funsec mailing list archives
Re: The solution to Phishing
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 25 Oct 2005 14:13:19 +1300
Craig Webster to Blanchard_Michael () emc com:
The banks should send out bogus messages just like a real phishing attack and set up a bogus web site that looks just like their real one. If a customer logs into that site from the phishing e-mail, their internet banking privledges are revoked for 30 days. If it happens again, their internet privledges are revoked completely. Done and dusted... Kinda like darwinism with a second chance on life ;-)Won't the victim be lulled into a false sense of security? "Oh, if I enter my account details on the wrong site it's just a 30 day ban..." *bam* no pennies left.
Nah -- that's just "faster Darwinism"... Face it -- some people really are just too stupid to be allowed to do some things (Dubya, president; thousands involved in self-inflicted, non-deliberate gun injuries per year, gun ownership/access; persistent drunks, driving, etc, etc, etc). We don't need a perfectly safe banking system -- we need a banking system that is "safe enough". The _real problem_ (and the one that really bothers me) is how much is it costing me (in terms of extra %'age on my CC interest rate and/or extra %'age on my mortagage and/or in inflated monthly account charges or in reduced %'age interest on my savings, etc, etc) to support the current level of stupidity? I mean, no-one here is gullible enough to believe that the banks actually _lose_ anything from all the identity fraud, etc we are (collectively) suffering, right? So, how much is it costing _me_ to support the current level of idiot allowed to use the currently very weak online banking, sales, etc business? I'd be much happier if I could easily find the comparative monetary cost of what is currently the banks, CC companies, etc deciding that current practice is (near enough to) "safe enough"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The solution to Phishing Blanchard_Michael (Oct 24)
- Re: The solution to Phishing Craig Webster (Oct 24)
- Re: The solution to Phishing Nick FitzGerald (Oct 24)
- Re: The solution to Phishing Drsolly (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 25)
- Re: The solution to Phishing Drsolly (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 25)
- RE: The solution to Phishing Aditya Deshmukh (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 24)
- Re: The solution to Phishing Craig Webster (Oct 24)
- Re: The solution to Phishing Drsolly (Oct 24)
- Re: The solution to Phishing Jim Murray (Oct 24)