Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
Vigilantism, in cyberspace or a New York subway, gets rejected in the main because more than just one vigilante results in an unlovely chaos. What the Anonymous cyber-vigilantes - those meting out "payback" for commercial decisions about Wikileaks - don't seem to realize is that chaos begets reaction, and in this case the victim may be the Internet itself. more
Remember when Gmail launched in 2004, and everyone said it was going to kill Hotmail, Yahoo!, and AOL? Six years later, and this chart shows pretty clearly that while gmail has grown, only AOL's pageviews have fallen. The rest have held fairly steady. So what's everyone freaking out about? more
Last week hundreds of privacy regulators, corporate officers, and activists gathered in Jerusalem, Israel for the annual Data Protection and Privacy Commissioner Conference. ... Many acknowledged that longstanding privacy norms are being increasingly challenged by the massive popularity of social networks that encourage users to share information that in a previous generation would have never been made publicly available for all the world to see. more
Google has released a government requests tool. It's highly illuminating and may end up being quite disruptive. That's what surprising data visualizations can do for us. ... The tool allows us to see the number of requests from different countries that Google received during the last six months of 2009. More than 3600 data requests from Brazil during those six months and more than 3500 from the US. But just 40 or so from Canada and 30 from Israel. more
I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses. more
Secretary Clinton's major address on internet freedom made the connection between humanity and technology. We've been waiting a long time for our political leaders to have the courage to express thoughts like this, to have a vision about the role of the internet in human history, and yesterday the day arrived. The speech wasn't an isolated event, of course. more
CAUCE, the Coalition Against Unsolicited Commercial Email, has looked back at the notable events of the last decade in our industry. Each year/link in the post explodes to a discrete blog entry with a month-by-month break-out of notable events. more
As the year draws to a close, China's blocking of overseas websites - including Facebook, Twitter, and thousands of other websites including my blog - is more extensive and technically more sophisticated than ever. Controls over domestic content have also been tightening. People who work for Chinese Internet companies continue to complain that they remain under heavy pressure... more
This weekend we took the car in for service. Instead of dropping it off at the dealership, we found a small, local garage. Prominently positioned on the counter was their Email Privacy Policy... If a little garage can provide such an understandable and readable privacy policy, how is it that so many email and internet experts fail to do the same? more
Since Obama became President -- and yes, I voted for him -- there has been a great deal of optimism and energy around the idea that the Internet can be used to improve or "reboot" our democracy. The Administration has hired some great people to work on making government more open and transparent. This is all great. But how much good will all of this nifty e-government do for American democracy if citizens' rights to privacy and free expression are not also fiercely defended? more
According to reports today, the Australian federal government made a drastic change to a bill that could potentially allow ISPs to police online traffic. Karen Dearne of the Australian IT reports: "Electronic Frontiers Australia spokesman Geordie Guy said it was unclear if the draft Telecommunications (Interception and Access) Amendment Bill was an "attempt to sneak through" a wholesale expansion of intercepts of private emails and file-sharing or merely a badly drafted bill." more
Analysis could also affect liability of enterprises using cloud computing technologies... Local elected official Steinbach had an email account that was issued by the municipality. Third party Hostway provided the technology for the account. Steinbach logged in to her Hostway webmail account and noticed eleven messages from constituents had been forwarded by someone else to her political rival. more
One of the throwaway remarks I sometimes make at conferences is that "Google knows you're pregnant before you do". I can say this because the things you search for will change as your life changes, and search engine providers may well be able to spot the significance of these changes because they aggregate data from millions of people. Now Google's philanthropic arm, google.org, has shown just what it can do with the data it gathers from us all by offering to predict where 'flu outbreaks will take place in the USA. more
The Open Net Initiative's Information Warfare Monitor project has published a stunning report by "Hacktivist" Nart Villeneuve titled: "Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform." It has been covered by both the New York Times and the Wall Street Journal... more