Searching for Evil
I’m trying to return to the habit of watching a video on something every couple days (call it an early New Year’s Resolution if you must) and so I’m starting to look at what was queued up before I got too busy to do it.
Today’s video is a talk that Ross Anderson gave at Google called Searching for Evil. In it he iterates through a number of the major types of scams that are online from phishing to 419 to Canadian pharmacies. I’m not sure what I was expecting, but it turns out that that I now have the perfect video to give people who are security clueless about how to spot these kinds of scams. (You know, the people get sucked in by every hoax and ‘warning’ that arrives into their mailbox). I’m not going to iterate over each scam as the video is needed to truly appreciate it, but here are the rest of my notes.
- Ross’ website has a tonne of links about the security economics
- The underlying cause for a lot os security failures are the incentives around not doing them
- Adverse Selection
- Wicked people go out of the way to get seals of approval from reputable organizations thus making the seal of approval itself a red flag for whether something is a scam
- To break up a system, target the bottlenecks
- Irrevocable payments are a common denominator of evilness (such as Western Union)
- Assumptions about identity validity / assurances are highly geographic specific (see the Chinese gymnastics team at the recent Olympics)
- If you can program it, it is administration. Everything else is management
- A bank is just a perl script these days
- Never underestimate the stupidity of the public
- Plagiarism detection is a useful tool in identifying evil sites
- The people most trusted by the public are academics. Fool then and you inherit their trusted followers
Direct link here.