Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New whitepaper "The Phishing Guide"

From: Daniel Veditz <dveditz () cruzio com>
Date: Fri, 24 Sep 2004 11:39:02 -0700
Aleksandar Milivojevic wrote:


Gunter Ollmann (NGS) wrote:


While the Phishers develop evermore sophisticated attack vectors [...]
Customers too have become wary of "official" email, and organisations
struggle to install confidence in their communications.


Sometimes it's unbelivable how long it takes organizations to discover 
that email can be signed.  Especially nowdays when all major mail 
readers have support for at least S/MIME


How does that help in practice? A user fooled by a link to ebay-support.com
is just as likely to accept signed mail from foo () ebay-support com. Not to
mention that the potential profits from phishing could easily finance the
purchase of a forged cert if someone at one of the built-in CA's was
corruptible. Given the several that are based in 3rd world companies (not to
mention recent US corporate scandals) I have no confidence that won't
eventually happen.

-Dan Veditz
Previous By Date Next
Previous By Thread Next

Current thread: