Brett Glass’ post on Dave Farber’s IP list, “Rumpelstiltskin worm on the loose?” was fascinating. Briefly:
What is a “Rumplestiltskin attack?” As described in a paper I wrote several years ago
(where I coined the term for lack of a better existing one), it is an e-mail address
harvesting attack in which a machine attempts to send e-mail messages to randomly
guessed addresses at a domain. It might try common first names — for example,
“john@domain.com”, “joe@domain.com,” and “mike@domain.com” — and then proceed to
common last names and combinations of names and initials. (In some cases, we’ve
seen some very unusual guesses that appear to have been extracted from lists of
AOL screen names.)
More fascinating to me than this bit of security trivia was the power of naming revealed here — not the naming of possible email accounts, but the naming of a meme. What we see here is akin to viral recombination, the grafting of one meme onto another. Familiar stories like fairy tales are part of the “creative commons” that Larry Lessig talks about. Once an attack like this is named, the affordances provided by the prior knowledge of the fairy tale make it memorable and understandable.
Fairy tales are one of many “meme-spaces” that can be mined for recombinant DNA when trying to make your ideas stick.