Wednesday, February 22, 2006

Phishing: The scams proliferate.

A new report from the Anti-Phishing Working Group contains some discouraging data:
• Number of unique phishing reports received in December: 15244
• Number of unique phishing sites received in December: 7197
• Number of brands hijacked by phishing campaigns in December: 121
• Number of brands comprising the top 80% of phishing campaigns in December: 7
Country hosting the most phishing websites in December: United States
• Contain some form of target name in URL: 51 %
• No hostname just IP address: 32 %
• Percentage of sites not using port 80: 7 %
• Average time online for site: 5.3 days
• Longest time online for site: 31 days
Brian Krebs comments in the Washington Post.

Things are even worse than when I commented last May, and we can't even blame it on "those nasty East European criminals."

Labels: , ,


Friday, February 17, 2006

Some scandals fade away...

But some of them shouldn't.

Salon has an article explaining why Abu Ghraib is one that shouldn't.
The horrors carried out during the last three months of 2003 by U.S. soldiers at Abu Ghraib prison are shockingly familiar and, at the same time, oddly remote. The torture photographs that were published when the prisoner-abuse scandal first exploded have lost their power to shock. We have all seen the pictures repeatedly: a pyramid of unclothed prisoners; a naked detainee cowering in front of snarling dogs; captives wearing punitive hoods that seem borrowed from a medieval inquisition; American soldiers grinning over Iraqi dead bodies and, always, that chillingly ironic thumbs-up sign.

Eventually this visual repetition numbs the senses. All these ghastly images have been viewed so often that they seem to belong to a different war conducted by a different superpower in a different century. Yet the photographs that news organizations have so far published represent only a partial sample of the government's chilling documentary record from Abu Ghraib...

The other compelling reason for publishing these pictures is that the system itself broke down over Abu Ghraib. Beyond the collapse of military discipline and adherence to the basic rules of civilized behavior, Abu Ghraib also symbolized the failure of a democratic society to investigate well-documented abuses by its soldiers. After an initial flurry of outrage, the Republican-controlled Congress lost interest in investigating whether senior military officers -- and even Pentagon officials -- created a climate in which torture (yes, torture) flourished. In similar fashion, the Army still seems intent on ending this shameful story by jailing the likes of Lynndie England and Charles Graner. At least after the My Lai massacre during the Vietnam War, Lt. Calley was convicted.

Abu Ghraib cannot be allowed to fade away like some half-forgotten domestic political controversy, which may have prompted newsmagazine covers at the time, but now seems as irrelevant as the 2002 elections. Abu Ghraib is not an issue of partisan sound bites or refighting the decision to invade Iraq. Grotesque violations of every value that America proclaims occurred within the walls of that prison. These abuses were carried out by soldiers who wore our flag on their uniforms and apparently believed that Americans here at home would approve of their conduct. Rather than hiding what they did out of shame, they commemorated their sadism with a visual record...

Labels: , ,


Thursday, February 16, 2006

Voter Registration Database Guidelines:
Accuracy, Privacy, Usability, Security, and Reliability

The US Public Policy Committee of the Association for Computing Machinery has just released a report with nearly 100 high-level guidelines designed to help states comply with Federal laws that require new computerized statewide electronic databases.

Here's a summary of its Executive Summary
This study focuses on five areas that election officials should address when creating statewide voter registration databases (VRDs): accuracy, privacy, usability, security, and reliability. Each chapter contains detailed discussions and recommendations. The following are some of the overarching goals for VRDs and selected recommendations for achieving them.

1. The policies and practices of entire voting registration systems, including those that govern VRDs, should be transparent both internally and externally...

2. Accountability should be apparent throughout each VRD...

3. Audit trails should be employed throughout the VRD...

4. Privacy values should be a fundamental part of the VRD, not an afterthought...

5. Registration systems should have strong notification policies...

6. Election officials should rigorously test the usability, security and reliability of VRDs while they are being designed and while they are in use...

7. Election officials should develop strategies for coping with potential Election Day failures of electronic registration databases...

8. Election officials should develop special procedures and protections to handle large-scale merges with and purges of the VRD...

Labels: , , ,