Bugtraq mailing list archives
Re: Amazon phishing scam on Yahoo servers
From: Stefan Kelm <stefan.kelm () secorvo de>
Date: Fri, 24 Feb 2006 10:02:12 +0100
Surely someone, somewhere, has to take some responsibility for allowing domains to be created which are clearly and obviously bogus. Who could possibly have a reason to register paypal-unlocking.net?
The problem is, there's no such thing as a domain which is,
or which is not "clearly and obviously bogus". There won't
be internationally applicable rules (i.e., blacklists and
whitelists) that describe the "validity" of domain names.
What if there actually exists a company called paypal
unlocking (TM) somewhere in the remote outskirts of a tasmanian
village? We simply can't build security mechanisms which rely
on domain names. That has been, and still is, the
major problem with protocols like SSL/TLS which are
otherwise technically sound.
Cheers,
Stefan.
-------------------------------------------------------
Stefan Kelm
Security Consultant
Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm () secorvo de, http://www.secorvo.de/
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
Current thread:
- Amazon phishing scam on Yahoo servers Paul Laudanski (Feb 21)
- Re: Amazon phishing scam on Yahoo servers Steve Friedl (Feb 23)
- Re: Amazon phishing scam on Yahoo servers Paul Laudanski (Feb 23)
- <Possible follow-ups>
- RE: Amazon phishing scam on Yahoo servers Geoff Vass (Feb 23)
- RE: Amazon phishing scam on Yahoo servers Paul Laudanski (Feb 23)
- Re: Amazon phishing scam on Yahoo servers Vincent Archer (Feb 26)
- Re: Amazon phishing scam on Yahoo servers Stefan Kelm (Feb 26)
- Re: Amazon phishing scam on Yahoo servers Elizabeth Zwicky (Feb 26)
- RE: Amazon phishing scam on Yahoo servers Alex Eckelberry (Feb 23)
- Re: Amazon phishing scam on Yahoo servers Steve Friedl (Feb 23)