Security Basics mailing list archives
RE: HOW TO PREVENT FHISHING ATTACKS
From: Jon Davis <jon.davis () securenation net>
Date: Mon, 7 Feb 2011 15:40:54 -0600
Wombat Security (wombatsecurity.com) is an interesting company that is headed up by a group of Carnegie Mellon professors. They have come up with an extremely low cost anti phishing solution that works well for our bank clients. Cheers, JD -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Manampady Sent: Friday, February 04, 2011 2:00 AM To: John Renne Cc: Filiberto Moreno; Patrick Webster; mzcohen2682 () aim com; security-basics () securityfocus com Subject: Re: HOW TO PREVENT FHISHING ATTACKS Hi, The watermark is being used by our company for antiphishing services for banks and the watermark is obfuscated in the HTML source of the bank website. I am not sure of how the watermark works but I think either the valid domains and IP are also obfuscated or the script does a reverse DNS lookup and triggers an alert if the domain and reverse dns lookup does not match. Thanks & Regards, Nikhil Manampady, Security Consultant, Paladion Networks. On Fri, Feb 4, 2011 at 12:42 PM, John Renne <john () gniffelnieuws net> wrote:
Hi, This might sound like an idea but poses a risk too. If a phisher copies the sourcecode, he'll probably adjust the IP's too. Customers will get a false feeling of trust since the watermark is correct. If you want to do such a thing, I'ld try to hide the IP's (and probably some more info) in a generated JPEG on the site, and include something like an applet which checks the watermark. I'ld always try to hide it from the users though. John On Feb 4, 2011, at 5:41 AM, Nikhil Manampady wrote: Hi, One of the more proactive things is to have a watermark in the banks HTML source code which contains a list of IP's on which the bank's website domain is registered. If a phisher copies the HTML source code and hosts it on the phished site, the watermark will check that this rogue IP is not part of the whitleisted bank domain IP's it can send an alert to the security team. That way the phished site can be bought down before the customer gets redirected to it. Thanks & Regards, Nikhil Manampady, Security Consultant, Paladion Networks. On Thu, Feb 3, 2011 at 2:50 AM, John Renne <john () gniffelnieuws net> wrote:Hi everyone, This problem is a bit harder then it seems at first sight. First of all, SPF's won't help you very much. In any case, it's not something a bank can enforce. It's the customers e-mail provider which will have to implement this. These however are out of the banks control. The second problem is a dilemma. You can always have a communication strategy that consists of a few simple steps - Tell all your customers official bank correspondation goes by mail from a certain address (this however is easy to spoof so no solution) - Tell all your customers all of your e-mail correspondation contains some sort header / footer etc. (this however is easy to include / manipulate) - Exclude mail from the official channels of communication (but what if you -want- to e-mail users) It mostly comes down to security awareness. This is something both customers and banks should realise A number of more things can be thought of but mostly it all breaks down to finding a balance between a few things - ease of use for customers (if customers think it's too hard they'll find another bank) - cost effectiveness (never spend a dollar to secure a cent) - trust (make sure the customer gets the idea you are secure) But this is just my 2 cents John On Jan 31, 2011, at 8:44 PM, Filiberto Moreno wrote:Hello Everyone, We were experiencing a similar scenario here at my current place of employment and we ended up having to do the following steps: 1. We had all the IT support technicians to list all the applications, scheduled tasks, and services that were running under the administrator account. 2. Once we got the list put together we had the IT technicians remove those accounts and replace them with their own and had them confirm. 3. Once it was confirmed the IT director changed the password on the Domain Administrator account to a very long passphrase with upper case, lower case, special characters, and numbers. 4. The IT director typed it up in a document and printed it out, sealed it in an envelope, and deposited it in a bank safe. Hope this helps. Fili -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Patrick Webster Sent: Sunday, January 30, 2011 7:43 PM To: mzcohen2682 () aim com Cc: security-basics () securityfocus com Subject: Re: HOW TO PREVENT FHISHING ATTACKS Hi Marco, Use Sender Policy Framework - see http://en.wikipedia.org/wiki/Sender_Policy_Framework and http://www.openspf.org/ SPF is a DNS txt record which indicates whether a MTA (such as hotmail, gmail, good ISPs) should accept email purportedly from @bank.com when the source IP is i.e. a botnet. -Patrick http://www.osisecurity.com.au/ On Fri, Jan 28, 2011 at 10:44 AM, <mzcohen2682 () aim com> wrote:Hi Guys, I am preparing a set of recommendation for a client of mine which is a bank , a set of controls against fhisging attacks, besides of telling the bank to teach there customers how to protect against those attacks ( not opening suspicious mails etc etc) what other recommendations are good? are there some technological tools to prevent those attacks that the bank can implement? I heard something about imperva radar service which should protect against fishing attack, some one has experience with that tool? what about other tools that the bank can implement? many thanks! Marco ------------------------------------------------------------------ ------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b 6be442f727d1 ------------------------------------------------------------------ ------------------------------------------------------------------------- ----- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6 be442f727d1 ------------------------------------------------------------------- ----- ------------------------------------------------------------------- ----- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6 be442f727d1 ------------------------------------------------------------------- -------------------------------------------------------------------------- --- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be 442f727d1 --------------------------------------------------------------------- ---
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: HOW TO PREVENT FHISHING ATTACKS Filiberto Moreno (Feb 02)
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Message not available
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- RE: HOW TO PREVENT FHISHING ATTACKS Jon Davis (Feb 08)
- Re: HOW TO PREVENT FHISHING ATTACKS Paul Johnston (Feb 10)
- RE: HOW TO PREVENT FHISHING ATTACKS Gadi Naveh (Feb 15)
- Message not available
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- <Possible follow-ups>
- Re: HOW TO PREVENT FHISHING ATTACKS Adam Pal (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Lynch, Gordon CTR NHRC (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Eggleston, Mark (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Craig S Wright (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Patrick Kobly (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Sacks, Cailan C (Feb 03)