking here.
With the voting scandals of Florida and Ohio in the last election, and with a number of security breaches in information security in the Social Security Administration, Department of Defense, State Department and others, how can we trust that the votes collected via electronic means are true and accurate?
I think that the ideals of open systems and open-source software, coupled with complete background checks and continuous monitoring of all communications systems used by any programmers of an electronic voting system should be set into place. There should be no contracts to third-party vendors who could be influenced by either party- the electronic voting systems should be completely written by government employees, and the code for the application should be freely available, in complete, to any firm who wishes to view and verify the fairness and accuracy of the system. All states should be required to use the same system, and not have individual systems for each state as those respective states could choose to award contracts to software vendors who could very well have party affiliations.
I am concerned with our information security, our privacy as Americans, and I feel that we need to make this a priority and an issue for Senator Obama to address. I believe he has already begun to address privacy concerns by being firm on his stance that there be a full-out investigation into the tampering with his passport file. I would like comments from everyone about this issue, as I am very, very concerned with how electronic voting could change the real vote of the people.
Please give me your comments and ask your friends to comment - this is a real issue, it is overlooked, and I feel that it could be critical in the coming elections, especially with the amount of money the Republican party could come up with to pay off someone to slip a few votes in for McCain. Would you put it past them?
