funsec mailing list archives
Re: Nordea Sweden shuts Internet banking due to targeted phishing
From: Steven Champeon <schampeo () hesketh com>
Date: Wed, 5 Oct 2005 10:50:00 -0400
on Wed, Oct 05, 2005 at 11:34:02AM +0200, Florian Weimer wrote:
* Justin Mason:- Adam Shostack's _Preserving the Internet Channel Against Phishers_, http://www.homeport.org/~adam/phishing.html , in which he gives 4 simple steps that *will* fix the problem.What is the problem? "Phishing" or online fraud?
The problem is that Bank X uses Service Y to send its email. If you go to a Web site https://www.bankx.com to do your banking, but they send email from onlinebanking () outsourced-bank-mailer net (as many banks, sadly, do) then there is no way for the recipient to distinguish between scams and legitimate notices. It doesn't help that given that situation many have come to rely on logos in HTML email rather than whether the sending host is under the bank's control. The weakness in Shostack's approach is that he only recommends that "all your Web sites must belong to you, and show up under your domain". He makes no recommendation regarding the email channel also remaining in the bank's domain. Yes, the phishing actually happens at a Web site to which the user is directed by HTML email and a hidden link. But it's in my interest to prevent email from foo () ebay com coming in from somewhere that isn't under ebay's control, so as to prevent my users from even being exposed to the phish email in the first place. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Steven Champeon (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Justin Mason (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Richard Cox (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)