Full Disclosure mailing list archives
n3td3v group slams RSA for encouraging illegal anti-phishing tactics
From: n3td3v <n3td3v () gmail com>
Date: Sat, 1 Apr 2006 00:53:27 +0100
Round-up: "But do you remmeber back to the Make love not spam saga? Yeah, the big players tried to "attack" the bad guys and look were they ended up. You, by attacking anything, forwhatever reason, with the same method as the attacker, could land you in jail. While with your attack you may lock up phishers in coordination with banks, the phishers lawyers could also claim by law, that the anti-phishing site was also breaking the law by flooding a database, even if the database is malicious or otherwise legitmate." "With this in mind, are the RSA say its OK to DDoS fake login pages that the public think are phishing sites with fake information to take the phishing sites down? Or maybe the RSA didn't think too far into it before making their "illegal tactics" public. I guess nobody in the industry learned from makelovenotspam.com and the whole Lycos affair." "Well, Chris, it looks to me by the RSA publishing this information that they are encouraging anyone with a botnet to send thousands of bogus queries to a web form, which would crash a mail server or database, which belonged to a company, that the phishers had previously hacked and the company was previously unaware was being used in a phishing attempt. So now it seems the RSA are sending out information about their activities, which could infulence scriptkids/ hackers etc who own large bot nets to attack anything they see as a "phish". Although, just by individuals of the public sending a single query per user to a phish login form, could cause the same affect as a malicious users bot network." The above is in response to http://news.com.com/2100-1029-6056317.html?tag=tb
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- n3td3v group slams RSA for encouraging illegal anti-phishing tactics n3td3v (Mar 31)