Only if you think that spearphishing is purely social engineering. Sure that's a critical aspect of it but phishing emails can also contain technical exploits...cracking.

You're right. Education in a formal setting simply doesn't convert to practical knowledge. That's a method best left to theoretical subjects.

But you're going to have a tough time arguing that *training* doesn't work: which is what PhishMe is selling. Teach employees to recognize phishing emails by actually sending them inoculated phishing emails. When employees fall for it you let them in on the game immediately and seize that invaluable teachable moment.

Back in the day we were trying to get any exploitative hacking to be called "cracking". Note Jurassic Park's "I prefer to be called a hacker." line.

It didn't take completely. We got "hacking" to be relatively accepted into the mainstream vernacular but "hacker" remains in a kind of grey area and "hacked" is entirely negative.

It's not about being dumb, it's about not being aware. If the first phishing email you come across is one that's technically advanced and well written enough to slip through the technological filter: then you as a corporate employee are probably going to fall for it. Especially if it's a true spear-phishing email that's targeting *you*. It'll look like an email from your boss with yet another emailed PDF or DOCX report to review. Bam.

The solution that PhishMe proposes is to safely expose employees to phishing emails on a regular basis and teach everyone to recognize actual phishing emails from those demonstrations. The human reading the email and about to click the link or open the attachment is your last line of defense and shouldn't be neglected as such.

Yes exactly! The sheer number of exploit hooks into even modern/patched operating systems is simply depressing.

It IS hard to teach common sense, but it's not hard to demonstrate it. That's what PhishMe does. Shows employees how to recognize phishing emails by exposing them to safe phishing emails. Think of it as a vaccine.

This is what passes for +5 insightful these days?

The issue isn't opening an email: but clicking a link in that email or, worse, clicking a link that takes you to a legitimate looking site and entering data, or opening an attachment in a legitimate looking email.

There are all sorts of attack vectors present from an email message. To sweep it all up as "IT's Problem" is a very, very bad idea. It just takes one email fooling the right person to be a security problem.

PhishMe's philosophy is that at some point the technical protection will fail ... so you'd better ensure that your employees know what to look for. The best way to teach them what to look for is to let them actually experience safe emails using the same techniques that would be maliciously used against them.

Spear-phishing isn't an idle threat, it's a widely used attack method that has gotten data out of targets like the New York Times, Defense Department, Facebook, and Apple (http://www.theatlanticwire.com/technology/2013/02/spear-phishing-security-advice/62304/). I'm sure that each of those companies has a very robust and capable IT Department armed with email scanning and sanitizing software. You just can't catch everything with technology.

A Keurig maching and a Jura Capresso machine are entirely different beasts. The Keurig is great for quick easy, individual drinks (e.g. one person can have coffee and the next tea). The Capresso is a serious coffee creation device that actually makes crema coffee right at home at the touch of a button. There's a reason a Keurig costs $150 and a Capresso costs $1000+.

I like and own 'em both though, they each have their place.

I tried to make that distinction with the term 'fanboy'. People who like what SpaceX are doing without putting them on a libertarian pedestal I wouldn't put in that category.

I'm glad I'm not the only one saying it.

Musk himself isn't NASA bashing; he is extremely grateful for their assistance. Its all the SpaceX fanboys who are the problem, trying to make Falcon 9 out as the harbinger of a libertarian conquest of space. It isn't, its just a well designed rocket which the US government isn't paying massively over the odds for.

Seriously? An announcer being surprised by the abort and not being able to follow what was happening for a second is the evidence you present for your idiotic, triumphalist neoliberal beliefs? Fuck right off.

It is actually a successful abort test (albeit an unscheduled one!) Now, SpaceX knows that they can shut down the engines half a second before liftoff with no problems at all.

An engine lost on launch would've prevented the payload reaching the ISS. Aborting the launch unquestionably saved this mission (although it may yet be unsuccessful.

I admit, I've been skeptical of 'private' spaceflight, both because of the libertarian ideological bleating that seems to always be associated with it (posing a risk to gov. investment in space) and the fact that, with NASA still holding the hands of everyone, it isn't truly private. Nonetheless, today is a complete success for SpaceX. They had a problem, they dealt with it well.