What EV certs are good for

2009-01-25 Thread Jerry Leichter

I just received a phishing email, allegedly from HSBC:

Dear HSBC Member,

Due to the high number of fraud attempts and phishing scams, it  
has been decided to

implement EV SSL Certification on this Internet Banking website.

The use of EV SSL certification works with high security Web  
browsers to clearly
identify whether the site belongs to the company or is another  
site imitating that

company's site

(I hope I haven't quoted enough to trigger someone's spam detectors!)   
Needless to say, the message goes on to suggest clicking on a link to  
update your account.


-- Jerry


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Bitcoin v0.1 released

2009-01-25 Thread dan

Bill Frantz writes:
-+-
 | Some people tell me that the 0wned machines are among the most
 | secure on the network because botnet operators work hard to
 | keep others from compromising their machines. I could see the
 | operators moving toward being legitimate security firms,
 | protecting computers against compromise in exchange for some of
 | the proof of work (POW) money.


I'm one of those people.  Quoting from my speech of 1/20:

 Virus attacks have, of course, become rarer over time, which is
 to say that where infectious agents once ruled, today it is
 parasites.  Parasites have no reason to kill their hosts -- on
 the contrary they want their hosts to survive well enough to
 feed the parasite.  A parasite will generally not care to be all
 that visible, either.  The difference between parasitism and
 symbiosis can be a close call in some settings, and of the folks
 who famously bragged of being able to take the Internet down in
 twenty minutes, one has said that a computer may be better
 managed once it is in a botnet than before since the bot-master
 will be serious about closing the machine up tight against
 further penetration and similarly serious about patch
 management.  Therefore, since one can then say that both the
 machine's nominal owner and the bot master are mutually helped,
 what we see is evolution from parasite to symbiont in action.
 According to Margulis and Sagan, Life did not take over the
 globe by combat, but by networking.  On this basis and others,
 bot-nets are a life form.

Rest of text upon request.  Incidentally, I *highly* recommend
Daniel Suarez's _Daemon_; trust me as to its relevance.  Try
this for a non-fiction taste:

http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality


--dan

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Bitcoin v0.1 released

2009-01-25 Thread Satoshi Nakamoto
Hal Finney wrote:
  * Spammer botnets could burn through pay-per-send email filters
trivially
 If POW tokens do become useful, and especially if they become money,
 machines will no longer sit idle. Users will expect their computers to
 be earning them money (assuming the reward is greater than the cost to
 operate). A computer whose earnings are being stolen by a botnet will
 be more noticeable to its owner than is the case today, hence we might
 expect that in that world, users will work harder to maintain their
 computers and clean them of botnet infestations.

Another factor that would mitigate spam if POW tokens have value:
there would be a profit motive for people to set up massive
quantities of fake e-mail accounts to harvest POW tokens from
spam.  They'd essentially be reverse-spamming the spammers with
automated mailboxes that collect their POW and don't read the
message.  The ratio of fake mailboxes to real people could become
too high for spam to be cost effective. 

The process has the potential to establish the POW token's value
in the first place, since spammers that don't have a botnet could
buy tokens from harvesters.  While the buying back would
temporarily let more spam through, it would only hasten the
self-defeating cycle leading to too many harvesters exploiting the
spammers.

Interestingly, one of the e-gold systems already has a form of
spam called dusting.  Spammers send a tiny amount of gold dust
in order to put a spam message in the transaction's comment field.
 If the system let users configure the minimum payment they're
willing to receive, or at least the minimum that can have a
message with it, users could set how much they're willing to get
paid to receive spam.

Satoshi Nakamoto


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com