The
Anti-Phishing Working Group
is having one of its periodic member meetings,
this time in Pittsburgh.
Probably I shouldn't report too much detail,
but I'll say that interesting things are going on worldwide
that may spread to other countries.
For example, in Japan it seems that fake programming sites
are more popular than phishing.
Also, if I heard correctly, most phishing in the Japanese
language originates from phishers in Japan.
This would make sense, since it's very hard for foreigners
to write well enough to pretend to be Japanese.
So that one probably won't spread too widely,
but the fake programming scam could.
My favorite is the history attack.
World War II ended on 15 August 1945 in Japan, so
a timeline of that war can get a lot of hits on a war's end
link in August of any year.
Who would have known history could be so popular?
Meanwhile, during Carnival in Brazil, nobody reports malware,
so there's a dip in measurements....
Then and the rest of the year, sophisticated personalized
social engineering attacks seem to be popular in Brazil.
-jsq
> Probably I shouldn't report too much detail,...
Why not? The attackers already know, it is only the victims who are kept in the dark.
Posted by: Iang | October 02, 2007 at 12:59 PM
Oh, the usual: people feel free to talk freely because nobody's taking names and publishing transcripts. Most of the talks you could find elsewhere, but a few are unusual and the combination of people and information is quite good.
-jsq
Posted by: jsqrisk | October 02, 2007 at 02:55 PM
Oh, so people would be embarrassed to have their words mis-reported or abused. Sure, so it is nothing to do with security.
Some security researchers have identified that one of the biggest weapons we use to destroy our own security is the penchant for making everything secret. It's about time to start revealing everything, because all the other things that have been tried haven't worked.
Posted by: Iang | October 06, 2007 at 09:03 AM
Right, it's not because of security; it's because of politics.
I agree with you that secrecy is counter-productive. The problem is how do you get people to show up without some promise of privacy.
Me, as I remarked numerous times at this and other gatherings, I'm in favor of reputation services. Some people view that as "name and shame". I see it more as enabling evolution.
Posted by: jsqrisk | October 06, 2007 at 09:38 AM