Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: simple phishing fix
From: "Stian Øvrevåge" <sovrevage () gmail com>
Date: Tue, 29 Jul 2008 08:55:10 +0200

On Mon, Jul 28, 2008 at 9:52 AM, lsi <stuart () cyberdelix net> wrote:
Please post the list of strings you use in your phishing filter.

Or don't you have one?

Seriously dude, if phishing was so simple to fix then why is it "on
the rise" according to recent news articles?

I mean, if all the admins out there in the world are blocking them,
when why are they still being sent out by scammers?

Either the admins don't know how to block them, or the scammers don't
know they are being blocked.

My message can solve both problems.

I seem to recall a time when email-borne viruses were a problem, once
it was pointed out they were simple to block, they rapidly dropped
out of fashion.

I would indeed like to repeat that success and save the associated
electricity, bandwidth and CPU time for something more important,
such as replying to bone-headed posts in fd, for a start.


On 28 Jul 2008 at 10:57, Biz Marqee wrote:

Date sent:      Mon, 28 Jul 2008 10:57:06 +1000
From:   "Biz Marqee" <biz.marqee () gmail com>
To:     full-disclosure () lists grok org uk
Subject:        RE: [Full-disclosure] simple phishing fix
Copies to:      stuart () cyberdelix net

Wow, you our are savior.. no, no our e-Hero! Forget patches for software
bugs.. This guy can teach us how to set up a mail filter!!

Seriously dude.. do you think we care about, or are too inept to set up mail
filter rules? Go find another list to contribute to, you are a joke.

You mention phising, but I think quite a few points from the
why-your-spam-solution-wont-work-list are relevant:

"(x) Mailing lists and other legitimate email uses would be affected
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it

Specifically, your plan fails to account for

(x) Eternal arms race involved in all filtering approaches

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(x) Blacklists suck
(x) Whitelists suck"


1. Your filter will never be complete, there are too many
banks/institutions (with ever-changing domains etc).
2. Banks/institutions actually sends legitimate mail.
3. Phishers will find ways to get around the filters, either by
registering similar domain-names or by numerous browser/MTA tricks.
4. Users likely to fall for a phish is not very likely to even know
what a filter is.

Stian Øvrevåge

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]