nanog mailing list archives
Re: Phishing (Was Re: WashingtonPost computer security stories)
From: Brett <bretton () gmail com>
Date: Wed, 18 Aug 2004 15:01:59 -0700
I received a few messages as well, one with US Bank, which I don't have an account with, and they both had images attached. The image was displayed, without any external connection. As far as fighting abuse with abuse, it's not *always* a bad idea. If the databases are filled with bad entries, it will be too costly to sort through valid data. Other people will cease to purchase information from the phisher because of unreliable data, or less will be paid. Either way, there will be less money in the particular method and less of an incentive. It will not stop phishing totally, but why make it easier? If you've got some extra time to write something, then go for it. As far as legal concerns, there is no law against lying to someone that is trying to steal from you. -b On Tue, 17 Aug 2004 09:06:30 -0400 (EDT), Tim Wilde <twilde () dyndns org> wrote:
On Tue, 17 Aug 2004, Eric Kuhnke wrote:It's a 1 line rule with mod_rewrite and apache to block nonexistant or off-site http referers attempting to display GIF/JPG/PNG images... Sometimes I wonder why Citibank, Paypal and others don't do this. It would cut down on the displayed authenticity level of many basic phishes.Because many (broken) browsers/proxies/"firewalls"/etc block or forge referrer headers "for security" and they'd quadruple their tech support load with all their idiot customers using Norton Internet Security or other similar products calling in saying "why don't I get any images on the site? waah!" This simply isn't an option in the real world. -- Tim Wilde twilde () dyndns org Systems Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
Current thread:
- Re: Phishing (Was Re: WashingtonPost computer security stories), (continued)
- Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Richard Cox (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Eric Kuhnke (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Tim Wilde (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Edward B. Dreger (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Brett (Aug 18)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 17)
- Re: WashingtonPost computer security stories Alexei Roudnev (Aug 15)
- Re: WashingtonPost computer security stories Fred Baker (Aug 15)
- RE: WashingtonPost computer security stories Michael . Dillon (Aug 16)
- Re: WashingtonPost computer security stories Jeff Shultz (Aug 16)