Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Amazon phishing scam on Yahoo servers

from [Elizabeth Zwicky] Network Security [Permanent Link]
Subject: Re: Amazon phishing scam on Yahoo servers
Date: Thu, 23 Feb 2006 13:23:34 -0800 

On Feb 21, 2006, at 11:02 PM, Geoff Vass wrote:

Surely someone, somewhere, has to take some responsibility for allowing
domains to be created which are clearly and obviously bogus.


Working on a mail system transition for a national telecomm,
I worked with a consultant (like me, a US national at the time
based in yet another country) who claimed to have double-checked
the list of sites to be marked as internal (i.e., customers
of that national telecomm). When we pointed out that a good
20% of them were clearly bogus (a software error), as noted
immediately by the first person who saw email to their largest
competitor marked as internal, she said that she couldn't be
expected to know the details of local companies. Well, I dunno,
I thought if I knew who my client's largest competitor was,
and they advertised on all the busses, it shouldn't be that
difficult, really, but most importantly, the second domain on
the "internal" list was aol.com, which, you may note, is
a well-known US company unlikely to be buying its Internet
connectivity from a non-US telecomm.

Which is to say, wouldn't surprise me at all if I managed
to register a domain to George W. Bush at 1500 Pennsylvania
Ave. At a US registrar, even. Such errors are in my experience
more likely to be caught by software than by the humans who
ought to be good at it, because the human beings are too bored
or too uninterested.

        Elizabeth Zwicky
        zwicky@otoh.org

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Amazon phishing scam on Yahoo servers, Stefan Kelm
Next by Date:  [Full-disclosure] WebEx, Terminal Entry
Previous by Thread:  Re: Amazon phishing scam on Yahoo servers, Stefan Kelm
Next by Thread:  RE: Amazon phishing scam on Yahoo servers, Alex Eckelberry
Indexes:  [Date] [Thread] [Top] [All Lists]