French managers comment on PhishTank
posted by John Roberts on February 9th, 2007 in PhishTank, PhishTank in the news, French
Via Stéphane Degor, I found an interesting article in a French publication, Journal du Net, about PhishTank. Four people were asked to comment on PhishTank for “Avis de managers: PhishTank.” (That’s “Opinion of the Managers: PhishTank.”)
The preface, my translation:
A community project in the fight against phishing, PhishTank relies on the reactions and the contribution of Net surfers. Free and effective. However, will it survive in the long term? The opinion of four managers.
The group:
- Stephan Roux, of Sophos (security company)
- Christophe Canonne, of Cyber Networks (security company)
- Guillaume Brossard, of HoaxBuster.com (site for debunking scams)
- Laurent Dupuy, of Freesecurity (security consultancy)
My French is rusty, so I combined my lingering language skills with one of the free online translation tools to get a sense of what each person in the group says. I hesitate to give my own interpretations of what they’ve written, given the language uncertainty. Still, I welcome their comments and attention. And I encourage you to take a look.
Overall, they share kudos and concerns. The former are appreciated, and the latter are something all of us have to consider and address. We are making PhishTank better… and by “we” I mean moderators, developers, administrators, and the active members of the community.
There is no simple declaration of victory, of course. We build tools for the community to efficiently express its judgment through PhishTank. We make sure the data is freely available to the larger Internet community needs. And we keep improving. That’s how PhishTank thrives in the short and long term.
I would encourage these managers (especially at the security companies) to use the data and consider how they can contribute to the community, too.
Leave a response below, or send a trackback from your own site.
funchords
“There is no simple declaration of victory, of course. We build tools …make sure the data is freely available … And we keep improving.”
Nicely put, John!
Quality is a journey, not a destination.
— posted by funchords on February 9th, 2007 at 9:49 pm
alanjshea
Stéphane DEGOR’s summary of the manager’s thoughts on PhishTank:
“pour être efficace dans la lutte contre le phishing, le système doit être très réactif, très diffusé, avoir un rôle plus éducatif et ne pas devenir payant dans les prochaines années.”
“To be effective in the fight against phishing, the system must react quickly, be widely used, have an educational role, and not become commercial in the next few years.”
I definitely concur with the educational role idea. There’s a lot that PhishTank should be doing to illustrate and teach the art of detecting phishing (for instance, a filter on the Phish Archive to show valid phishes with valid screenshots so that newbies can learn from the experts).
In addition, there are a number of “how to vote” explanations in the Blog that should be collected on an explanatory page for new phishing members and reference by the existing experts.
— posted by alanjshea on February 12th, 2007 at 2:02 am
Ilgaz
System is nearing “realtime comparable” levels based on some of my submissions.
If an URL arrived 10 secs ago to a mailbox is already submitted/voted/verified by Phishtank users, that is some amazing success. I have seen that more than couple of times now.
Phishtank and this community made a $50.000 (lets not name) security service look like a toy and joke, that is some success which should be taken very serious. These are the same people who are alerting Mac userbase about “theoretical” proof of concepts for years to sell their products. I am telling these since there could be a major propaganda against Phishtank by very same people who aren’t happy to lose their $50.000/year customers.
About the educational role? As site is open to visitors, if you notice someone around you hasn’t got a single clue about what “Phishing” is, show him/her this site , live examples. When he/she sees a major financial organisation is targeted on 100-200 live web sites with fake addressbars, he/she will take it serious.
— posted by Ilgaz on February 12th, 2007 at 12:57 pm