Comments on: Phishing and the gaining of “clue” http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/ Security Research, Computer Laboratory, University of Cambridge Thu, 18 Mar 2010 17:41:05 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: era http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/comment-page-1/#comment-24335 era Thu, 04 Oct 2007 07:46:37 +0000 http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/#comment-24335 Somewhat late in the game, the Hong Kong registrar issues a PR release about this: https://www.hkdnr.hk/hkdnr/20070928/web-content/coverstory.html (I'm linking directly to the content frame; the site maintainers would probably like you to <strike>suffer</strike> visit https://www.hkdnr.hk/hkdnr/20070928/web-content/index.html where they show off all their bling, 1990s Geocities style.) Somewhat late in the game, the Hong Kong registrar issues a PR release about this: https://www.hkdnr.hk/hkdnr/20070928/web-content/coverstory.html

(I’m linking directly to the content frame; the site maintainers would probably like you to suffer visit https://www.hkdnr.hk/hkdnr/20070928/web-content/index.html where they show off all their bling, 1990s Geocities style.)

]]> By: Richard Clayton http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/comment-page-1/#comment-24261 Richard Clayton Sun, 30 Sep 2007 15:32:55 +0000 http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/#comment-24261 We were trying to make the point that "gaining clue" is a general phenomenon that can be observed in several different situations. We chose Alice because it had recently been chosen by the phishers (probably a small number of attackers, possibly even just one) and hence we can measure the change in their response rates. The TLDs were again chosen because the phishers had chosen to start using them during the period we were making measurements -- though to be strict we are really measuring the response of a small number of registrars rather than registrys, but for some TLDs the difference is moot. We were trying to make the point that “gaining clue” is a general phenomenon that can be observed in several different situations. We chose Alice because it had recently been chosen by the phishers (probably a small number of attackers, possibly even just one) and hence we can measure the change in their response rates. The TLDs were again chosen because the phishers had chosen to start using them during the period we were making measurements — though to be strict we are really measuring the response of a small number of registrars rather than registrys, but for some TLDs the difference is moot.

]]> By: Davide Denicolo http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/comment-page-1/#comment-24260 Davide Denicolo Sun, 30 Sep 2007 15:24:12 +0000 http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/#comment-24260 Hi Tyler interesting article. Why do you compare in your research an Internet provider as Alice with a generic statistic of top level domain ? Around Internet there are many Internet provider as Alice; why have you choose it? Hi Tyler interesting article.
Why do you compare in your research an Internet provider as Alice with a generic statistic of top level domain ?
Around Internet there are many Internet provider as Alice; why have you choose it?

]]> By: Tyler Moore http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/comment-page-1/#comment-23671 Tyler Moore Mon, 20 Aug 2007 10:25:48 +0000 http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/#comment-23671 Susan, There are a number of plausible reasons why there was an uptick in mid-June, and you listed a couple of them. What's noteworthy is that site lifetimes are always quite volatile. Even 'clued-up' providers inadvertently let sites slip through the cracks for many days before removing them. Such high variation seems to be a fundamental characteristic of phishing site lifetimes. Tyler Susan,
There are a number of plausible reasons why there was an uptick in mid-June, and you listed a couple of them. What’s noteworthy is that site lifetimes are always quite volatile. Even ‘clued-up’ providers inadvertently let sites slip through the cracks for many days before removing them. Such high variation seems to be a fundamental characteristic of phishing site lifetimes.

Tyler

]]> By: Susan W. http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/comment-page-1/#comment-23650 Susan W. Sat, 18 Aug 2007 21:08:41 +0000 http://www.lightbluetouchpaper.org/2007/08/16/phishing-and-the-gaining-of-clue/#comment-23650 Great visualization -- I like the idea of "clue" as a quantifiable characteristic. I am curious what happened in mid-June in both .hk and .cn -- there was a small upwards blip. Somebody in the abuse department on a summer holiday? Innovative design by phishers that their abuse department didn't recognize? Analysis of graphs like this could definitely lead to improvements in an abuse-reporting process, as well as internally by ISP's to examine their own abuse department's effectiveness. Great visualization — I like the idea of “clue” as a quantifiable characteristic.

I am curious what happened in mid-June in both .hk and .cn — there was a small upwards blip. Somebody in the abuse department on a summer holiday? Innovative design by phishers that their abuse department didn’t recognize? Analysis of graphs like this could definitely lead to improvements in an abuse-reporting process, as well as internally by ISP’s to examine their own abuse department’s effectiveness.

]]>