Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: simple phishing fix
From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Tue, 29 Jul 2008 15:49:37 -0400 (EDT)

On Tue, July 29, 2008 2:31 pm, Glenn.Everhart () chase com wrote:
You might eliminate phishing but there are occasionally messages from
people at these institutions also. This sort of thing is in essence
allowing phishers a denial of service attack against anyone they choose
to make themselves a nuisance with.

I am not well pleased with any bank authentication I have seen so far
personally; seems to me finance-related messages should be authenticated
both ways and preferably a confirming authentication to demonstrate the
subject agrees with the transaction should be done before such are
accepted. That kind of thing would be hard to spoof and if done right
pretty useless to someone who could record entire transactions.

As for email, judge by its content. This posting for example will do
nothing to your money, sells you nothing. Nor does it ask any information
of you. If it were spoofed it would be harmless.

Glenn Everhart

But it is from Chase.... and nothing good comes from Chase ;-)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]