Naval Postgraduate School
Fall 2007
Oct 18, 2007
Spam and Phishing (Guest Speaker: Vipul Ved Prakash)
Unwanted email sent in bulk is more than an annoyance: it is an
illegal menace that threatens the very future of the Internet. Spam
clogs our email systems, forces organizations to procure equipment
that they could otherwise do without, and causes us to miss important
emails. But spam is also a primary conduit through which attack
software is sent and the channel by which phishing and other kinds of
fraud is conducted.
In this lecture we will look at this history of spam, at laws that
have been passed in an attempt to deal with the problem, and the
current status of technical measures that have been proposed to handle
the onslaught of unwanted email.
Additionally we will look at the various forms of phishing and how
they continue to evolve in level of sophisitcation and . Social
engineering is the key element in any phishing scheme so we'll look at
the various ways phisher's use psychological tricks to get people to
do what they want.
We will also look at the ways in which modern day e-mail
advertisements and solicitations by legitmate companies creates the
environment in which phishing trives. The financial industry is
particularly vulnerable to this form of on-line crime, so we will look
at the current trends in combating the constant threat. Some questions
posed and discussed will be:
- Where does the computer users responsibility for security begin and the financial institutions end?
- Who pays for the loss of funds?
- How vulnerable is the average user?
- How effective are these phishing schemes anyway?
This topic is a wonderful illustration of how the security industry
builds a mouse trap and the criminal element builds a better
mouse. Students are encouraged to bring in examples of phishing
schemes from their own e-mail inboxes.
About Vipul Ved Prakash
Vipul Ved Prakash is an experienced software engineer and
information security expert. He is the creator of "Vipul's
Razor", one of the first real-time, collaborative filtering
systems to operate at Internet scale. In 2001, Vipul moved from
New Delhi to San Francisco, where he co-founded Cloudmark Inc,
to evolve the technology and vision pioneered in Vipul's Razor.
Cloudmark's messaging security products have garnered critical
acclaim and are widely deployed in some of the largest ISPs
around the globe including Comcast, Earthlink, Time Warner
Cable, NTT, and UPC.
Vipul has written several open-source packages that are included
with popular UNIX distributions like Redhat, Debian and FreeBSD.
An avid technology writer, Vipul served on the editorial staff of
computing journals in India during the late 90s, and wrote a
column on Internet protocol design for PC World. His academic
papers have appeared in ACM Queue, First Monday and on Perl.com.
In 2003, MIT Technology Review named him amongst the "Top 100
Young Innovators in the World" for his work on Razor and
Cloudmark. Vipul is a frequent speaker at industry conferences
on security and computing.
Readings
We will continue our readings in Privacy on the Line:
- Privacy on the Line, Chapter 6: Protections and Threats (32 pages)
- Privacy on the Line, Chapter 7: Wiretapping (32 pages)
Entertaining Video
Other Resources