15 March 2005

XML Concepts: Using parallel feeds on e-mail services to combat phishing

Have you heard about phishing? It’s when someone shows up and starts asking you a bunch of questions.

Normally, you would know not to give out your password. The problem is when they pretend to be someone who might need it. G-Mail has issued many warnings. I talked about this earlier.

The next step is to start developing some solutions to this. There could be a notification system.


Enterprise brainstorming

  • How can we use XML feeds to combat phishing?

  • What information, data, or security protocols could be quickly upgraded at the first sign of phishing?

  • How can XML feeds be used to more quickly coordinate information between those who first come across the problem and those who are potential targets?

  • How can XML be used as a means to ensure the information users are getting is checked against an official standard, source, or protocol?


  • I had another idea. What if there was a way to set up a standard feed for all the services.


    E-mail Phishing


    Let’s run through an example. Suppose the phishers are trying to get access to G-Mail information.

    The way the phishers are able to do this is that they use e-mails and codes that appear to be real. That’s the Achilles heal of the phishers. What the phishers can’t do is create a feed that is an official feed from the corporation.


    XML Fish Hunt

    Parallel feeds to combat phishing


    What could be created is an official XML feed. This feed would be attached to the enterprise products. If users get an e-mail, the system would compare the e-mail with the data in the official feed.


    Parallel feeds


    The solution looks something like this. Suppose you are reading your e-mail. Then you get an official looking e-mail.

    In the right hand corner of your e-mail box, you could connect to the active-site RSS feed. In this case, if you are using G-Mail, in your right corner would be a G-Mail RSS feed.

    What the publishers and services could do is use this official feed as the method to automatically alert readers to official information. If the G-Mail e-mail is not matched by a similar feed, then there is a problem.


    Matching


    Also the parallel feed could be an integrated mechanism for the platform to transfer data back and forth between your e-mail account and the service. This matching and comparison would not look at content; it would only match headings and protocols.

    If there were messages getting sent out from phishers, G-Mail could use XML as a method to compare the G-Mail official notices with the notices coming back.

    If there was no match, then this e-mail could be put into a cache; held; or forwarded directly to law enforcement.


    XML Emergency broadcast system


    Also, this parallel feed could be a means to quickly notify service users that there is a problem. Again, suppose you get an E-mail from G-Mail; but other users are also getting reports.

    Rather than send a separate e-mail, what would be nice is if these early reports of problems with a particular G-Mail message were dovetailed with a specific message.

    When one user knows of a problem, then all users should be notified on the parallel feed that there is a problem.


    Override in pop-up


    When readers opened up their e-mail that contained known or reported terms, the G-Mail parallel feed would have an override function.

    It could either send a warning message along an XML feed; triggering a pop-up box both to alert the user of a problem, and require the user to approve continuing.


    Alerts


    I’d like to be the first to know. I’d like to know through an XML feed what others know. I’d like to have my e-mail systems injected with the codes and filters from my e-mail service that other users have found to be problematic.

    This parallel feed could provide the official key words that users could use to filter out spam and phishing.

    This approach is fairly simple. Users and other readers, who come across spam and phishing attacks, could send this information into the services. The services in turn would work with the internet law enforcement to coordinate the efforts.

    At the same time, the services would provide these key terms and phrases the phishers are using along an XML feed to you. Your e-mail would then take this XML feed, and incorporate the key terms into the e-mail filter options.

    Either the e-mail could be trashed; or it could be forwarded back to both the service and law enforcement; or it could be flagged as having a problem. Perhaps the end-user would have the option to make the decision.


    Legal defense of phishers has no foundation


    Of course this is censorship: It is denying criminals the tools to get access to information they are otherwise not able to get through lawful means.

    It’s not free speech to commit crimes. It is free speech to share ideas how to combat criminal activity.

    And I’d like to have a system set up so that the services can quickly provide directly to me information that is important. This isn’t advertising. It’s called infrastructure protection.


    Enterprise solutions


    The enterprise solutions to this problem would be to establish e-mail systems that accommodate parallel feeds. E-mail platforms do more than simply provide e-mail.

    They could also be configured to provide parallel feeds. Not just emergency communication to combat phishers, but also provide valuable content.

    Aggregators and e-mail may quickly become integrated. Will the aggregators incorporate e-mail before e-mail providers being providing parallel feeds? Perhaps we may see some mergers between the e-mail platforms and aggregators.



    Summary


    The phishers have many tools. But XML can also be an emergency broadcast system. The services could set up a parallel feed. Content providers could have automated systems to require matching to occur before content is read.

    The airways have the emergency broadcast system. It overrides all other communication. If there are phishers in the area, I’d like the services to have tools to alert the users that there is a problem.

    Also, in the event that a new phishing attack occurs, the services with the parallel feeds could provide a direct message to readers that there is a problem.

    XML will defeat the phishers. phishers will be defeated more quickly when e-mail providers and aggregators combine forces.


    LEGAL NOTICE


    Creative Commons License

    This work is licensed under a Creative Commons License.

    You may not copy any of this work to promote a commercial product on any site or medium in the universe.

    If you see this work posted on a commercial site, it violates the creative commons license; and the author does not endorse the commercial product.

