Security Basics mailing list archives
Re: Fake Sites
From: "Ian Kelly" <e2chameleon () btopenworld com>
Date: Sat, 6 Sep 2003 02:47:06 +0100
Hi, Brand Dimensions (http://www.brandimensions.com), Cobion (http://www.cobion.com) and Verisign http://www.verisign.com/services/cdns/brand/index.html), amongst others, provide brand protection services and scan the Internet looking for sites that infringe copyright for their clients. Something like that could be useful. I would guess that a fake site would be trying to emulate the original (down to logos, brand names etc). The CySecurity Identity service from Cyveillance(http://www.cyveillance.com) checks for Spam email in addition to web sites etc. Brand protection services can also include things like domain registration searches and takeovers to ensure that all the domains relevant to your organisation or products are owned by you and not a Cybersquatter or someone out to fake your site. A Google search for brand protection will give you a list of companies providing various types of brand management/protection services. GeoTrust offers its True Site identity assurance service (http://www.geotrust.com/authentication/true_identity.htm) to confirm the identity and authenticity of a web site by acting as a trusted third party. A "live" image is placed on your web site which includes a company name, date & time stamp making it more obvious if the someone has tried to tamper with it. Additional details confirming the site/company identity are displayed when the logo is clicked. I quite often seen recommendations that people should look for the padlock symbol to ensure that a site they going to is secure. I haven't seen it suggested very often that people should check these certificates and make sure that the site is in fact authentic and owned by the legitmate business and not a fake site. Although not every vendor who offers SSL certificates carries out a thorough authentication procedure Verisign (http://www.verisign.com) and Thawte (http://www.thawte.com) both have certificate/domain authenticity verification schemes. Called Secure Site Seal and Site Seal, they allow a visitor to click on an icon on a page and confirm in clear language the validity and authenticity of the certificate/site. GeoTrust can also supply 128bit SSL certificates bundled with True Site . Ian Kelly, e2chameleon Information Security Resource. http://www.e2chameleon.btinternet.co.uk/ ----- Original Message ----- From: "Jensen" <jensen () estadao com br> To: <security-basics () securityfocus com> Sent: Friday, September 05, 2003 12:04 AM Subject: Fake Sites
Hi Does any one know if there are a comercial product (like a robot) or a Service Provider that can search for fake sites based on the similarity with the original one ? Additionally, what can i do to prove to the user of a site that the site
he
is accessing is the original one, not a fake ? How can i prove the authenticity of the site in a user friendly manner ? Thanks --------------------------------------------------------------------------
-
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September
6.Visit us: www.blackhat.com
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Fake Sites Jensen (Sep 05)
- Re: Fake Sites Ian Kelly (Sep 08)
- RE: Fake Sites Jeremiah Powell (Sep 08)
- <Possible follow-ups>
- RE: Fake Sites J. Oquendo (Sep 08)
- RE: Fake Sites MARZIOU,GAEL (HP-France,ex1) (Sep 08)