CAT | Phishing/Pharming
The short version is, if an attacker is going for you specifically, they can do enough research to craft an email and attachment that you are almost certain to open. The success rate against even very paranoid and sophisticated users is shockingly high.
In Bruce Schneier’s blog post about this he quotes Brian Snow, former NSA Information Assurance Director. “Your cyber systems continue to function and serve you not due to the expertise of your security staff but solely due to the sufferance of your opponents.”
Germany is proposing to use trojan horse software to enable surveillance of target computers. I have to wonder how effective this will actually be. They are talking about distributing it in an apparently official email from a government email address.
- Now that the bad guys know this, it seems likely that they will take more care with the attachments from the government.
- Anti-virus / anti-malware programs should be able to identify and block this software
- If the anti-virus software makers are convinced to leave a hole for this software, it will be a huge back door for other hackers to use to deploy their trojan horse software.
In general this seems like a high risk operation for the Germans. I suspect that it will be used rarely and very selectively.
The Motley Fool has a nice blog post on issues involved in electronic filing of tax returns.
There are a couple of important points to be made here. First of all…
- The IRS has all your information and it will be in digital format (accessible by computer);
- You are exposed to some points of vulnerability when filing electronically, rather than on paper;
- The information on your PC is vulnerable to theft (whether you send it electronically or just use tax software);
- Your information is vulnerable on the Internet-accessible servers to which you upload your data; but
- On the flip side of the coin, paper returns are subject to loss, theft and mishandling as well, both in transit and within the IRS.
It is somewhat similar to using a credit card. You can risk online theft when conducting an e-commerce transaction, or real-world theft when handing over your card to a minimum wage worker over a store counter. Risks exist both ways.
At this time I think the jury is out on which is safer, but, for the record, I file electronically.