On Wed, Jul 30, 2008 at 7:29 AM, <Glenn.Everhart@chase.com> wrote:
The sender would like to recall the message, "[Full-disclosure] simple
phishing fix".
You mean this email? Seriously, people need to learn that the that
the recall feature in Exchange doesn't work. I don't read every email
in my inbox, but you can be sure I read every email that someone asks
to recall!
---------------------------------------------------------
from Glenn.Everhart@chase.com
to prb@lava.net,
full-disclosure@lists.grok.org.uk
date Tue, Jul 29, 2008 at 11:31 AM
subject Re: [Full-disclosure] simple phishing fix
mailing list full-disclosure.lists.grok.org.uk Filter messages from
this mailing list
mailed-by lists.grok.org.uk
You might eliminate phishing but there are occasionally messages from people at
these institutions also. This sort of thing is in essence allowing phishers a
denial of service attack against anyone they choose to make themselves
a nuisance
with.
I am not well pleased with any bank authentication I have seen so far
personally;
seems to me finance-related messages should be authenticated both ways
and preferably
a confirming authentication to demonstrate the subject agrees with the
transaction
should be done before such are accepted. That kind of thing would be
hard to spoof
and if done right pretty useless to someone who could record entire
transactions.
As for email, judge by its content. This posting for example will do nothing
to your money, sells you nothing. Nor does it ask any information of you. If it
were spoofed it would be harmless.
Glenn Everhart
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
