RE: The solution to Phishing

[Blanchard_Michael () emc com]

That might work too :-)


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I 
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: Jeff Rosowski [mailto:rosowskij () ie ymp gov] 
Sent: Monday, October 24, 2005 4:05 PM
To: Blanchard, Michael (InfoSec)
Cc: funsec () linuxbox org
Subject: Re: [funsec] The solution to Phishing

*** PGP SIGNATURE VERIFICATION ***
*** Status:   Unknown Signature
*** Signer:   Unknown Key (0xEA03E83F)
*** Signed:   10/24/2005 4:04:49 PM
*** Verified: 10/24/2005 4:19:04 PM
*** BEGIN PGP VERIFIED MESSAGE ***

> The banks should send out bogus messages just like a real phishing attack
> and set up a bogus web site that looks just like their real one.  If a
> customer logs into that site from the phishing e-mail, their internet
> banking privledges are revoked for 30 days.  If it happens again, their
> internet privledges are revoked completely.
>
>  Done and dusted... Kinda like darwinism with a second chance on life ;-)

How about we just ship everyone who falls for a phishing scam off to some 
uninhabited island somewhere.

But really, I think requiring users to use a public/private key system to 
secure all financial transactions would be a good step in the right 
direction.  Though I also see users easily being fooled into screwing up 
even that.  So who knows.


*** END PGP VERIFIED MESSAGE ***

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.