Tag Archives: Internet security

The Next Step: Anti Phishing Services

MessageLabs, those hyperactive purveyors of Internet security, have come up with an anti-phishing service for banks and other targeted companies (Phishing is the scam whereby bogus emails entice you to give up your online banking password and other sensitive information), the first of its kind I do believe. It had been available to about 15 banks and is now available to everyone. 

 

The service involves “real-time scanning, expert analysis and authentication, incident response and early notification of suspicious email activity”.  The company uses Skeptic™ Radar (I’m not making this up) technology to scan millions of email messages to detect threats and anomalies. When a scam is identified, analysed and authenticated, the company notifies the targeted company and provides details of the attack. Companies are then able to work with law enforcement agencies to quickly and effectively shut down scammers. (It says here.)

 

MessageLabs says it has been able to alert “in-house IT staff to the problem before they knew of its existence”. In pilot cases it was able to close down fraudulent website within a couple of hours.

 

MessageLabs reckon about “20% of all recipients that receive phishing emails have been duped into providing user names, passwords and social security numbers”. That’s a very high figure; I’d heard 5%. I’ll try to find out where MessageLabs get it from.

Update: PC-cilin Goes All 2004

 Trend Micro today released PC-cillin Internet Security 2004, the latest version of an antivirus program that I have written fondly of in the past. There don’t seem to be any new bells and whistles this time around, but then again it doesn’t really need it: Internet Security includes a personal firewall and “advanced privacy and spyware protection to protect passwords, bank account numbers, and other personal information”. It also blocks spam and inappropriate (adult) Web sites. It sells for $50 which will get you a year of updates.
 

Loose Wire: The State We

Loose Wire: The State We Could Be in

By Jeremy Wagstaff
from the 28 March 2002 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.

Voting in your underwear? Sounds an appealing proposition: the chance to exercise your constitutionally protected right without actually having to leave your home. You could be watching Frasier while working out which candidate you want to mess things up for you for the next three/four/25 years, based on criteria such as which one most closely resembles a Teletubby/Frasier’s brother Niles/your Aunt Maudlin.

Yes, the lure of Internet voting is coming around again. In May, soccer enthusiasts will be able to vote for their favourite players in the World Cup via a joint South Korean and Japanese project (mvp.worldcup2002.or.kr; the site is not fully functioning yet). This is just an on-line poll, of course, and doesn’t add much to the mix except to try to introduce a new social group (soccer fans) to the concept of on-line voting. Elsewhere, however, on-line voting is already kicking in: Some towns in Britain are undertaking pilot projects allowing voters to choose their local councillors via the Internet, or even via SMS, in borough elections in May.

I don’t want to be a killjoy, but this kind of thing gives me the heebie-jeebies. The arguments in favour of on-line voting make sense — faster counting, less human error, attracting younger, hipper voters with handphones and Internet connections in their hatbands, higher turnouts, you can vote in your underpants, etc., etc. — until you actually think about it. Computers, we’ve learned since we plugged one PC into another, are notoriously insecure. Viruses are now so sophisticated and prevalent that many security consultants advise their clients to update their anti-virus software every day. What are the chances of a voting system not being a juicy target for people writing these nasty little vermin programs?

Another argument wheeled out in favour of Internet voting is this: The Web is now managing billions of dollars of transactions successfully, so why can’t it handle voting? There’s a simple answer to this, as security consultant Bruce Schneier of Counterpane Internet Security (www.counterpane.com) explains: The whole point of voting is that it’s supposed to be anonymous, whereas any financial transaction has attached to it details of payee, recipient and other important data. This makes it much, much harder to protect any voting system from fraud, much harder to detect any fraud and much harder to identify the guy conducting the fraud. What’s more, if there was evidence of fraud, what exactly do you do in an on-line vote? Revote? Reconduct part of the vote? Chances are that faith in the overall ballot has been seriously, if not fatally, undermined.

Some of these problems could be done away with via ATM-style machines that print out a record of the vote. That could then be used in any recount. But it’s still not enough: As on-line voting expert Rebecca Mercuri points out, there is no fully electronic system that can allow the voter to verify that the ballot cast exactly matches the vote he just made. Some nasty person could write code that makes the vote on the screen of a computer or ATM-machine printout different from that recorded. This may all sound slightly wacky to people living in fully functioning democracies. But (political point coming up, cover your eyes if you prefer) democracies can be bent to politicians’ wills, and one country’s voting system may be more robust than another’s.

Scary stuff. Florida may seem a long way away now, but the lesson from that particular episode must be that any kind of voting system that isn’t simple and confidence-inspiring gives everyone stomach ulcers. The charming notion that the more automation you allow into a system, the more error-free and tamper-proof it becomes, is deeply misguided. The more electronics and automation you allow into the system, the less of a role election monitors can play.

Internet voting, or something like it, may well be the future. I’d like to see it wheeled out for less mission-critical issues, like polling for whether to introduce traffic-calming measures in the town centre, or compulsory kneecapping for spitters, say. But so long as computers remain fragile, untamed beasts that we don’t quite understand, I’d counsel against subjecting democracy to their whim. Even if I am in my underpants.