New global phishing reporting language announced
After two years in development, the Incident Object Description Exchange Format (IODEF) XML Schema is expected to be adopted in the very near future as an IETF standard. According to the AusCERT, IODEF currently supports a pilot phish database that is growing at a rate of some 2.5 million attack records a month and supplies data to some 2700 subscribers. The database is expected to go fully live in July this year.
The main intent of the upcoming standard is to ensure that information on phishing incidents can be shared world-wide. However Mike Dodson, technical director at secure email appliance vendor Mirapoint (a sponsor of the APWG) has some reservations about its contribution to reducing phishing in the absence of other parallel measures: "This initiative would be even more effective if it was occurring in tandem with a similar concerted action from, for instance, the banks themselves. If banks adopted and promoted a unified code of conduct regarding email policy - clearly stating how they intend to communicate with their customers - then phishers would quickly run out of victims."
Nevertheless, any move towards standardising reporting of necessarily global security issues must be seen as a positive contribution to the world-wide co-operation that is essential to defence.