WebApp Sec mailing list archives
Webapp-level protection/detection of Pharming attacks
From: "WebAppSecurity [Technicalinfo.net]" <webappsec () technicalinfo net>
Date: Tue, 21 Jun 2005 19:35:05 +0100
Hey List, I'm in the final throws of pulling together a detailed paper about the different pharming attack techniques. Now, while it's mostly about DNS, there are a number of methods and schemes that can be used at the webapp server side (or webapp logic) to help customers discover whether they've hit the real site or not. I already have a number of methods I've developed to help out against the different Phishing attacks, but I'd like to see if anyone else has some cool ideas I havn't thought about that are worth while including in the paper. If you're wondering about the structure of the paper, you can see my earlier paper from last year about Phishing attacks for reference (http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf). This paper will focus on the Pharming side of things (including the DNS attacks, "the New DNS" of search engines, intermediary vector that can change host to IP resolution such as proxies/WPAD/caches etc.). So, if you've got some cool ideas - mainly those that can be implemented at the server-side and would be applicable for retail or banking sites - let me know (and the list of course!) Cheers, Gunter
Current thread:
- Re: Should login pages be protected by SSL?, (continued)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 21)
- Message not available
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 21)
- Re: Should login pages be protected by SSL? Ian Rogers (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
- RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
- Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 22)