Koceilah Rekouche krekouche@pushstart.info
The history of phishing traces back in important ways to the mid-1990s when hacking
software facilitated the mass targeting of people in password stealing scams on America
Online (AOL). The first of these software programs was mine, called AOHell, and it was
where the word phishing was coined. The software provided an automated password
and credit card-stealing mechanism starting in January 1995. Though the practice of
tricking users in order to steal passwords or information possibly goes back to the
earliest days of computer networking, AOHell’s phishing system was the first automated
tool made publicly available for this purpose. 1 The program influenced the creation of
many other automated phishing systems that were made over a number of years. These
tools were available to amateurs who used them to engage in a countless number of
phishing attacks. By the later part of the decade, the activity moved from AOL to other
networks and eventually grew to involve professional criminals on the internet. What
began as a scheme by rebellious teenagers to steal passwords evolved into one of the
top computer security threats affecting people, corporations, and governments.
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23
Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.
FEDERATION – GUIDANCE FOR OVERHEAD AND STAFF USERS
————————————————–
July 23 1995
Introduction
~~~~~~~~~~~~
Hi! – and welcome to Federation. This document is intended to provide
guidance for overhead and staff account holders on AOL who are playing
Federation (referred to as OHs in this document).
As an OH playing Federation you are in a privileged position, because
we do not get paid for your usage. Because you are in a position of
privilege, you have obligations to AOL and the Federation team that paying
players do not.
At the moment, we allow any OH to play Fed, but bear in mind that if your
presence in Fed starts to cause us problems then you will be locked out of
the game, and if we get too many problems with OHs we will simply stop all
OHs from playing.
The following is a summary of AOL’s “Kids Only Channel Policies.” The AAC is obligated to follow these policies at all times. (from “Document Version 2.32”). All items are direct quotes, commentary is in brackets. The original document is 16 pages long. Grammar and spelling are as found in the original document. This document was prepared bu AAC Coord based on policies in effect in July, 1998.
Introduction
AOL developed The the Kids Only Channel Policies (“Policies”) to ensure a uniform consistent set of standards and practices throughout all programming and advertising areas (Rainman or web-based) targeted to kids children 12 and under on America Online, and particularly including through the Kids Only channel. AOL reserves the right to modify these Policies as necessary. Additionally, AOL expects all Partners to abide by the Children’s Advertising Review Board Unit (“CARU”) guidelines for Interactive Electronic Media (see also http://www.bbb.org/advertising/caruguid.html)
Policy PrincipleObjectivesGoals
~Provide a safe, age appropriate environment for kids in a manner appealing to both kids and parents, addressing primary industry and consumer concerns:
~Providing age appropriate content
~Protecting youth privacy, including protection from online predators
~Creating an age-appropriate marketing environment.
~Create a viable programming and business model for youth-targeted areas and partners on AOL.
~Provide a safe, age appropriate environment for kids in a manner appealing to both kids and parents;
~Create a viable programming and business model for youth targeted channels and partners on AOL.




