Jan 302015

There's a game called "victim blaming" which is where people decide the victim of a crime is somehow partially or wholely respomsible – the old "if she hadn't worn such a short skirt …".

Which is rubbish of course. The perpetrator of a crime is the one responsible for carrying it out whatever the circumstances.

But the shouting down of the "victim blamers" can perhaps drown out messages that allow risk reduction, and allow certain myths to be perpetuated. For example, many women believe that they are more at risk from strangers whereas most rapists are known to the victim.

Take a slightly less contentious crime – a phishing spam that criminals use to empty the bank accounts of the victim. Whilst the criminal here is obvious – the person who used stolen credentials to empty the bank account, the criminal needed the victim to make certain risky decisions.

2015-01-29_1517As you cannot look at the link contained within that, it's worth pointing out that if you paste the URL into a notebook, you will get a brazilian site … and I strongly suspect that Lloyds Bank is not very likely to use a Brazilian site (.br) for hosting their online account service.

And we call such victims "gullible". In the case of phishing, there are some simple procedures to follow :-

  1. Email doesn't necessarily come from whom it claims to be from. I can send you an email that will look as if it comes from Goodluck Johnathon without having anything to do with his email account.
  2. Don't click on links in emails.
  3. If your bank sends an email asking you to do something, shut down the email and open a web browser and use your existing way of getting to your bank's web site. Same applies to shopping sites, your workplace's IT department, etc.
  4. If you are determined to use a link from an email, copy the link into a notebook and read it. Does it make sense? Does the first part mention an organisation that has nothing to do with the organisation it is supposedly from? Don't trust it.

Plus a whole bunch more.

Detailing and quantifying risks isn't victim blaming; it's empowering someone to make educated decisions about their behaviour

Aug 102007

The UK news this morning (and last night) had an item on about plans to tackle the problem of phishing with various suggestions (most of which make sense). Similar stories about phishing and how people are being ripped off by fraudsters regularly come up on the news. One thing that rarely gets a mention except in passing with a suggestion to run a ‘protected computer’ is how regular computer users who ignore security are contributing to the problem.

Almost all spammers (and phishers) these days use botnets to spew out their sewage; as someone who runs a mail server for a large organisation I regularly take a look at where spams entered the Internet mail system. In the vast majority of cases it has entered via a location that is obviously a client machine operated by an ‘innocent’ person ignorant of what their computer is being used for.

There are plenty of places to point the finger of blame …

  • The companies who produce operating systems that are so vulnerable to being compromised when connected to the Internet.
  • Those who use viruses and worms to create ‘botnets’ of vulnerable machines to be used for a variety of purposes.
  • The ISPs who irresponsibly fail to block outgoing mail not going through their mail servers. Whilst some (me!) should be able to opt out of such a block because we (I) run our own mailserver it should not be open by default.

Finally, the person who runs a computer irresponsibly is also to blame. Obviously not everyone wants to become a security expert, but there are a few easy steps to make it more difficult for your computer to be broken into. And they should accept that if they get infected they could get slung into a ‘quarantine’ … ISPs can and should be able to detect infected machines being used by spammers and sling them into a ‘quarantine’ network with limited functionality. This ‘quarantine’ is dead simple to setup, as I’ve done it myself.

To reduce it to an analogy, if you were to leave a car parked with the handbrake left off are you totally blameless if someone leans against the car and it rolls down a hill and kills someone ? People tend to regard leaving an infected computer online as being a trivial matter; it is not.

WP Facebook Auto Publish Powered By : XYZScripts.com

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.