Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY
From: n3td3v <n3td3v () gmail com>
Date: Sat, 1 Apr 2006 00:05:55 +0100

With this in mind, are the RSA say its OK to DDoS fake login pages that the
public think are phishing sites with fake information to take the phishing
sites down? Or maybe the RSA didn't think too far into it before making
their "illegal tactics" public. I guess nobody in the industry learned from
makelovenotspam.com and the whole Lycos affair.

On 3/31/06, n3td3v <n3td3v () gmail com> wrote:

But do you remmeber back to the Make love not spam saga? Yeah, the big
players tried to "attack" the bad guys and look were they ended up. You, by
attacking anything, forwhatever reason, with the same method as the
attacker, could land you in jail. While with your attack you may lock up
phishers in coordination with banks, the phishers lawyers could also claim
by law, that the anti-phishing site was also breaking the law by flooding a
database, even if the database is malicious or otherwise legitmate,


On 3/31/06, Steven <steven () lovebug org> wrote:

Well I think they took a pretty neat and somewhat unique approach to the
whole thing.  I don't think the claim to have thought of some
groundbreaking
perfect solution to stop phishers.  However, they are combing through
over a
billion e-mails a day and looking for a phishing sites.  They've tied
themselves into some top vendors and are working to get the sites shut
down.
They are actually making calls and sending e-mails that have been
translated
appropriately.  On top of that they are flooding the sites with bogus
information.  How exactly they are doing that.. I don't know.  Are they
using different sessions and IP addresses for each bogus request they
send?
Are they typing in gibberish or stuff that appears completely legit?  As
many of us know, credit card numbers can instantly be checked to see if
they
are even a valid number before you even go through the process of
verifying
expiration, zip code, cvv, or anything else.  Is this company actually
taking credit card numbers that could potentiallity be legit account
numbers
and inserting them?  If not then it would be only take seconds to sort
through hundreds of fake and real account numbers.

Anyway -- I am not sure how they are doing everything, but they are
taking a
better approach than many.  Maybe some of the boneheads lurking about
this
mailing list and reply back and let us know if they've been thwarted by
this
company in any way. :-)

Steven

----- Original Message -----
From: "ducki3" < duckie37 () gmail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, March 31, 2006 5:04 PM
Subject: [Full-disclosure] Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY


In any case, it's clear that the person who posted that response has
*no
idea*
how most bank's anti-fraud systems work.

First off, the phishers *can't* just run through all the data they've
gotten
in just a few seconds, unless they distributed the work across a bunch
of
botnet
zombies - hits for more than a few dozen different accounts from the
same
IP
in the same timespan are suspicious at the very least.

Secondly, the phishers can currently usually be sure that the victims
have
given them reasonably good data (unless the victim is a dweeb who
can't
enter
their DoB or account number correctly).  On the other hand, if the
phished
data
has been polluted by 90% bad data, then only 1 of 10 attempted
transactions
will succeed - and the fact that they're trying lots of different bad
data
will
again hopefully trigger an alert.  If you only succeed every 10th
time,
and you
get locked out after 3 attempts with different bad data, it's going to
take you
a lot longer to figure out which ones are good and which ones are
bad....


Consider that some of these fake accounts could also be used as Honey
keys.
They would of course have to work in conjunction with the banks /
sites to utilize this.

It would be rather difficult for a phisher to sort through thousands
of Id's when IP addresses keep getting shut off based on a Honey Key.

You would have to own a lot of BOTs and a lot of patience.


Duck

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]