They love me in Buffalo

| Comments (0) | COMSEC
I recently did an email interview (well, he sent me questions, I sent answers) with a reporter from the Buffalo News the other day and it's up on the Web here. Lemme tell you, it looks a lot cooler in print, since the lede at least was on the front page. Since it was in email, I seem to have managed not to say anything too stupid, at least not that made it into the article.
"The effect of the Internet is to make it much cheaper for scammers to send out solicitations. This means that scams that formerly were unprofitable because the response rate was so low are now profitable," Eric Rescorla, chief scientist at Network Resonance and an adviser for Voltage Security, said in an e-mail interview Thursday.


Users have to be more cautious and treat someone they talk to online the same way they would treat someone in real life. "Many of these scams work because users are insufficiently skeptical of e-mail they receive via the Internet. If users are a little more worried and it causes them to be more careful about trusting e-mail, that's a good thing," Rescorla said.

Obviously, I spouted a bunch more stuff that didn't make it in, probably deservedly so, but here's one point I am a bit fond of:

With regard to emails that purport to be from your bank, I suspect the problem is simple: people don't understand that it's easy to forge mail and that just because a site looks like your banking site, that doesn't mean it is. This is a case where your real-world intuitions fail you: there aren't a lot of fake brick and mortar bank branches floating around, but it's trivial to set up a fake site that looks like your bank's site.

Of course, this isn't unique to the Internet: you can't trust people who call you on the phone either, even if their Caller-ID information looks OK, but the visual cues on the Web really are good for suckering people in. It's just natural to say to yourself "no criminal would have a site that looks this good, it must be my bank", but of course that's totally wrong.

Thanks to Wasim Ahmad and Stephanie Mode for making the contact and Hovav Shacham and Terence Spies for looking over my answers before I shipped them. The point about it would be good to be more skeptical is Hovav's.

Leave a comment