Enforcement takes the fight to the phishers

re: Enforcement takes the fight to the phishers

SWortham — Thu, 22 Jun 2006 23:40:12 GMT

Sounds good to me. I think that for a long time the prevalence of these crimes has been due to the seemingly low risk of being caught. But I'm glad someone is being proactive in putting a stop to this.

Steve

re: Enforcement takes the fight to the phishers

game kid — Thu, 22 Jun 2006 23:40:56 GMT

Well at least no one can say "screw the fines, they should've put the spammer in jail!!1".

I just hope he doesn't get a PC in his cell...

Internet Explorer: Microsoft Attorney Blogs!

Jeff Lynch [MVP] — Fri, 23 Jun 2006 00:50:17 GMT

The world of technology is definitely changing! I just ready a new post from an attorney working for Microsoft about Microsoft’s Global Phishing Enforcement Initiative.

Microsoft gets a phisherman

Microsoft News Tracker — Fri, 23 Jun 2006 02:29:51 GMT

At the Microsoft IEBlog - Enforcement takes the fight to the phishers:
Hi, I&rsquo;m Aaron Kornblum, Internet Safety Enforcement Attorney at Microsoft, and a member of Microsoft&rsquo;s global team committed to help fight cybercrime and protect

re: Enforcement takes the fight to the phishers

starsystm — Fri, 23 Jun 2006 04:32:57 GMT

You can waste your time by protecting all your creations, I'm attorney too, my position is : knowledge is not a fact of money, but well a matter of sharing

Rats !

PS: Well written article but it's role is only to let us know that things will become AGAIN more complicated. Strange isn't it ? Normally people at Microsoft aren't supposed to do the contrary ? ... was just wondering ...

re: Enforcement takes the fight to the phishers

Brad Pliner — Fri, 23 Jun 2006 07:26:13 GMT

The bulk of online fraud comes from countries like Nigeria where the governments are not cooperative with outside law enforcement, given that online crime is a major component of their country's economy. Litigation can only scare away some people from cybercrime, but you're only scratching the surface. A technological solution is the only solution - and that means gutting our current e-mail system, and an implementation of site authentication (what https/SSL tries to accomplish) that actually helps users identify the web sites they want to go to. Phising sites should be blocked at the local ISP level, rather than having a central system such for which my browser needs to submit every address I go to, to determine if it's fraud. Lawsuits are not going to solve this problem long-term.

re: Enforcement takes the fight to the phishers

jvierra — Fri, 23 Jun 2006 08:01:06 GMT

Great initiative. Phishing is the biggest threats to a successful public Internet that has come along. It has the ability to destabilize all elements of our economy as well as doing damage to unwary users who should not have be challenged in this way.

re: Enforcement takes the fight to the phishers

Meatball — Fri, 23 Jun 2006 18:46:41 GMT

Now we have a LAWYER here (oh frabjous day) how about blogging about antitrust issues and Internet Explorer?

You know, Netscape engineers are weenies? Bill's pathetic lies and rocking in the chair? The character assassination of Judge Jackson?

How about addressing the fact that Microsoft is a deeply criminal monopoly abusing enterprise?

Everyone who works on IE is tainted. You can bury your heads in the sand if you like, but it is unethical to be "just doing your job" and ignore the illegal actions of your employer.

re: Enforcement takes the fight to the phishers

Tyson — Fri, 23 Jun 2006 20:47:32 GMT

I know this is off-topic and a little pendantic, but there's no recent standards-compliance post for me to post this on. So, here goes:

In 1998, a Microsoft W3C representative wrote:

"Microsoft has a deep commitment to working with the W3C on HTML and CSS. We have the first commercial implementation of HTML4, we were the first vendor anywhere to implement even portions of CSS, and we have put a tremendous amount of energy into seeing CSS mature to Level 2. We are still committed to complete implementations of the Recommendations of the W3C in this area (CSS and HTML and the DOM)."

It's now eight years later, and I think we've sufficiently shown that Microsoft has very little commitment to standards beyond what is required to make their browser barely functional. Beyond that, Microsoft has no vested interest in supporting web standards and improving their user's experience.

Håkon Wium Lie, in a recent Ask Slashdot feature, had this to say about Microsoft and IE:

"It's quite clear that Microsoft has the resources and talent to support CSS2 fully in IE and that plenty of people have reminded them why this is important. So, why don't they do it? The fundamental reason, I believe, is that standards don't benefit monopolists. Accepted, well-functioning, standards lower the barrier of entry to a market, and is therefore a threat to a monopolist.

From that perspective, it makes sense to leave CSS2 half-implemented. You can claim support (and many journalists will believe you), and you also ensure that no-one can use the unimplemented (or worse: buggily implemented) features of the standard. The only way to change the equation is to remind Microsoft how embarrassing it is to offer a sub-standard browser. And to use better browsers.

