On Tue, Apr 30, 2013 at 12:47:40PM -0400, Jared Mauch wrote:
If the phishing attack is against an enterprise that is also an ISP, surely you can imagine a case where they might block traffic to prevent folks from being phished.
This is not an effective anti-phishing tactic, any more than "user education" is an effective anti-phishing tactic. (Let me quote Marcus Ranum on the latter: "if it was going to work, it would have worked by now." And let me observe: it's never worked; it's not working; it's never going to work.)
i think it's great that someone is blocking folks from being infected with either malware or giving up their private details improperly.
One person's "malware" is merely an interesting collection of inert bits to someone else, just as "email virus" has no operational meaning to anyone clueful enough to run a sensible mail client on a sensible operating system. Thus one undesirable effect of such blocking is that it denies access to researchers who are at nearly zero risk of negative consequences *and* who might be the very people in a position to understand the threat (phishing, malware, etc.) and figure out how to mitigate it. Another is that it presents a false sense of security to the ignorant, the lazy, and the careless. While in the short term that may seem benevolent and useful, I think in the long term it has a deleterious effect on security as a whole. And if we've arrived at a point in time where people are actually considering making routing decisions based on longstanding design and implementation defects in consumer operating systems and applications, then I think "long term" equates to "right now". ---rsk