Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Phishing
From: Amit Sharma <amit.sharma () linuxwaves com>
Date: 12 May 2004 23:40:52 -0000

In-Reply-To: <OLECJFNEKBHCGJIDHKBJKENJCDAA.shivangi () safescrypt com>

Thanx Guys, 

Phishing seems to be a major security concern involving some kinda social engineering techniques and we got some nice 
security tips from this list on the same. How about chromeless windows based attacks. They too have similar 
characteristics. Any ideas?


Received: (qmail 1464 invoked from network); 12 May 2004 22:31:18 -0000
Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (
 by mail.securityfocus.com with SMTP; 12 May 2004 22:31:18 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 5D1EA14370C; Thu, 13 May 2004 00:33:04 -0600 (MDT)
Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec () securityfocus com>
List-Help: <mailto:webappsec-help () securityfocus com>
List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
List-Subscribe: <mailto:webappsec-subscribe () securityfocus com>
Delivered-To: mailing list webappsec () securityfocus com
Delivered-To: moderator for webappsec () securityfocus com
Received: (qmail 20847 invoked from network); 12 May 2004 11:04:06 -0000
From: "Shivangi Nadkarni" <shivangi () safescrypt com>
To: <webappsec () securityfocus com>
Subject: RE: Phishing
Date: Wed, 12 May 2004 22:44:45 +0530
Message-ID: <OLECJFNEKBHCGJIDHKBJKENJCDAA.shivangi () safescrypt com>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
In-Reply-To: <411553375D6CD211A5BD006097B561DE39F56C () distractor testsys com>
Importance: Normal

For those interested in phishing - which has seen an alarming rise in the
recent past - check out www.antiphishing.org. Lots of useful info available


-----Original Message-----
From: Sarah Elan [mailto:selan () testsys com]
Sent: Wednesday, May 12, 2004 8:42 PM
To: webappsec () securityfocus com
Subject: RE: Phishing

One hole I've seen on many large, respected sites are pages that
accept any
url as input and will automatically redirect to that url without
to) perform any validation that the requested url is one which
they want to
redirect to.

For example, http://www.trustme.com/url?q=http://www.phishme.com.
Url?q=http://www.phishme.com can be obfuscated with the usual
techniques and
the user thinks he is going to trustme.com, when in fact trustme.com has
blindly redirected him to phishme.com.

Redirect pages should always validate against a list of known good urls.

-----Original Message-----
From: Jordan Dimov [mailto:jdimov () nsegcorp com]
Sent: Wednesday, May 12, 2004 10:51 AM
To: webappsec () securityfocus com
Subject: Re: Phishing

These are good starting points, Rogan.  I'd love to see further discussion
on this topic.

Make the site name as short as possible, and as obvious as possible,
reduce confusion. Rather than
try to use something short and simple like "secure.bank.com",
and use it
consistently for all servers supporting a particular application. That
way there is less confusion for users, and less likelihood that a
scammer will get away with using a slightly different domain name.

This doesn't really protect against typographical domain name scams (e.g.
paypai.com vs. paypal.com)

Additionally, there are several known security vulnerabilities in MSIE and
other browsers that make it much easier for attackers to hide the true
identity of their fake site and mislead the user.

  -- Jordan

Association for Information Security (www.iseca.org)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]