Another reason for not making a IE too good is that it will compete with Windows. A modern browser is an application platform; the combination of HTML, JavaScript, CSS and DOM allows developers to target the web instead of Windows, Linux, or Mac."

(Disclaimer: Håkon works for Opera, whose Opera 9.0 browser beats the pants off of IE seven ways to Sunday.)

Food for thought, anyways.

We now return to our regularly scheduled anti-phishing talk; phishing that, which I might add, is elementary to do on a modern Windows XP machine with Internet Exporer. The same goes for spam zombie machines.

Am I bitter because I've been fighting IE6 bugs for the past 10 hours? Slightly.

Am I bitter because I've been fighting IE6 bugs for the past 10 hours? Slightly

Daljon — Fri, 23 Jun 2006 21:18:36 GMT

reply to Tyson, dont use it then, there are other alternative.

re: Enforcement takes the fight to the phishers

Daljon — Fri, 23 Jun 2006 21:20:48 GMT

Great article Kornblum. Keep up the good work and thanks for the efforts. Sincerely

re: Enforcement takes the fight to the phishers

Tyson — Fri, 23 Jun 2006 21:55:44 GMT

@Daljon: Tell that to 70% of the internet. That's my gripe. That, thanks to Microsoft making IE6 the default browser on it's operating systems, has made progressing web sites beyond where they've been stuck for years a virtual impossibility.

Like Meatball mentioned: Remember any "antitrust" lawsuits? *cough*

re: Enforcement takes the fight to the phishers

clarence — Sat, 24 Jun 2006 01:19:21 GMT

alot of people can protect themselves just by forwarding any emails like this msn's spoof department anf if its real then they'll inform you.. so far with all the dealings I had with emails like this, they've all been fake, so just delete it..I do..

re: Enforcement takes the fight to the phishers

anphanax — Sat, 24 Jun 2006 04:57:12 GMT

"How about addressing the fact that Microsoft is a deeply criminal monopoly abusing enterprise?"

Meatball, I don't remember the Government breaking up Microsoft. Might have something to do with that fact they're not technically a monopoly. The anti-trust charges stuck, but the monopoly one was overturned, if I recall.

I don't considering improving IE6 to be "abusing a monopoly". Go cry somewhere else.

Sender ID is RFC 4406

Maurits — Sun, 25 Jun 2006 07:27:34 GMT

Sender ID is also RFC 4406
http://www.ietf.org/rfc/rfc4406.txt

re: Enforcement takes the fight to the phishers

codemastr — Sun, 25 Jun 2006 19:25:43 GMT

"How about addressing the fact that Microsoft is a deeply criminal monopoly abusing enterprise?"

If you feel that way, seek counsel and begin a class action lawsuit against MS. That is perfectly within your rights to do so. The fact that you haven't done so suggests that your claims are baseless and amount to nothing more than speculation and libel. If you don't like Microsoft, don't use their products (that's an option you have because Microsoft is NOT a monopoly). I have a Mac machine that does not run a single Microsoft product. I have 3 Linux machines that do not run a single Microsoft product. I have 2 Solaris machines that do not run a single Microsoft product... I ask you, how am I able to do this if Microsoft is a "deeply criminal monopoly"? Seems there are other companies that are alive and well in the software industry. Perhaps Microsoft products are so widely used because they are better. As a software developer for 6 years, I can say there is no better IDE than Visual Studio, it blows the competition away. I've used other products, and I've decided VS.NET is superior. I've tried other OSes, I prefer Windows, hence that's why I use it as my normal desktop OS. I've run Firefox, Opera, Netscape, and a host of other less-known browsers, and I still decided to use IE. It's not because MS forced these products on me, the existence of several other products, some from very large companies (If you want to claim Microsoft is a monopoly, you could easily make the same claim against Sun Microsystems)...

As I said, if you honestly believe Microsoft is breaking the law, it is your right, and indeed your duty to do something about it other than come here and complain. Again I say, the fact that you have not done so is just evidence that your claims are fraudulent.

re: Enforcement takes the fight to the phishers

Francois J MARTIN — Sun, 25 Jun 2006 21:29:32 GMT

I,

I'm totaly agree with you, and we will have to fith together against the cyber crime by setting a new internet crypted = IPV7

re: Enforcement takes the fight to the phishers

Francois J MARTIN — Sun, 25 Jun 2006 21:32:26 GMT

I WAS TELLING YOU THAT THE CYBER CRIME HAVE TO BE STOPPED;

and the only way to stop it is to set up a new IPV7 WEB

THANKS A LOT

re: Enforcement takes the fight to the phishers

Mybusiness — Sun, 25 Jun 2006 23:21:24 GMT

To codemaster: do u have the $$$$$$
To Tyson: MOZILLA FIREFOX!!
To all others: Microsoft is an abusing, thieving, idea snaching, monopolising, money hungry criminal! They smash and beat other companies because they have been allowed to get away with it.
As Bill Gates once said, "We were here first."

