|
Bugtraq
mailing list archives
Re: New whitepaper "The Phishing Guide"
From: Daniel Veditz <dveditz () cruzio com>
Date: Fri, 24 Sep 2004 11:39:02 -0700
Aleksandar Milivojevic wrote:
Gunter Ollmann (NGS) wrote:
While the Phishers develop evermore sophisticated attack vectors [...]
Customers too have become wary of "official" email, and organisations
struggle to install confidence in their communications.
Sometimes it's unbelivable how long it takes organizations to discover
that email can be signed. Especially nowdays when all major mail
readers have support for at least S/MIME
How does that help in practice? A user fooled by a link to ebay-support.com
is just as likely to accept signed mail from foo () ebay-support com Not to
mention that the potential profits from phishing could easily finance the
purchase of a forged cert if someone at one of the built-in CA's was
corruptible. Given the several that are based in 3rd world companies (not to
mention recent US corporate scandals) I have no confidence that won't
eventually happen.
-Dan Veditz
 By Date 
By Thread
Current thread:
| 
Intro
