Re: Discovering and Stopping Phishing/Scam Attacks

[Andrew Kopp <andrew.kopp () kuehne-nagel com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have an idea that will blow this one out of the water!

Are you ready for it?!?!


a FOURTH login field!!!



The question should be: "Who invented this authentication scheme?!?!?"

And if that fails we'll just keep adding the fields until the user
doesn't come back because he can't remember the answers.

</sarcasm>

Ok seriously, you really think a third field is going to protect ANY
authentication scheme from phishing? Thats like saying: I'm going to tow
a car up a steep hill with 4 ropes instead of 2 chains. Even though the
chains would probably be stronger, BOTH have the capability of breaking
just as easy. (and don't start on the thickness of the ropes/chains,
thats not the point)

The reason this won't work, and proof of it: That three/four digit
security code on the back of your credit cards that everyone and their
mother asks for.... hasn't helped at all. Credit card fraud is at an all
time high, hell even Visa and Mastercard are profiting off it while
advertising their "no liability on online purchases" crap.

Authentication schemes today are screwed up. There isn't one that is
100% secure. Not even biometric systems. Its not the scheme that needs
to change, its the idea of authentication that needs to change.

Whats lacking? EDUCATION. People don't care, everyone thinks "It won't
happen, to me, what did I do wrong?"

Educate the users, don't assume they'll be able to figure it out.
Because they won't.


Regards,


Andrew Kopp/TorZWE


key: 86EC5112
fingerprint: 514D 86EA 0A02 EF26 13D8  9663 BE6A 5DE5 86EC 5112



webcenter () sapo pt wrote:
> ok mr. moderator...
>
> i think the real problem to phishing exists is the weak process of
login systems
> today...
>
> anyone just needs a login and password, to be authenticated, i think web
> aplications needs to change login systems... to be more tight... and the
> phishers maybe loose there hope to grep information very easy with just a
> username and password...
>
> my idea and solution to a new login system is this...
>
> creating a 3rd field, this 3rd field the user will choose... it will
work like
> saying yes this is the real bank system welcome back mr. user insert your
> password...
>
> the process...
>
> 1rst page
> user -> puts the username...
>
> second page..
>
> 3rd field -> what is your cat name? now the user knows that this was the
> question that he have put int the 3rdfield from the real bank site (he
can put
> what he want)...
> password ?? -> user puts the password.. he is athenticated.
>
> now the phishers they have more work, needs two process to gain access
to the
> bank user account...
>
> first they need to colect the username to get the 3rd field... and
they need to
> put the 3rdfield in the false website... to get the password... but
this is the
> deal...
>
> when a user or anyone, puts the username in this login system needs to
proceed
> with a password, if not, if the user close the browser, if he tries
3times and
> can't login, the system will block the username and send a email to
the real
> user, a code to unblock the username and force the user to change the
username
> and 3rd field... and now the phishers don't know again what will be
the new
> username and 3rdfield...
>
> this system, is nothing from other planet and i think that help a lot
the users,
> and will stop a litle or a big % this phisher mans...
>
>
> regards
> Nuno Costa
>
> -----Original Message-----
> From: Krul Thomas [mailto:Thomas.Krul () psepc-sppcc gc ca]
> Sent: April 27, 2005 10:31 AM
> To: 'Alex'; incidents () securityfocus com
> Subject: RE: Discovering and Stopping Phishing/Scam Attacks
>
> I received a phishing scam email for RBC Bank literally moments ago.
> The
> Web site is based in the Czech Republic with very little in the way
> to
> disguise the address of the site. (At last check, the site was still
> up
> at:
> http://updatestatus.webz.cz/rbc/cgi-bin/rbaccess/login.html)
>
> Odd, either there are some newbie phishers out there, or they are
> starting to realise that no matter how much they disguise their sites
> someone will be having them shut down soon enough so catching the
> uninformed in the few moments they have is paramount. Will we be
> seeing
> an increase in the diversity of referring addresses in a flooding
> attempt to catch the last remaining moms and pops who don't know
> better
> versus well-crafted addresses that don't arouse suspicions?
>
> -----Original Message-----
> From: Alex [mailto:incidents () alex gotdns org]
> Sent: Tuesday, April 26, 2005 7:51 PM
> To: incidents () securityfocus com
> Subject: Re: Discovering and Stopping Phishing/Scam Attacks
>
> I agree that checking by referer addresses is a powerful way to
> detect
> phishing sites, but such logs can easily be adverted?
>
> Doesn't some anti-popup software remove referer fields?
>
> Simple use of javascript can allow a page to fetch anything without
> showing
> up in referer logs.
>
> While we are on the subject, has anyone come across commercial and/or
> government websites being (illegally?) mirrored?
>
> For example, I recently came a website located on a (Asian?) hosting
> provider where the content of the website was EXACTLY that of a
> well-known
> US govt website. (It appeared that they ran the equivalent of a
> recursive
> "wget" on the real site and hosted the files). It appeared to be
> several
> layers deep.
>
> Why would anyone want to do that?
>
> -Alex
>
> ------------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks
> from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>
> to learn more.
> ------------------------------------------------------------------------
> --
>
> ------------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks
> from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>
> to learn more.
> ------------------------------------------------------------------------
> --
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks
> from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>
>
>
>
> SMS GRÁTIS do seu PC para qualquer rede nacional (TMN, Vodafone,
Optimus e PTC). Basta instalar o SAPO Messenger e adicionar amigos!
> Vá agora a : http://messenger.sapo.pt/sms/
>
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: .

iD8DBQFCcQ5vvmpd5YbsURIRAoU/AJ0eCO9f0j965CyloSYYoTdHo/yfmQCdH6Az
1yrHsQZ4Ed6aoPOj96zM2R4=
=JCSO
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------