re: Enforcement takes the fight to the phishers

Helen Feddema — Sun, 25 Jun 2006 23:59:35 GMT

What about phishing messages in Outlook? They need to be curbed too. How about letting users enter the names of financial institutions with which they have accounts (perhaps in Microsoft Passport), so that any message from a financial institution that is not on the list would automatically be marked as Junk Email. That wouldn't get them all, but it would certainly cut down the amount.

re: Enforcement takes the fight to the phishers

jajoehl — Mon, 26 Jun 2006 00:08:42 GMT

I think this is a very fair punishment. Not too long ago I took it upon myself to unsubscribe from a technology-related email listserv I was on, for a very similar reason. Someone had taken it upon themselves to write a string of characters that when sent via email, somehow caused a certain speech synthesizer to crash. I was unfortunately one of these victims. I have the speech synthesizer in question set as my default speech synthesizer, and whenever my email would encounter this certain string of characters my speech would stop immediately and I had to restart my computer. Up until very recently there were two fixes for this problem. Those of us using the suspect speech synthesizer could either switch to a different speech synthesizer, or we could add the character string to the JAWS Dictionary Manager. Choosing the latter route resulted in a sound being played such as a buzzer when our email programs encountered that string. Freedom Scientific, makers of the JAWS screen reader, have since fixed this problem in updates to the screenreader, so JAWS users such as myself no longer have to worry about it.

re: Enforcement takes the fight to the phishers

Jim Kelley — Mon, 26 Jun 2006 17:33:13 GMT

All of this constant griping about Microsoft... If you all hate it so much start using Linux, Firefox, etc.

re: Enforcement takes the fight to the phishers

Christopher — Mon, 26 Jun 2006 22:30:03 GMT

Really, we need some way to verify all websites that people go to on a regular basis and have personally identifiable information on them (banking and commerce sites most notably).
Also, Microsoft is doing the right thing by helping the government go after the phishers themselves.

The way to stop spam e-mail, as the one poster says, is to have some sort of Sender ID on the e-mails. Now, people are going to say that it is going to be hard to make a Sender ID, but it really wouldn't be. Just type in a random set of letters, it turns that into a Sender ID and BOOM! You're done.

That's how Sender ID should work.

re: Enforcement takes the fight to the phishers

you really think i put my name in comment boxes — Tue, 27 Jun 2006 04:12:53 GMT

I really hope IE7 will conform to some set of standards (W3C?) and not be pulled out of Mircosoft's butt.

re: Enforcement takes the fight to the phishers

Jessica — Tue, 27 Jun 2006 09:12:28 GMT

I am glad that this is finally happening, I have been forwarded sites when friends who were looking to buy things that were priced too good to be true, then found the domains whois to be in hong kong with a payment processor in Europe with the contact information goinf somehwre else - just to find out that they were phishing for card numbers that way... it's made me trust all web sites less, and negatively affected what would otherwise be an enjoyable on line experience.

re: Enforcement takes the fight to the phishers

AC — Tue, 27 Jun 2006 19:35:02 GMT

@you really think i put my name in comment boxes

We all know of Microsofts standards issues, to if you're going to comment, be specific. In this case it's a post concerning phishing, so please be specific in which w3c phishing standards IE needs to conform to.

I don't understand some of you

James Summerlin — Tue, 27 Jun 2006 22:48:59 GMT

Microsoft is one of the few, if not the only, company on the planet trying to tackle the problem of internet crime not only from a technological stand point but also from a legal standpoint. Yet all some of you can say is "MS is an illegal monopolist and is evil!" or "MS destroyed Judge Jackson's credibility!".

What has opensource done about internet crime lately?

What has Apple done?

