The Laboratorium
October 2004

This is an archive page. What you are looking at was posted sometime between 2000 and 2014. For more recent material, see the main blog at

Big Phish, Little Phish

I’m at home for the tail end of my fall break, and my mom just showed me the most sophisticated phishing scheme I’ve ever seen. She got a letter purporting to be from her mortgage company, informing her of the theft of a computer containing her customer data and offering to sign her up for an (expensive) identity-theft protection system.

She thought it was a scam by her mortgage company to sign her up for an expensive service when they’d be liable for any misuse of her data. But I looked closer at the letter and realized it was a third-party scam to get her credit card information. The PO Box number on the paper form she was supposed to fill out and return didn’t match up; the letter was printed in black-and-white instead of color; the URL to which she was supposed to go if she preferred online registration wasn’t the same as the company’s.

But the things they did right were remarkable. The letterhead was a close copy of the real thing; the addresses were all in the same place (just different in a few digits); the language was free of the usual malapropisms and typoes that characterize most phishing attempts; they went to the trouble of laying out a complex sign-up form that could have passed for a genuine one. That they were using a snail-mail based attack at all was a perverse proof of their dedication: this is the kind of scam it takes professionals to finance and execute.

Now, the interesting twist on this whole story is that the letter’s basic pitch — that her information had been stolen from the company’s server — has to be true. After all, this was a mailing targeted at customers of the mortgage company.

If this is any indication, the future of phishing looks bleak indeed.

UPDATE: No, wait! Further inspection indicates that the mailing is probably genuine. In a sense, this is even worse—the company’s security practices are mighty sketchy. I’ll be doing some more investigation and then writing this incident up for Lawmeme.

John Zogby (Almost?) Nails It

I read today this account of a talk by John Zogby about this election, as seen through a pollster’s eyes. He said much that’s been said elsewhere about the nail-biting attributes of the election, but he also said some fascinating things about the Democratic primaries. His compressed account of the primaries runs something like this:

  • As the primary season looms somewhere on the far-off horizon, there is no obvious candidate to beat—and a majority of Democrats polled don’t expect to be able to beat Bush in the general election.
  • This despair leads them towards an increasing attraction to Howard Dean. Freed from the pressure of having to to pick a candidate they expect to win, they can root for a candidate who makes them feel good about their political affiliation. Dean’s numbers shoot up.
  • But the primaries aren’t soon enough for Dean to ride this wave. During a holiday lull, when Zogby isn’t polling, something flips: suddenly Democrats think that their candidate can win in November of 2004.
  • In response to this new optimism, John Kerry’s stock starts to rise, while the bottom drops out of Dean futures. Democrats who think that the election is winnable are now looking for a candidate they think will appeal to independents.

Zogby, as I gathered from the account, left the story there, alebit with some puzzlement as to why Democratic voters suddenly got optimistic. But to me, it seems obvious: Howard Dean cheered them up. The sense of energy he brought to the campaign made it possible to hear about the primary campaign without wincing; he gave the Democrats a sense of hope, because suddenly it was now possible to envision someone—him—beating Bush.

The irony, of course, is that once that optimisim trickled out beyond the true Dean believers, it sank Dean’s campaign.

Message for Mr. Le

I just received a bulk-printed letter addressed to:

Mr. Wis Grimmelman N. James Taylor Le, G

Private Property in Sheep

I can’t possibly be the first person to think of this one …

The very phrase ‘tragedy of the commons’ is a reference to the prototypical example of such a tragedy: sheep grazing on common pasture land. The idea is that when the pasture (the “commons”) is owned collectively, then each peasant has an incentive to graze more than his fair share of sheep. The incremental drop-off in the quality of the pasturage is borne by everyone else, while he gets an extra sheep. Since everyone does it, the result is massive overgrazing and lots of starving sheep.

Well, okay, so it’s a parable about the awful, ineluctable consequences of not having private property in land. But the parable presupposes that you have private property in sheep, does it not?

Hello, Microsoft?

It’s pretty clever that Word lets you customize your menus by opening the “Customize” box and dragging commands in and out of the menus.

I just wish I hadn’t had to learn about this “feature” by trying to figure out why there was no longer a “Save” command on my File menu.