Dude give it up... No . One. Cares. At all. Accept that your ideas suck.. oh and you're an attention seeking douche bag -- or maybe a bad troll.
I guess pegasusmail_html.cpp will answer my questions... On Tue, Aug 5, 2008 at 11:03 AM, lsi <[EMAIL PROTECTED]> wrote: > BLUE TEAM: anti-phishing blacklist > RED TEAM: phish > GREEN TEAM: end-users > > starting degree of obfuscation: 0% (none) > starting number of blocked domains: 0 > > ---------- > > round 1: > > action: RED sends billions of phish > consequence: 5% of GREEN members are suckered and lose some cash > > action: BLUE blocks the top 20 phished domains using the FROM field > consequence: 80% of RED members are forced to make new sites and find > new victims > > current degree of obfuscation: 0% > current number of blocked domains: 20 > > round 2: > > action: RED obfuscates their FROM fields by 20% and resends billions > of phish > consequence: 4% of GREEN members are suckered and lose some cash > > action: BLUE blocks the next top 20 phished domains using the FROM > field > consequence: 80% of RED members are forced to make new sites and find > new victims > > current degree of obfuscation: 20% > current number of blocked domains: 40 > > round 3: > > action: RED obfuscates their FROM fields by 20% and resends billions > of phish > consequence: 3% of GREEN members are suckered and lose some cash > > action: BLUE blocks the next top 20 phished domains using the FROM > field > consequence: 80% of RED members are forced to make new sites and find > new victims > > current degree of obfuscation: 24% > current number of blocked domains: 60 > > round 4: > > action: RED obfuscates their FROM fields by 20% and resends billions > of phish > consequence: 2% of GREEN members are suckered and lose some cash > > action: BLUE blocks the next top 20 phished domains using the FROM > field > consequence: 80% of RED members are forced to make new sites and find > new victims > > current degree of obfuscation: 28.8% > current number of blocked domains: 80 > > round 5: > > action: RED obfuscates their FROM fields by 20% and resends billions > of phish > consequence: 1% of GREEN members are suckered and lose some cash > > action: BLUE blocks the next top 20 phished domains using the FROM > field > consequence: 80% of RED members are forced to make new sites and find > new victims > > current degree of obfuscation: 34.56% > current number of blocked domains: 100 > > round 6: > > action: RED obfuscates their FROM fields by 20% and resends billions > of phish > consequence: 0% of GREEN members are suckered and lose some cash > > ---------- > > GAME OVER: RED loses at round 6, as 0% of GREEN members are suckered, > due to over-obfuscation. > > final degree of obfuscation: 41.47% > final number of blocked domains: 100 > > ---------- > > observations: > > 1. The model is over-simplified, in reality it's unlikely that BLUE > would consistently achieve 80%. However in reality it's also > unlikely that RED would enjoy a linear relationship between > obfuscation and success, specifically, the more RED obfuscates the > less success it has. Both teams might suffer diminishing returns > from their efforts. (for the purposes of the above model, these > effects have been allowed to cancel each other out) > > 2. The model has a constant 1% reduction in the victim rate, this is > debatable, however it will never go upwards, eg., there is nothing > RED can do to push that number back towards 100%. Conversely, > everything BLUE does pushes that number towards 0%. In addition, > other anti-phishing technologies will also be pushing the number > towards 0%. GREEN itself might even push the number down. > > 3. The model does not allow RED to increase the number of phish they > send. In reality, they way well do so. However they will blocked > faster in this case, not only by BLUE but also by other technologies, > such as spam filters. (for the purposes of the above model, these > effects have been allowed to cancel each other out) > > 4. The model does not allow the game to be terminated voluntarily. > In reality, RED will terminate the game voluntarily when phish > revenue per hour falls below revenues per hour available from other > sources. This will be some time before 0% of GREEN members are > suckered, perhaps as early as round 3. > > 5. The blacklist contains 100 items at the time RED loses. It may > contain as little as 60 at the time RED terminates voluntarily. > > ---------- > > links: > > (...) > http://en.wikipedia.org/wiki/Business_War_Games > > (this is a sales brochure, however it describes a war game a bit > nicer than wiki, it's got diagrams, for a start) > http://www.coleago.co.uk/uploads/Training/War%20Gaming.pdf > > (this isn't relevant to a war game, it might be something like what's > happening when the top 20 phished domains are used to select the > items to blacklist, OTOH, it might not, I don't know, I'm not a > statistician. I'd love to know the name of the technique, I use > something similar to optimise my spam rules...) > http://en.wikipedia.org/wiki/Monte_Carlo_method > > (this was mentioned in one of the papers I quoted previously) > http://en.wikipedia.org/wiki/Pareto_principle > > --- > Stuart Udall > stuart [EMAIL PROTECTED] net - http://www.cyberdelix.net/ > > --- > * Origin: lsi: revolution through evolution (192:168/0.2) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
