Network Security: Detailed info on Re: New whitepaper "The Phishing Guide"

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: New whitepaper "The Phishing Guide"

from [Daniel Veditz] Network Security

[Permanent Link]

Subject:	Re: New whitepaper "The Phishing Guide"
Date:	Fri, 24 Sep 2004 11:39:02 -0700

Aleksandar Milivojevic wrote:

Gunter Ollmann (NGS) wrote:

While the Phishers develop evermore sophisticated attack vectors [...]
Customers too have become wary of "official" email, and organisations
struggle to install confidence in their communications.


Sometimes it's unbelivable how long it takes organizations to discover 
that email can be signed.  Especially nowdays when all major mail 
readers have support for at least S/MIME


How does that help in practice? A user fooled by a link to ebay-support.com
is just as likely to accept signed mail from foo@ebay-support.com. Not to
mention that the potential profits from phishing could easily finance the
purchase of a forged cert if someone at one of the built-in CA's was
corruptible. Given the several that are based in 3rd world companies (not to
mention recent US corporate scandals) I have no confidence that won't
eventually happen.

-Dan Veditz

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
New whitepaper "The Phishing Guide", Gunter Ollmann (NGS) Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic Re: New whitepaper "The Phishing Guide", Seth Arnold Re: New whitepaper "The Phishing Guide", Greg A. Woods Re: New whitepaper "The Phishing Guide", Crispin Cowan Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic Re: New whitepaper "The Phishing Guide", Daniel Veditz <= Re: New whitepaper "The Phishing Guide", Chip Andrews Re: New whitepaper "The Phishing Guide", Philip Stoev Re: New whitepaper "The Phishing Guide", Brian Dessent Re: New whitepaper "The Phishing Guide", Juraj Bednar Re[2]: New whitepaper "The Phishing Guide", Karsten Heidrich

Previous by Date:	New Macromedia Security Zone Bulletins Posted, Macromedia Security Zone
Next by Date:	Re: cdrecord local root exploit, Dr Andrew C Aitchison
Previous by Thread:	Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic
Next by Thread:	Re: New whitepaper "The Phishing Guide", Chip Andrews
Indexes:	[Date] [Thread] [Top] [All Lists]