Full Disclosure mailing list archives
Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY
From: ducki3 <duckie37 () gmail com>
Date: Fri, 31 Mar 2006 17:04:32 -0500
In any case, it's clear that the person who posted that response has *no idea* how most bank's anti-fraud systems work. First off, the phishers *can't* just run through all the data they've gotten in just a few seconds, unless they distributed the work across a bunch of botnet zombies - hits for more than a few dozen different accounts from the same IP in the same timespan are suspicious at the very least. Secondly, the phishers can currently usually be sure that the victims have given them reasonably good data (unless the victim is a dweeb who can't enter their DoB or account number correctly). On the other hand, if the phished data has been polluted by 90% bad data, then only 1 of 10 attempted transactions will succeed - and the fact that they're trying lots of different bad data will again hopefully trigger an alert. If you only succeed every 10th time, and you get locked out after 3 attempts with different bad data, it's going to take you a lot longer to figure out which ones are good and which ones are bad....
Consider that some of these fake accounts could also be used as Honey keys. They would of course have to work in conjunction with the banks / sites to utilize this. It would be rather difficult for a phisher to sort through thousands of Id's when IP addresses keep getting shut off based on a Honey Key. You would have to own a lot of BOTs and a lot of patience. Duck _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY, (continued)
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY Valdis . Kletnieks (Mar 31)
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY Nancy Kramer (Mar 31)
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Message not available
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- RE: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY php0t (Mar 31)
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- RE: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY php0t (Mar 31)
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Message not available
- Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY Valdis . Kletnieks (Mar 31)
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY Steven (Mar 31)
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)
- Message not available
- Re: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY n3td3v (Mar 31)