Jason Hong's Confabulations

Our company, Wombat Security Technologies , is featured in Pittsburgh's Pop City http://www.popcitymedia.com/timnews/wombat0106.aspx Founded in 2008, the company has commercialized software developed at Carnegie Mellon University as part of the largest anti-phishing research project in the country. What began as the cute cartoon game, Anti-Phishing Phil, is now a powerful tool used by banks, governments and defense and healthcare institutions to train employees to foil phishing scams, fraudulent emails sent by con artists and cyber gangs to gain access to secured information.

Sasha Romanosky points me to a story about a security analyst dressing up as a phish to educate students. This reminds me of that time Randy Pausch dressed up as some character from Alice in Wonderland and gave away Alice CDs. I have to admit, this is definitely going to be memorable for the students. Tech-Security Official at U. of Virginia Wears Fish Costume to Raise Awareness of 'Phishing' When Karen McDowell dressed up in a purple fish costume and walked around the University of Virginia’s campus last month, she got plenty of attention for her cause, even though she had to explain the meaning of her outfit. Ms. McDowell is a security analyst for the university, and her goal was to raise awareness about e-mail phishing schemes, in which con artists send e-mail messages hoping to lure people into giving out their passwords or other personal information.

A sad, funny, and frustrating story about phishing education. Don't know if this is true or not, but I can see it happening. http://thedailywtf.com/Articles/Go-Phish.aspx Auburn University's CIO sends out a warning to students, faculty, and staff about phishing, and includes an example of phishing in his email. A few days later, he sends out another email, excerpt below: "In my previous alert, I included the text of a phishing email as an example. Some students misunderstood that I was asking for user name and password, and replied with that information. Please be aware that you shouldn’t provide this information to anyone."

This Newsweek article talking about Obama and McCain computers being hacked is light on details (probably because of an ongoing investigation), but is disconcerting in terms of its implications. At the Obama headquarters in midsummer, technology experts detected what they initially thought was a computer virus—a case of "phishing," a form of hacking often employed to steal passwords or credit-card numbers. But by the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: "You have a problem way bigger than what you understand," an agent told Obama's team. "You have been compromised, and a serious amount of files have been loaded off your system."

I've been a fan of Craigslist's Missed Connections for a while, as any of my friends will tell you. There's something wistful about them, as in a Krystof Kiewslowski film. It turns out that CNN has an article about these kinds of sites, and that there were a lot more than I realized. CNN lists not only Craigslist, but also Kizmeet.com, ISawYou.com, and SubwayCrush.com. http://www.cnn.com/2008/LIVING/personal/10/21/lw.missed.connections/index.html

Not a lot of details, but it's likely a phishing attack, malware, or an inside job. http://www.cnn.com/2008/WORLD/europe/10/19/sarkozy.bank.account.hacked.ap/index.html The French Cabinet's spokesman says "swindlers" have broken into the personal bank account of President Nicolas Sarkozy. French President Nicolas Sarkozy reported the theft from his account last month, say media. Spokesman Luc Chatel told France's Radio-J an investigation is under way and insists the incident "proves that this system of checking (bank accounts) via the Internet isn't infallible." He did not elaborate.

The Anti-Phishing Working Group (APWG) and Carnegie Mellon University ’ s Supporting Trust Decisions Project have established a phishing page redirect initiative that protects global online consumers who have been tricked into clicking links in scam emails by delivering them to Web pages that instruct them on the dangers of phishing – and how to avoid them. The program was announced today at the APWG conference in Atlanta. Link