UT 0wned again

Not much to say here but, "oops." KXAN reports a major security breach at UT, specifically the business school, specifically by what looks like a foreign power. This means means our future management force here in Austin will have years-compromised Social Security Numbers.

Did you know that even if you know for a fact that your number has been copied for evil intent, you still can't change your SSN without an act of God or Congress? What could possibly go wrong?

Gmail quicker reference guide

I like Gmail a lot, even though they are demonstrably weak on privacy (I don't really care). But, I'm growing to hate mouse interfaces, largely due to the fact that I have a really crappy mouse at work that I haven't gotten around to replacing.

Gmail has a bunch of keyboard shortcuts for navigation, true, but they're hard to remember because they're not exactly pure vi. I thought I found the answer to my prayers for picking this key set up, though, when I found the Gmail keyboard shortcut quick reference.

Sadly, despite the author's claims, it does not fit on one printed page (at least when your page is 8.5" x 11"). So I fixed it up a little to fit. It's a Word doc, stored here. Yay.

It's Springtime for Phishing

...well, at least for the Anti-Phishing Working Group. I just got back from Chicago and had a really good time. And though I'm not exactly going out on a limb, Dr. Markus Jakobsson was easily the most informative and engaging speaker there. If you're interested in the areas of browser security and technical deception on the Internet, you should read everything Markus has written. I'm a total fanboy now. Thanks Markus!

Google is so helpful

I noticed this as a FAQ on Gmail:

I am a network administrator, and need to disable Gmail's chat features on my network.

We understand that it's sometimes necessary to disable instant messaging services on a network. If you need to prevent Gmail users on your network from chatting, we suggest blocking DNS lookups to chatenabled.mail.google.com, by returning 127.0.0.1.

I think that's the nicest thing anyone's ever said to me. Seriously, here in the misuse prevention business, it's often quite a pain to block IM/file transfer programs on behalf of customers (since virtually all of them actively attempt to evade firewalls), and for Google to go out of their way to tell people how to block unwanted functionality just warms my heart.

Why Phishing Works

Link via a friend at work via Bruce Schneier.

Why Phishing Works

Just glanced at the abstract (of this paper out of Harvard), and decided to use my blog as a bookmark for when I get home. It looks good, I'll drop in my 2 cents on this space when I get a sec -- I suspect my comments will be along the lines of "all anti-phishing suggestion-based tool bars are toys, and don't work in real life."