Home page logo

fulldisclosure logo Full Disclosure mailing list archives

The ultimate solution to phising
From: Stian Øvrevåge <sovrevage () gmail com>
Date: Mon, 14 Feb 2005 10:32:31 +0100

     The ultimate solution to phising
          Stian Ovrevage - 2005
        <stian.ovrevage () gmail com>

Phising  is becomming one of the big problems in
the beginning of the  21 century. Phising is the
act  of  pretending  to be  someone  else  while
trying  to  extract sensitive  information  from
innocent  users.  Much  like a  famous  european
football  player was lured  into  admitting that
he  did not  like  his  current team.  Believing
he  spoke  to a  manager  on another  team,  his
very   private  oppinion   was  broadcasted   to
thousands  of  radio-listeners. This  shows  how
easily people can be convinced.

I  believe  that  if  I   were  to  call  up  50
costumers of my local bank. Ask for
their Visa card number, pin and expiration date.
That I (hopefully) would  not get any responses.
This  is the  mentality  computer  users has  to
adopt. Anyway, that is enough for an 
introduction, lets cut to the chase.

1. The solution to phising?

With  firm believe  of a  world of  forgiveness,
and  awareness of  the risk  of total  ridicule,
I propose my solution to phising:

Stop clicking _any_ hyperlinks, going somewhere?
_Type_  the  address  into   the  addressbar  of
your   browser.   Don't  use   your   favorites.
And never ever click on  hyperlinks recieved in 

/*  No-click actually only  applies  to external
sources, but  the whole problem  with phising
is that  the average user cannot  decide whether
XYZ is an trusted or untrusted source, no matter
how legitimate it might look. So allowing for a
mental loophole of this rule will prove fatal */
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]