one-to-many messaging

[James Firth]

On 01 April 2008 13:55, Richard Clayton wrote:
> The reason for not blocking phishing websites within the CleanFeed
> system is not that -- but that the design is poorly suited to it!
> 
> ...
> 
> ... and the phishing attackers ARE taking active steps to avoid blocking
> and the way in which the sites are accessed does on occasion equate to
> evasion by the (unwitting) customers.

That's a very good point you picked me up on.  I had been assuming all along
that Phorm would also be somewhat unsophisticated in its detection (i.e.
using a blacklist of IP and URLs).  Of course Phorm can afford to be
somewhat more aggressive in its filtering because the customer can always
override any warning.

However, as you say, phishing attacks are becoming much more sophisticated
in using open URL redirectors, multiple domains (URL sequences rather than a
single URL) and multiple servers (i.e. compromised PCs).

So the next question is: how well will Phorm fair in this?  In order to keep
abreast of the latest phishing technologies, Phorm will likely have to
release frequent software updates, not just for the watch-list definitions,
but also of the detection algorithm itself.

This then leads back to the original question I put to my MP: who will have
oversight of the software running on Phorm's servers, and any market rivals,
to ensure it *continues* to be both secure and "lawful" in its data
gathering?  Especially given that the ICO recently announced it would be
focussing as much on reducing risk than it would be on policing, indicating
that it had insufficient resources to police data use across so many
organisations.

James Firth