The information security industry has once again topped itself with stupid names for overly-categorized attacks: we now have "whaling," described as "super-personalized attacks targeted at high-level corporate employees" by CSO Online. The only way I can explain the recurrence of a new, unnecessary, and increasingly silly term every 2-3 months is as a cheap crutch for vendors and media to keep the hype alive. That's not to say the threat landscape is highly fluid and evolving quickly, but come on, does every minor twist need a new buzzword? Maybe I'm behind the curve, but this is the first I've seen this term.
I can't help but to think that some level of attention to detail in the message being conveyed and a bit of effort in understanding the audience would go a lot further in educating the public on the seriousness of the threat than overclassification that, in the end, only serves to confuse.
That's it, I'm creating a few new tags to track this: "overclassification" and "publiceducation."
Showing posts with label overclassification. Show all posts
Showing posts with label overclassification. Show all posts
2008-03-17
2008-01-21
Vishing
Do we really need another fish-related buzzword? I'm beginning to wonder if the security community will ever find another classification of security problems that doesn't involve the act of feeding oneself. I can't decide which is worse, this or spear phishing. I suppose it's the latter, as it's often used incorrectly to describe any targeted email attack - even those not attempting to coax PII out of hapless users. Once we get into crustaceans and invertebrates, I quit.
Ladies and gentlemen, please. "Vishing" is nothing but a slight variation on tactics that have been around for decades: phone phreaking and social engineering. That the FBI named it and is comparing it to phishing, not phreaking, is further cause for irritation. Simply because the vector of exploitation differs from these more classic scams and phreaks is no reason to confuse the public by coming up with yet another meaningless classification. It's almost as if the security and electronic music production industries are in competition.
It's no wonder the public is so confused.
Ladies and gentlemen, please. "Vishing" is nothing but a slight variation on tactics that have been around for decades: phone phreaking and social engineering. That the FBI named it and is comparing it to phishing, not phreaking, is further cause for irritation. Simply because the vector of exploitation differs from these more classic scams and phreaks is no reason to confuse the public by coming up with yet another meaningless classification. It's almost as if the security and electronic music production industries are in competition.
It's no wonder the public is so confused.
Subscribe to:
Posts (Atom)
