1 post tagged “creditability”

I have been a huge fan of Wikipedia for years, but as with most non-authenticated information sources, it's tricky to know for sure that everything on it is reliable.

This article: http://www.tech2.com/india/news/telecom/wikipedia-hijacked-to-spread-malware/2667/0 points out that the German edition of Wikipedia was used to spread malware by uploading the program to Wikipedia, then spamming people saying to go to Wikipedia to get the fix for a new worm.  The spam appeared to be from Wikipedia to the untrained eye.

Critics of Wikipedia claim that this is a weakness of Wikipedia, and I agree in a limited way.  I consider this as just another example of the ability to piggy back on the credibility of one group to distribute something questionable.  Another example is the email that appears to come from your bank or ISP that warns you of the threats of phishing scams, then provides either an attached file or link to a program that will help protect you.  There were a rash of these last year.  The big difference is that Wikipedia was actually hosting this file, but even if it wasn't this wouldn't be very hard to fake out and make it look like the file was hosted there.

I think one partial solution for Wikipedia would be to expose the authors more readily so that it's easier to determine who's writing what, at least in some fashion.  Adding in an author creditability rating (think ebay ratings with more granularity) would then increase the likelyhood that the information contained in the site is valid, or at least make it easier to determine when to take it with a grain of salt.

Social Engineering techniques will never go away, but adding a systematic way for tracking creditability will help mitigate some of the more blatant abuses of public trust.