Recently I had been involved in a mail thread regarding the well-accepted application of the "defense in depth" doctrine withing information systems security. I maybe mistaken but it sounds like a mistake to defend such approach when even the modern armies are developing network/information centered warfare tactics.

As the Wikipedia entry for the UK Network Enabled Capability states:

NEC is envisaged as the coherent integration of sensors, decision-makers, effectors and support capabilities to achieve a more flexible and responsive military. In this future vision commanders will be better aware of the evolving military situation and will be able to react to events through voice and data communications.

Sounds like we are a using the wrong approach, or should I say, doctrine? :-)

Vono, a leading Brazilian VoIP service, informed their customers about a phishing attempt involving their services. As usual, users were lead by different ways to a clonned website for password recording purposes. Until here no lesson to be learned, Vono service is a prepaid VoIP service that can be paind either by invoice or a non displayed credit card, this last payment method also offers a risky automatic recharge option. However it's interesting to notice that Vono uses the same credentials for both HTTP and SIP authentication. Therefore those that had been fooled by the phishing scam tend to suffer credit theft as consequence of their naivety. Separate authentication methods could provide the VoIP provider the ability to data mine for anomalous Web provisioning activities reducing the impact of the phishing activity.

Still that the impact of this phishing scam tend to be quite small.