Hex dump of Gibe-F worm.

Social Engineering and Fighting Internet Hoaxes

Social Engineering

"Social engineering" is just a fancy term for running scams and cons. Unfortunately, the only defense is educating your users and getting them to be careful, and that just doesn't work reliably.

Frank Stajano and Paul Wilson have written a very good paper about common street scams — how they work, the general principles of human behavior that they exploit, and what that means for designing secure systems. Get the PDF version of the paper: "Understanding scam victims: seven principles for systems security", University of Cambridge Computer Laboratory Technical Report Number 754, UCAM-CL-TR-754, ISSN 1476-2986, 2009.

A fascinating study titled Why Do Nigerian Scammers Say They are From Nigeria? explains how intentionally clumsy scams provide an advantage for an attacker using mass mailing because only the most gullible will reply.

Facebook is a stream of garbage.

The original version of Facebook was implemented entirely in hardware.

This image requires a Facebook Gold Account.

Fighting Internet Hoaxes


Advice Dog, from the handy Meme Generator.

Are you beseiged by messages claiming you can MAKE MONEY FAST if you send a get-well card to a Scottish kid dying of cancer, because Bill Gates will give you a free copy of Windows Vista plus cash if you forward the mail to 1000 people, and you'll get a free trip to Disneyland, and the American Cancer Society will give $0.03 per message to some other kid dying of cancer, so you'd better forward the message "just in case", but you'd better not read any replies with subject "Good Times" as they'll infect your hard drive with Dutch Elm disease?

Or maybe they're claiming that Life Cereal's Mikey died from eating Pop Rocks and Pepsi at the suggestion of Alice Cooper (when he was playing Eddie Haskell on "Leave it to Beaver"). Actually, Mikey crashed his JATO-powered pickup truck into an Arizona cliff, killing his passenger, Paul McCartney, who had recently had a kidney stolen. Really! I heard it from someone whose sister was dating a guy whose neighbor knew someone who used to work at the emergency room!

Keep these sites handy:

Snopes.com is the best for debunking the stupid stories and implausible Photoshopped pictures that dumb people keep forwarded across the Internet. A lot of people using the Internet should not be allowed to do so without adult supervision.

The U.S. Postal Service offers mathematical proof that the amazing chain letter is not just illegal, but impossible.

If you have somehow avoided the "419 scam" run by Nigerians, learn about it from the FBI and the 419 Coalition.

RCMP runs the Canadian Anti-Fraud Centre.

Here is a serious look at evaluating information gleaned from the net.

Also see the section on fighting junk e-mail.