WebApp Sec mailing list archives
RE: anti-phishing implementation
From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Sat, 20 Aug 2005 12:55:51 +0200
Lyal, I am not sure I quite understand the concept you have introduced of gateway-recipient trust. The recipient trusts his gateway and therefore trusts that gateway that all email sent from that gateway is indeed valid and not malicious in any way? What I'm trying to understand mainly is feasibility. How is the gateway going to determine between "right" and "wrong". How can the gateway authenticate senders? That will require a large database of who is who and good anti-spoofing mechanisms since the whole system is going to rely on the information of who the sender is. Have I completely misunderstood you? Irene ---------------- Irene Abezgauz Application Security Consultant Hacktics Ltd. Mobile: +972-54-6545405 Web: www.hacktics.com -----Original Message----- From: Lyal Collins [mailto:lyal.collins () key2it com au] Sent: Saturday, August 20, 2005 7:33 AM To: 'Bjorn Borg'; bugtraq () securityfocus com; focus-virus () securityfocus com; focus-ms () securityfocus com; honeypots () securityfocus com; pen-test () securityfocus com; security-basics () securityfocus com; security-management () securityfocus com; forensics () securityfocus com; webappsec () securityfocus com; secureshell () securityfocus com Subject: RE: anti-phishing implementation There is another strategy that the industry has almost totally ignored - allow the recipient to verify the sender's identity. Not verifed -> delete the email. This does not mean S/MIME, PGP or added email headers etc, but may also use those techniques as well. It means the sender and recipient can trust each other that the email they send each other, and thus can treat all other email as suspect. In the distributed internet, this would probably be best implemented in selected gateways that authenticate senders, so the trust is gateway-recipient, rather than the more complex sender-recipient, sicne the former scenario has less trust paths than the latter. This needs no databases, and no arms race of trying to keep up with spammers tools. Lyal -----Original Message----- From: Bjorn Borg [mailto:bjorn.brg () gmail com] Sent: Friday, 19 August 2005 11:30 PM To: bugtraq () securityfocus com; focus-virus () securityfocus com; focus-ms () securityfocus com; honeypots () securityfocus com; pen-test () securityfocus com; security-basics () securityfocus com; security-management () securityfocus com; forensics () securityfocus com; webappsec () securityfocus com; secureshell () securityfocus com Subject: anti-phishing implementation Hi everyone, I just started to develop an anti-phishing tool for my thesis. The tool should have two tasks. First one is to detect and prevent known attacks from web-based and POP3 emails. Second is to analyze emails' content to identify unknown phishing email and spoofed link. To make the first task work, I need a full database of known phishing emails, links. Anybody know where I can get this database? I really appreciate any suggestion about how to make this tool work, sources,... Many thanks, Bjorn Kungliga Tekniska Hogskolan, Stockholm, Sweden -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 8/19/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 8/19/2005
Current thread:
- anti-phishing implementation Bjorn Borg (Aug 19)
- Re: anti-phishing implementation Saqib Ali (Aug 19)
- Re: anti-phishing implementation Rob Skedgell (Aug 19)
- RE: anti-phishing implementation Lyal Collins (Aug 20)
- RE: anti-phishing implementation Irene Abezgauz (Aug 20)
- RE: anti-phishing implementation Lyal Collins (Aug 20)
- Re: anti-phishing implementation Bjorn Borg (Aug 21)
- RE: anti-phishing implementation Lyal Collins (Aug 21)
- RE: anti-phishing implementation wilsonc (Aug 23)
- RE: anti-phishing implementation Irene Abezgauz (Aug 20)
- Re: anti-phishing implementation Saqib Ali (Aug 19)