Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [HV-PAPER] Anti-Phishing Tips You Should NotFollow

From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Fri, 31 Mar 2006 14:42:55 +0100
Jasper Bryant-Greene wrote:

Marcos Agüero wrote:

Jasper Bryant-Greene escribió:

Seriously though, it wouldn't be that hard to forward the POST on
to the real bank website, would it?

I think so, but would be very easy to detect. Logs would show lots of
diferent user logging in from the same IP Address.


Phishing scams are public in nature. They aren't trying to avoid
detection :) and the IP address would of course be spoofed.


  No it wouldn't.  IP address spoofing is easy over UDP but incredibly 
difficult over TCP.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: