I think there have been a lot of good suggestions and ideas in response to
the original message. I thank you that went easy on me for not mentioning
checking the referrer field in website logs. That is also a great idea and
would most likely effectively accomplish the same goal as using multiple
image names. However, I think a few people are missing the point. I do
realize that they could check the website to see if they have done this or
simply just host the files themselves. This would perhaps temporarily
circumvent the image renaming method. Checking the referrer to the images
in the log files would still be possible.
The main point of all of this is to remain passive. Your goal is not to
show them an anti-fraud image or websites from accessing your images. The
point is to quickly detect these websites, shut them down, and do what is
possible to stop any perpetrators. At the same time I think this thread has
struck a nerve that perhaps these banking and e-commerce websites could do
more to educate users and try and stop customers from falling for this sort
of thing. Then again, we all know a sucker is born every minute.
Thanks for all the replies. I think there have been a lot of good
suggestions and insights into this whole process.
Steven
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
