PaulDotCom mailing list archives
Re: How to detect phishing and spoofed websites
From: Robert Cazares <robertcazares () gmail com>
Date: Thu, 13 Dec 2012 14:52:50 -0800
Aye mateys and mateyettes, I'm such a stickler for review, review, review, have someone else review, then maybe review again, then release to the wild. What I refer to is a typo in the morningstarsecurity.com/research/urlcrazy page. And that typo is a reference to google.com that is spelled "goole.com". Silly, I know. But when you're talking about a tool that checks for these types of things, phishing/spoofing, one-letter-off web site names and their brethren, please please please spell check before releasing. Whew (. . .) ---------------------------------------------------------------------------------------------------------------- Find it here - ------------------------------- Popularity Estimate We can estimate the relative popularity of a typo by measuring how often that typo appears on webpages. Querying goole.com for the number of search results for a typo gives us a indication of how popular a typo is. ------------------------------- ---------------------------------------------------------------------------------------------------------------- I have not run the tool myself, BUT it looks like a great tool to have in your kit. I have security questions and will return soon enough. Six, two and even Over and out - Robert On Thu, Dec 13, 2012 at 7:09 AM, swierckxlists <swierckxlists () gmail com> wrote:
Hi Brian, Part of the research/finding out if this is happening to you or your company can be automated using the URLCrazy tool (http://www.morningstarsecurity.com/research/urlcrazy), the tool has been reviewed / described in this blog post: http://www.ihackforfun.eu/index.php?title=urlcrazy-is-someone-spying-on Strider is a similar tool by Microsoft but URLCrazy is open source and can be adapted to your needs if further automation is needed. Greets Steven On 12/12/2012 15:43, Brian Erdelyi wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishing attacks. I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developer do to make it easier to detect phishing attacks and spoofed websites?
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- How to detect phishing and spoofed websites Brian Erdelyi (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites Bill Swearingen (Dec 12)
- Re: How to detect phishing and spoofed websites Brian Erdelyi (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites Robert Cazares (Dec 13)
- <Possible follow-ups>
- Re: How to detect phishing and spoofed websites Ian Ahl (Dec 14)
- Re: How to detect phishing and spoofed websites Tim Krabec (Dec 14)