funsec mailing list archives

RE: Nordea Sweden shuts Internet banking due to targeted phishing

From: Josh Daymont <jdaymont () secureworks net>
Date: Wed, 5 Oct 2005 09:54:19 -0400


No need to keep wondering -- the problem will never be "solved."

That's not the point as far as the banks see it.  No one ever solved
traditional check fraud either, they just introduced lots of little
hinderances to writing fake checks and fraudulently cashing real checks such
that the problem became small enough to be written off as a cost of doing
business, and passed on to the consumer either directly or indirectly.

It's really tempting and egalitarian of some of us to think that user
education will solve this problem; but I'd recommend trying to get people to
stop giving out their internet passwords in exchange for a candy bar before
seriously attempting to tackle the phishing problem with this strategy.

Josh

-----Original Message-----
From: Blue Boar [mailto:BlueBoar () thievco com]
Sent: Tuesday, October 04, 2005 8:32 PM
To: Drsolly
Cc: funsec () linuxbox org
Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to
targeted phishing


Drsolly wrote:

Banks could fix the phishing problem if they had the incentive. It isn't 
bad enough yet to make them want to fix it.


I wonder whether it can be solved.  The fundamental problem is that 
people can be tricked into going to a web site that looks like something 
they use, and putting in their creds.  That's set of people A.  You can 
change the legitimate site such that there is something noticably 
different about the legitimate site that some people can notice and pay 
attention to.  Call this set of people B.  How much intersection is 
there between sets A and B?

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- - - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
    - RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
  - Re: Nordea Sweden shuts Internet banking due to targeted phishing Andreas Östling (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targeted phishing Josh Daymont (Oct 05)
  - RE: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re[2]: Nordea Sweden shuts Internet banking due to targeted phishing Pierre Vandevenne (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)