01-28-2004, 07:47 PM
|
|
Pontificator
Join Date: Feb 2004
Posts: 1,423
|
|
USA's "National Cyber Alert System"
Check out
http://edition.cnn.com/2004/TECH/int...arn/index.html
Sounds like a good plan to begin with, but then you think about it more and it suddenly becomes a bad idea. If the next person who writes a mass-mailing worm using the same subject lines and spoofed domains as the National Cyber Alert System, guess what's going to happen? People are going to purposely open said messages. It's like using "Virus warning - download this fix" as a subject line, but more powerful.
Sigh...
:roll: |
| |
|
|
|
01-28-2004, 08:29 PM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 14,940
|
|
Well... the messages are cryptographically signed. Not useful for the average consumer, but still better than nothing.
Besides, what else would you propose?
--janak
|
| |
|
|
|
01-29-2004, 10:30 PM
|
|
Intellectual
Join Date: Aug 2004
Posts: 172
|
|
Hmmm, I dunno... Sounds a lot like existing sites out there.. Microsoft's Security Alert, CERT Advisories, Virus eye.. Nothing new really. Perhaps a more central location to get this info.
|
| |
|
|
|
01-30-2004, 06:28 AM
|
|
Philosopher
Join Date: Feb 2004
Posts: 492
|
|
Maybe a pull strategy instead of a pure push.
The gov't could send an email stating that there has been a new alert issued. There would be a hyperlink to the gov't site, showing the warning.
The email message would have to be patently clear that the email recipient check the URL to ensure they've been directed to a real gov't website, and not some bogus site.
Moreover, the gov't should be clear that they NEVER send email attachments or request any email recipient to download anything, ever. These would become the flashing red lights if any spoofer tried to do something like that.
It'll take education and diligence, it's not perfect, but it's better than not doing anything.
|
| |
|
|
|
01-30-2004, 06:41 AM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 14,940
|
|
Quote:
|
Originally Posted by famousdavis
The gov't could send an email stating that there has been a new alert issued. There would be a hyperlink to the gov't site, showing the warning.
|
That's not foolproof either. If the message was spoofed, it certainly wouldn't include a warning to check the URL, and 99% of users would never know the difference. Ditto with attachments.
--janak |
| |
|
|
|
01-30-2004, 06:41 AM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 14,940
|
|
Quote:
|
Originally Posted by DimensionZero
Hmmm, I dunno... Sounds a lot like existing sites out there.. Microsoft's Security Alert, CERT Advisories, Virus eye.. Nothing new really. Perhaps a more central location to get this info.
|
Yes. This is consolidating/replacing CERT.
--janak |
| |
|
|
|
|
|
|
Linear Mode