James

re: Enforcement takes the fight to the phishers

J. Jones — Wed, 28 Jun 2006 15:52:40 GMT

Since yesterday, when I go to my "secure sign-
in" for my msn hotmail, I instead get a url
up top saying 'cmsn.' and a warning box that
it is an unknown site. I say "no" to opening
(otherwise,it looks just like the msn.sign-in,
and I get the usual Looong msn address. What's
happening? What is cmsn, and why is it spoofing
msn? I searched my files for 'spoof' and have
many, also cmsn files, but am too dumb to know
which ones to delete and too poor to pay (yet
again) to have this new computer cleaned.

re: Enforcement takes the fight to the phishers

Marc Weiner — Thu, 29 Jun 2006 15:39:34 GMT

I believe that enforcement of activities that result in fraud should be punished accordingly. In this case, MSN was the target of a scheme and Microsoft's customers lost thousands if not millions of dollars. Although I doubt Microsoft lost any income in this scheme, it is important to note two things. One, that Microsoft charges individuals with fraud when their customers are affected by phishing affecting their customers and two, Microsoft takes steps to ensure phishing is made tougher to accomplish on it's operating systems and browser products. Phishing doesn't usually affect the bottom line of Microsoft, but rather the users of Microsoft's products. Hence, I feel that although Microsoft is not directly responsible for phishing, Microsoft should provide additional safety for it's customers. Perhaps instead of a blog, protection in the form of a certificate with a unique algorithm to communicate with the browser informing consumers that the billing request is legitimate so phishing billing incidents are prevented rather than users experiencing fraud requiring enforcement?

re: Enforcement takes the fight to the phishers

David Walker — Thu, 29 Jun 2006 20:47:19 GMT

J. Jones: This is not a general support site for Internet Explorer. You'll do better by posting in the Internet Explorer newsgroup (Microsoft.Public.InternetExplorer.General or .Security).

re: Enforcement takes the fight to the phishers

mcineral — Thu, 29 Jun 2006 21:26:10 GMT

This is a good start but the only reason this person was brought to justice was because the phishing target was MSN subscribers and Microsoft with its almost infinite resources was able to track down the culprit and deliver him to the FBI with a big bow tied around his neck.

Clearly this shows that our government in and of itself is neither willing nor able to devote the kind of resources that would be necessary to bring these criminals to justice.

I guess it's just a matter of priorities.

Also, before I make this last point let me assure you that I have never sent spam or unsolicited email in my life and I like everyone has my inbox filled with spam every day but I have to take issue with calling spammers criminals. Is it a crime to send junk mail through the US post office? Surely this has more of a tangible effect on people. Whether its the Post Office employees who have to handle it, or the people who have to sift through it in their mail in order to find the items that they really want. Or do you think it's more disruptive and time consuming to have to hit the delete button? I don't think so.

Do you know what the difference is?

Do you?

It's that for every piece of junk mail that is sent, the government gets paid in postage.

Again, I guess it's just a matter of priorities.

re: Enforcement takes the fight to the phishers

Max — Sat, 01 Jul 2006 10:45:30 GMT

Sounds good to me. But I'm glad someone is being proactive in putting a stop to this...

Scripting StatusBar Security Setting

moonwalker — Sun, 02 Jul 2006 07:41:06 GMT

Hi,

I am developing a program in VB6 that uses the IE6/7 web browser control. I use the status bar as a way to communicate between dynamically created content displayed in the embedded browser and the rest of my app. I think it is wrong for IE7 to outright disable scripting of the status bar messages by the default security settings.

VB6 programs should be able to receive StatusTextChange events from custom javascript window.status messages on content hosted in the IE7 browser control. That is how it was in IE6.

Why not just make the visual status bar in IE7 hide "DISPLAY" of scripted status bar messages in order to discourge phishing for the default.

I only need the scripted status message to hit the browser control's StatusTextChange event...I do not care how long the message is displayed or if it is show at all!

Microsoft Ships Future Crime Fighting Tool and Fights Cybercrime « Future Crime

Wed, 30 Apr 2008 00:46:03 GMT

PingBack from http://futurecrime.wordpress.com/2008/04/29/microsoft-ships-future-crime-fighting-tool-and-fights-cybercrime/

IEBlog Enforcement takes the fight to the phishers | Paid Surveys

IEBlog Enforcement takes the fight to the phishers | Paid Surveys — Sat, 30 May 2009 00:25:57 GMT

PingBack from http://paidsurveyshub.info/story.php?title=ieblog-enforcement-takes-the-fight-to-the-phishers

IEBlog Enforcement takes the fight to the phishers | Indoor Grills

IEBlog Enforcement takes the fight to the phishers | Indoor Grills — Mon, 01 Jun 2009 10:55:28 GMT

PingBack from http://indoorgrillsrecipes.info/story.php?id=4494

IEBlog Enforcement takes the fight to the phishers | debt consolidator

IEBlog Enforcement takes the fight to the phishers | debt consolidator — Mon, 15 Jun 2009 23:31:58 GMT

PingBack from http://mydebtconsolidator.info/story.php?id=3330

IEBlog Enforcement takes the fight to the phishers | fix my credit

IEBlog Enforcement takes the fight to the phishers | fix my credit — Wed, 17 Jun 2009 04:47:05 GMT

PingBack from http://fixmycrediteasily.info/story.php?id=3022