nanog mailing list archives

Re: Phishing (Was Re: WashingtonPost computer security stories)

From: Tim Wilde <twilde () dyndns org>
Date: Tue, 17 Aug 2004 09:06:30 -0400 (EDT)


On Tue, 17 Aug 2004, Eric Kuhnke wrote:

It's a 1 line rule with mod_rewrite and apache to block
nonexistant or off-site http referers attempting to display
GIF/JPG/PNG images...  Sometimes I wonder why Citibank,
Paypal and others don't do this.  It would cut down on the
displayed authenticity level of many basic phishes.


Because many (broken) browsers/proxies/"firewalls"/etc block or forge
referrer headers "for security" and they'd quadruple their tech support
load with all their idiot customers using Norton Internet Security or
other similar products calling in saying "why don't I get any images on
the site?  waah!"  This simply isn't an option in the real world.

-- 
Tim Wilde
twilde () dyndns org
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/

Current thread:

Re: Phishing (Was Re: WashingtonPost computer security stories), (continued)
- - - Re: Phishing (Was Re: WashingtonPost computer security stories) Mark Kasten (Aug 16)
  - Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 16)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Sean Donelan (Aug 16)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Richard Cox (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Eric Kuhnke (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Tim Wilde (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Edward B. Dreger (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Brett (Aug 18)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 17)
- Re: WashingtonPost computer security stories Brandon Butterworth (Aug 15)
- FW: WashingtonPost computer security stories Joe Johnson (Aug 15)
- RE: WashingtonPost computer security stories Joe Johnson (Aug 15)
  - Re: WashingtonPost computer security stories Alexei Roudnev (Aug 15)
    - Re: WashingtonPost computer security stories Fred Baker (Aug 15)
  - RE: WashingtonPost computer security stories Michael . Dillon (Aug 16)

(Thread continues...)