What EV certs are good for
I just received a phishing email, allegedly from HSBC: Dear HSBC Member, Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website. The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company's site (I hope I haven't quoted enough to trigger someone's spam detectors!) Needless to say, the message goes on to suggest clicking on a link to update your account. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Bitcoin v0.1 released
Bill Frantz writes: -+- | Some people tell me that the 0wned machines are among the most | secure on the network because botnet operators work hard to | keep others from compromising their machines. I could see the | operators moving toward being legitimate security firms, | protecting computers against compromise in exchange for some of | the proof of work (POW) money. I'm one of those people. Quoting from my speech of 1/20: Virus attacks have, of course, become rarer over time, which is to say that where infectious agents once ruled, today it is parasites. Parasites have no reason to kill their hosts -- on the contrary they want their hosts to survive well enough to feed the parasite. A parasite will generally not care to be all that visible, either. The difference between parasitism and symbiosis can be a close call in some settings, and of the folks who famously bragged of being able to take the Internet down in twenty minutes, one has said that a computer may be better managed once it is in a botnet than before since the bot-master will be serious about closing the machine up tight against further penetration and similarly serious about patch management. Therefore, since one can then say that both the machine's nominal owner and the bot master are mutually helped, what we see is evolution from parasite to symbiont in action. According to Margulis and Sagan, Life did not take over the globe by combat, but by networking. On this basis and others, bot-nets are a life form. Rest of text upon request. Incidentally, I *highly* recommend Daniel Suarez's _Daemon_; trust me as to its relevance. Try this for a non-fiction taste: http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Bitcoin v0.1 released
Hal Finney wrote: * Spammer botnets could burn through pay-per-send email filters trivially If POW tokens do become useful, and especially if they become money, machines will no longer sit idle. Users will expect their computers to be earning them money (assuming the reward is greater than the cost to operate). A computer whose earnings are being stolen by a botnet will be more noticeable to its owner than is the case today, hence we might expect that in that world, users will work harder to maintain their computers and clean them of botnet infestations. Another factor that would mitigate spam if POW tokens have value: there would be a profit motive for people to set up massive quantities of fake e-mail accounts to harvest POW tokens from spam. They'd essentially be reverse-spamming the spammers with automated mailboxes that collect their POW and don't read the message. The ratio of fake mailboxes to real people could become too high for spam to be cost effective. The process has the potential to establish the POW token's value in the first place, since spammers that don't have a botnet could buy tokens from harvesters. While the buying back would temporarily let more spam through, it would only hasten the self-defeating cycle leading to too many harvesters exploiting the spammers. Interestingly, one of the e-gold systems already has a form of spam called dusting. Spammers send a tiny amount of gold dust in order to put a spam message in the transaction's comment field. If the system let users configure the minimum payment they're willing to receive, or at least the minimum that can have a message with it, users could set how much they're willing to get paid to receive spam. Satoshi Nakamoto - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com