mailing list archives
.MAC Phishing .. Security through obscurity
From: rabbit food <r4bb1t_f00d () yahoo co uk>
Date: Wed, 24 Mar 2004 08:57:50 +0000 (GMT)
Thanks for your constructive academic response Peter,
Hm, that would depend on the attackers perspective, an
authenticated redirector may
protect apple from unsoliciated use of their
redirect (think about it).
Also if you take a moment to think about the way in
which this could be exploited with a little
you were maliciously inclined.
But of course, chains and week links are always
part of the fun.
It may be possible to redirect a naive .Mac webmail
user, to another site, possibly, one mocked up as
webmail (a user may ignore the fact SSL is not
How is this different from <<ANY>> other redirect
attack. Why is this a ".MAC
Webmail phishing attack" ???
Hmmmm, think about that one Peter(didn't say there was
anything special about, the more reason why it should
Is there anything special about .mac webmail that
makes this kind of attack any
easier? This is not some intuitive leap here...
Indeed a correct observation, maybe something apple
could respond to.
Now the IE obfuscated (look up the definition in
bug, that was good. It could even be crafted to make
the little lock icon
There are always sparter people and things out there.
I just don't want some ignorant reporter reading your
message and thinking "oh
my god, Apple's email service is full of holes!!!"
Which reporters are you talking about? ignorance is
rife, just take a look back over the past 300 years of
the printed press....and isn't this full-disclosure.
Take a chill-pill dude.
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
Full-Disclosure - We believe in it.
- .MAC Phishing .. Security through obscurity rabbit food (Mar 24)