Home page logo
/

nanog logo nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing
From: Sven Olaf Kamphuis <sven () cb3rob net>
Date: Sun, 12 Feb 2012 19:22:06 +0000 (UTC)

btw, i'm quite sure that -banks- of all things have the resources to just take the transaction part for consumers -off their pcs- and simply send them a dedicated device with an ethernet port to do the transactions on.

the same way they do in shops.

no more bothering with "omg what if they click a link, get phished and end up in the transaction interface", as there simply won't be a web based transaction interface.

guess the "its not allowed to cost anything" mentality of banks towards the internet is mostly gone (About time too ;) so they could consider other options besides "using the hardware that's allready there and owned by the customer (and full of virusses and spyware ;)"

--
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
         D-13359                   Registration:    HRA 42834 B
         BERLIN                    Phone:           +31/(0)87-8747479
         Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven () cb3rob net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Sun, 12 Feb 2012, Rich Kulawiec wrote:

On Sun, Feb 12, 2012 at 04:44:13AM -0500, Vinny Abello wrote:
All recent email clients I've come across give you anti-phishing
warnings in one way or another if the URL does not match the actual link.

Which is great, but doesn't help you if the URL and the link are:

        http://firstnationalbank.example.com

because a significant number of users will only see "firstnationalbank"
and ".com".

That's why I recommend that banks et.al. don't put *any* URLs in their
messages.  If they make this an explicit policy and pound it into the
heads of their customers that ANY message containing a URL is not from
them, and that they should always use their bookmarks to get to the
bank's site, then they're training their customers to be phish-resistant.

---rsk



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]