Full Disclosure mailing list archives
Re: [HV-PAPER] Anti-Phishing Tips You ShouldNotFollow
From: "Mike Nice" <niceman () att net>
Date: Sat, 1 Apr 2006 01:13:48 -0500
1) Any different social engineering besides "login to your bank account". For example, "Chase will pay you $20 to fill out a short survey!" (of course, after filling out the survey you must provide your debit card number or account login information to get the $20).This should be tip #5, back to the old 'don't click on anything from your bank in an E-mail - for any reason'.
3) Any attack that spoofs the SSL cert box (The Codefish web site had a good example...what ever happened to Codefish, anyway?...pharming, MITM, and type-alike can fit in here, too)Tip #4 works precisely because it defeats pharming, MITM and type-alike. The Cert box is nearly impossible to spoof because you would have to spoof the actual bank's certificate. Any error and your browser will pop up a warning dialog that the host name on the SSL cert doesn't match the name of the host. That's only assuming that some corrupt CA hasn't issued a second SSL cert for the real bank host name.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow, (continued)
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow Michal Zalewski (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow Marcos Agüero (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow Jasper Bryant-Greene (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should NotFollow Dave Korn (Mar 31)
- Re: Re: [HV-PAPER] Anti-Phishing Tips You Should NotFollow ad () heapoverflow com (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow Valdis . Kletnieks (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should NotFollow <...> (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow Michal Zalewski (Mar 31)
- Message not available
- Fwd: [HV-PAPER] Anti-Phishing Tips You Should NotFollow Anonymous Squirrel (Mar 31)
- Re: [HV-PAPER] Anti-Phishing Tips You ShouldNotFollow Mike Nice (Mar 31)