Here's an interesting new phishing scam:

Rather than posing as a bank or other online business, spear phishers send e-mails to employees at a company or government agency that appear to come from a powerful person within the organization, several security experts said...

...Unlike basic phishing attacks, which are sent out indiscriminately, spear phishers target only one organization at a time. Once they trick employees into giving up passwords, they can install Trojan horse programs or other malicious software to ferret out corporate or government secrets.

And this was interesting as well, which raises the issue of what constitutes an order from a commanding officer:

At the U.S. Military Academy in West Point, N.Y., several internal tests found that cadets were all too willing to give sensitive information to an attacker posing as a high-ranking officer, said Aaron Ferguson, a visiting faculty member there.

"It's the 'colonel effect.' Anyone with the rank of colonel or higher, you execute the order first and ask questions later," he said.

But if on the Internet, no one knows you're a dog, how can you tell that someone is a colonel, let alone your colonel? There's a long tradition of written orders having to be obeyed, but have emails acquired that attribute by default? If so, it may need to be rethought, given the nature of the technology.

...If so, it may need to be rethought, given the nature of the technology.

It's being re-thought. DoD is implementing a public key infrastructure (PKI) which, in the near future, will require all emails to be digitally signed.

"It's the 'colonel effect.' Anyone with the rank of colonel or higher, you execute the order first and ask questions later," he said.

I never got in lasting trouble for not obeying an order from someone not in my chain of command if it violated an order from _my_ chain of command.

This does require a bit of self-assurance that might be lacking in your average cadet. Or that Marines are encouaged to think for themselves, and West Pointers .. not so much?

At USAF boot camp, when a DI or an officer wanted to enter a barrack, the trainee on guard was required to say "Sir, may I see your authority to enter?", wait for for the putative superior to produce his military ID, check it against the list of people who had that authority, only then let him or her in. Sometimes officers or DI's would start yelling instead, trying to trip the trainee into breaking the procedure. In that case we were perfectly free to yell back at them -- the ONLY situation in Basic Training where we allowed to yell at anybody. And yes, if a colonel not in the chain of command (hence not on the list) tried to enter unaccompanied by one of training staff, we were to just keep the door closed. (It was an armored door, too.)

And yes, if a colonel not in the chain of command (hence not on the list) tried to enter unaccompanied by one of training staff, we were to just keep the door closed.

I wish more people knew that this sort of behaivor was encouraged in our military. Shenanigans like that sorry mess in Abu Gharib are very much the exception not the rule.

All you need is a fax machine, a copier, and oh yeah, Microsoft Word to make any order seem official, whether that order was given today or 35 years ago.

Sorry, just short on time, but thought of all this stuff during Rathergate.

All you need is a fax machine, a copier, and oh yeah, Microsoft Word to make any order seem official, whether that order was given today or 35 years ago.

Don't forget the airfare to Abilene -- or will just any Kinko's do?