WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Article - A solution to phishing

From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Tue, 30 Nov 2004 11:30:42 +0200

Hi group

I had a look at the passmark web site, and at first it really impressed me, but then got thinking, and currently am at 
the conclusion that it could still be spoofed by another web site.

A spoofed site could still retrieve the "real" information from the site that is spoofed, as and when the user enters 
information. Some of it would be (or could be) hit and miss, but would become gradually easier.

In a Windows environment I would use the MSXML2.ServerXMLHTTP Object to pass on the users information and get responses 
from the real server.

I liked the idea of the picture that the user knows, in the email and on the web site. But surly because the email is 
unsecured, (in transport and storage), the attacked could get the picture and thus display it on the spoofed web site 
for that user.

Possibly for now ,the  attacker would hopefully move to another site that would be easier to spoof then one secured by 
passmark.

Or am I missing something from the presentation?

Regards
  Anton

-----Original Message-----
From: Dave Jevans [mailto:djevans () teros com]
Sent: 30 November 2004 12:55
To: Michael Silk; webappsec () securityfocus com; mb () xato net
Subject: RE: Article - A solution to phishing

Imaged based mutual auth a la passmark can also authenticate the site to
the user.

Confidentiality Warning
=======================

The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
Previous By Date Next
Previous By Thread Next

Current thread: