Educause Security Discussion mailing list archives
Re: Phishing Links
From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Wed, 7 Jul 2010 20:43:48 +0000
But now all the phishers know what to include in their messages to you. :) A signature that includes a link to a site with an SSL cert and that requires client cert authentication might do the trick assuming all the recipients have a client cert and people can be trained on what to expect when that verification site is clicked. (e.g. Certificate error vs password login screen) Of course, the link doesn’t have to convince someone to provide passwords and bank account numbers to be effectively malicious. Some just want the recipient to click the link so whatever buggy, bloated document reader or media player that might be installed can be exploited. On 7/7/10 4:34 PM, "Ben Woelk" <fbwis () RIT EDU> wrote: We handled the authenticity of messages a little differently. We have a signature standard with required elements. In addition, any message that arrives with the term “password” gets a warning prepended to it. Our signature standard is at http://security.rit.edu/signaturestd.html
Current thread:
- Re: Phishing Links, (continued)
- Re: Phishing Links Joel Rosenblatt (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 20)
- Windows 0-day David Opitz (Jul 21)
- Re: Windows 0-day Greg Williams (Jul 21)
- Re: Windows 0-day Greg Williams (Jul 27)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
- Re: Phishing Links James Farr '05 (Jul 08)