funsec mailing list archives
Re[2]: The end of Phishing in sight?
From: Pierre Vandevenne <pierre () datarescue com>
Date: Mon, 17 Oct 2005 22:25:21 +0200
Good Day, Monday, October 17, 2005, 10:04:39 PM, you wrote: VKve> the phisher can logon to the bank's website. It doesn't do squat for phishers VKve> that snag a credit card number and use that to order a bunch of stuff, True, but that's credit card security, not web banking security. I've had to revoke three cards since 1994. Two of them after well publicized hacks (one of them was CDUniverse, the other one the recent big fraud whose name escapes me right now), one of them after a supposedly respectable company, recently mentioned here btw, abused it intentionally). I am sure phishing plays a role here, but I am not sure it has a lot of impact compared to the early "cc generators" or the big leaks mentioned above. Exact stats are hard to come by anyway. VKve> phishers that snag a checking account number and use that to do something VKve> devious, or phishers that snag an SSN and use it to... Those things aren't a problem in Europe. ID theft is essentially a non issue at this point. I'd say the problem is not only technical... but socio-cultural. I haven't seen a belgian check in the last seven years for example. VKve> Ah hell.. What percent of the time *do* the phishers turn around VKve> and actually login to the bank's website? ;) Who knows. But I certainly don't want them to do that with mine. The damage would potentially be a few orders of magnitude bigger than with my CC VKve> the first 6 months we'll see at least one bank will deploy VKve> something meeting Ultimately, I am willing to bet most of them will. VKve> the rules as written, but still totally vulnerable to a MITM attack). That's the "cream pie" of IT security. Mention any protocol and get the "is it vulnerable to a MITM attack?" answer. Then receive a wide gamut of answers from people who once understood the math, but don't quite remember it... and who don't know the details of the protocol... But then suspecting it is vulnerable is always a safer bet than the opposite ;-) -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Speaking of phishing, (continued)
- Speaking of phishing xyberpix (Oct 18)
- Re: Speaking of phishing Richard Cox (Oct 18)
- Re: Speaking of phishing xyberpix (Oct 19)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Justin Mason (Oct 17)
- Re: The end of Phishing in sight? Chris Buechler (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Message not available
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 18)
- RE: Re[4]: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Dave Dennis (Oct 18)
- Re: The end of Phishing in sight? Craig Webster (Oct 18)
- RE: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)