Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Recall: simple phishing fix
From: "Aaron Turner" <synfinatic () gmail com>
Date: Wed, 30 Jul 2008 08:58:30 -0700

On Wed, Jul 30, 2008 at 7:29 AM,  <Glenn.Everhart () chase com> wrote:
The sender would like to recall the message, "[Full-disclosure] simple phishing fix".

You mean this email?  Seriously, people need to learn that the that
the recall feature in Exchange doesn't work.  I don't read every email
in my inbox, but you can be sure I read every email that someone asks
to recall!

from    Glenn.Everhart () chase com
to      prb () lava net,
full-disclosure () lists grok org uk
date    Tue, Jul 29, 2008 at 11:31 AM
subject Re: [Full-disclosure] simple phishing fix
mailing list    full-disclosure.lists.grok.org.uk Filter messages from
this mailing list
mailed-by       lists.grok.org.uk
You might eliminate phishing but there are occasionally messages from people at
these institutions also. This sort of thing is in essence allowing phishers a
denial of service attack against anyone they choose to make themselves
a nuisance

I am not well pleased with any bank authentication I have seen so far
seems to me finance-related messages should be authenticated both ways
and preferably
a confirming authentication to demonstrate the subject agrees with the
should be done before such are accepted. That kind of thing would be
hard to spoof
and if done right pretty useless to someone who could record entire

As for email, judge by its content. This posting for example will do nothing
to your money, sells you nothing. Nor does it ask any information of you. If it
were spoofed it would be harmless.

Glenn Everhart

Aaron Turner
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]