WebApp Sec mailing list archives
RE: Article - A solution to phishing
From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Tue, 30 Nov 2004 11:30:42 +0200
Hi group I had a look at the passmark web site, and at first it really impressed me, but then got thinking, and currently am at the conclusion that it could still be spoofed by another web site. A spoofed site could still retrieve the "real" information from the site that is spoofed, as and when the user enters information. Some of it would be (or could be) hit and miss, but would become gradually easier. In a Windows environment I would use the MSXML2.ServerXMLHTTP Object to pass on the users information and get responses from the real server. I liked the idea of the picture that the user knows, in the email and on the web site. But surly because the email is unsecured, (in transport and storage), the attacked could get the picture and thus display it on the spoofed web site for that user. Possibly for now ,the attacker would hopefully move to another site that would be easier to spoof then one secured by passmark. Or am I missing something from the presentation? Regards Anton -----Original Message----- From: Dave Jevans [mailto:djevans () teros com] Sent: 30 November 2004 12:55 To: Michael Silk; webappsec () securityfocus com; mb () xato net Subject: RE: Article - A solution to phishing Imaged based mutual auth a la passmark can also authenticate the site to the user. Confidentiality Warning ======================= The contents of this e-mail and any accompanying documentation are confidential and any use thereof, in what ever form, by anyone other than the addressee is strictly prohibited.
Current thread:
- RE: Article - A solution to phishing, (continued)
- RE: Article - A solution to phishing Dave Jevans (Nov 29)
- RE: Article - A solution to phishing Dave Jevans (Nov 30)
- RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 30)
- RE: Article - A solution to phishing Michael Silk (Nov 30)
- Re: Article - A solution to phishing Jeremiah Grossman (Dec 01)
- Re: Article - A solution to phishing Adam Shostack (Dec 02)
- Re: Article - A solution to phishing [Passmark] Jeremiah Grossman (Dec 02)
- Re: Article - A solution to phishing Robert Hajime Lanning (Dec 02)
- Re: Article - A solution to phishing Jeremiah Grossman (Dec 01)
- RE: Article - A solution to phishing Michael Silk (Nov 30)
- Re: Article - A solution to phishing Jimi Thompson (Dec 01)
- RE: Article - A solution to phishing Damhuis Anton (Nov 30)
- Re: Article - A solution to phishing Marco Aurelio dos Santos (Dec 23)
- Re: Article - A solution to phishing Marco Aurelio dos Santos (Dec 23)
- Re: Article - A solution to phishing Michael Silk (Dec 28)
- Web Application Security Testing Procedures Lecia McCalla (Dec 30)
- Re: Web Application Security Testing Procedures HernĂ¡n M . Racciatti (Dec 30)
- Re: Web Application Security Testing Procedures Adam Tuliper (Dec 30)
- Re: Web Application Security Testing Procedures Saqib Ali (Dec 31)
- Web Application Security Testing Procedures Lecia McCalla (Dec 30)