    Free to use for non-commercial uses. Link to this original blogspot and cite as .
    Have you heard about phishing? It’s when someone shows up and starts asking you a bunch of questions.

    Normally, you would know not to give out your password. The problem is when they pretend to be someone who might need it. G-Mail has issued many warnings. I talked about this earlier.

    The next step is to start developing some solutions to this. There could be a notification system.


    Enterprise brainstorming

  • How can we use XML feeds to combat phishing?

  • What information, data, or security protocols could be quickly upgraded at the first sign of phishing?

  • How can XML feeds be used to more quickly coordinate information between those who first come across the problem and those who are potential targets?

  • How can XML be used as a means to ensure the information users are getting is checked against an official standard, source, or protocol?


  • I had another idea. What if there was a way to set up a standard feed for all the services.


    E-mail Phishing


    Let’s run through an example. Suppose the phishers are trying to get access to G-Mail information.

    The way the phishers are able to do this is that they use e-mails and codes that appear to be real. That’s the Achilles heal of the phishers. What the phishers can’t do is create a feed that is an official feed from the corporation.


    XML Fish Hunt

    Parallel feeds to combat phishing


    What could be created is an official XML feed. This feed would be attached to the enterprise products. If users get an e-mail, the system would compare the e-mail with the data in the official feed.


    Parallel feeds


    The solution looks something like this. Suppose you are reading your e-mail. Then you get an official looking e-mail.

    In the right hand corner of your e-mail box, you could connect to the active-site RSS feed. In this case, if you are using G-Mail, in your right corner would be a G-Mail RSS feed.

    What the publishers and services could do is use this official feed as the method to automatically alert readers to official information. If the G-Mail e-mail is not matched by a similar feed, then there is a problem.


    Matching


    Also the parallel feed could be an integrated mechanism for the platform to transfer data back and forth between your e-mail account and the service. This matching and comparison would not look at content; it would only match headings and protocols.

    If there were messages getting sent out from phishers, G-Mail could use XML as a method to compare the G-Mail official notices with the notices coming back.

    If there was no match, then this e-mail could be put into a cache; held; or forwarded directly to law enforcement.


    XML Emergency broadcast system


    Also, this parallel feed could be a means to quickly notify service users that there is a problem. Again, suppose you get an E-mail from G-Mail; but other users are also getting reports.

    Rather than send a separate e-mail, what would be nice is if these early reports of problems with a particular G-Mail message were dovetailed with a specific message.

    When one user knows of a problem, then all users should be notified on the parallel feed that there is a problem.


    Override in pop-up


    When readers opened up their e-mail that contained known or reported terms, the G-Mail parallel feed would have an override function.

    It could either send a warning message along an XML feed; triggering a pop-up box both to alert the user of a problem, and require the user to approve continuing.


    Alerts


    I’d like to be the first to know. I’d like to know through an XML feed what others know. I’d like to have my e-mail systems injected with the codes and filters from my e-mail service that other users have found to be problematic.

    This parallel feed could provide the official key words that users could use to filter out spam and phishing.

    This approach is fairly simple. Users and other readers, who come across spam and phishing attacks, could send this information into the services. The services in turn would work with the internet law enforcement to coordinate the efforts.

    At the same time, the services would provide these key terms and phrases the phishers are using along an XML feed to you. Your e-mail would then take this XML feed, and incorporate the key terms into the e-mail filter options.

    Either the e-mail could be trashed; or it could be forwarded back to both the service and law enforcement; or it could be flagged as having a problem. Perhaps the end-user would have the option to make the decision.


    Legal defense of phishers has no foundation


    Of course this is censorship: It is denying criminals the tools to get access to information they are otherwise not able to get through lawful means.

    It’s not free speech to commit crimes. It is free speech to share ideas how to combat criminal activity.

    And I’d like to have a system set up so that the services can quickly provide directly to me information that is important. This isn’t advertising. It’s called infrastructure protection.


    Enterprise solutions


    The enterprise solutions to this problem would be to establish e-mail systems that accommodate parallel feeds. E-mail platforms do more than simply provide e-mail.

    They could also be configured to provide parallel feeds. Not just emergency communication to combat phishers, but also provide valuable content.

    Aggregators and e-mail may quickly become integrated. Will the aggregators incorporate e-mail before e-mail providers being providing parallel feeds? Perhaps we may see some mergers between the e-mail platforms and aggregators.



    Summary


    The phishers have many tools. But XML can also be an emergency broadcast system. The services could set up a parallel feed. Content providers could have automated systems to require matching to occur before content is read.

    The airways have the emergency broadcast system. It overrides all other communication. If there are phishers in the area, I’d like the services to have tools to alert the users that there is a problem.

    Also, in the event that a new phishing attack occurs, the services with the parallel feeds could provide a direct message to readers that there is a problem.

    XML will defeat the phishers. phishers will be defeated more quickly when e-mail providers and aggregators combine forces.


    LEGAL NOTICE


    Creative Commons License

    This work is licensed under a Creative Commons License.

    You may not copy any of this work to promote a commercial product on any site or medium in the universe.

    If you see this work posted on a commercial site, it violates the creative commons license; and the author does not endorse the commercial product.

    Free to use for non-commercial uses. Link to this original blogspot and cite as .
    " />