Many spoofing attacks are aimed at the genuine owners of the resources being spoofed. The problem with that is, people generally notice when their own resources disappear. They rarely notice when someone else's does, unless they're no longer able to access something from somebody else.

The best of spoofs, then, are completely invisible. Vulnerability exploits break things; although it's not impossible to invisibly break things (the "slow corruption" attack), power is always more useful than destruction.

The advantage of the spoof is that it absorbs the power of whatever trust is embedded in the identities that become appropriated. That trust is maintained for as long as the identity is trusted, and can often long outlive any form of network-level spoof. The fact that an account is controlled by an attacker rather than by a genuine user does maintain the system's status as being under spoof.

The Plague of Auto-Updating Applications

Question: What do you get when you combine multimedia programmers, consent-free network access to a fixed host, and no concerns for security because "It's just an auto-updater?" Answer: Figure B.1.

Figure B.1: What Winamp Might As Well Say

What good firewalls do and it's no small amount of good, let me tell you is prevent all network access that users themselves don't explicitly request. Surprisingly enough, users are generally pretty good about the code they run to access the Net. Web browsers, for all the heat they take, are probably among the most fault-tolerant, bounds-checking, attacked...