Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Phishing Solutions (was: Phishing - feature or flaw)

from [Chris Brenton] Network Security [Permanent Link]
Subject: Phishing Solutions (was: Phishing - feature or flaw)
Date: Mon, 27 Jun 2005 07:56:21 -0400 
On Fri, 2005-06-24 at 18:38, Secure Science Corporation Bugtraq wrote:


Are these really features, or are they flaws now because of the phishing 
threat vector. Originally javascript/DHTML/DOM is pretty powerful and 
can do a lot of nasty stuff if someone were inclined. But phishing has 
caused us to take a look at the once dubbed features of DHTML, and 
possibly put responsibility onto the browser vendors for fixing these 
now dubbed "flaws".


Regarding fixes, I'm curious what people are doing to solve this
problem. Attacking it at the browser level is not exactly efficient,
especially if you have a large network.

Personally, I've been messing around with MailScanner and I'm pretty
impressed with its ability to detect and neutralize phishing attacks.
For example:

Jun 25 04:09:49 mail MailScanner[2158]:
/var/spool/MailScanner/incoming/2158/./j5P89ZEp006346/msg-2158-2.html:
HTML.Phishing.Pay-25 FOUND
Jun 25 07:47:18 mail MailScanner[2096]: Found ip-based phishing fraud
from 202.71.230.67 in j5PBlCed008230
Jun 25 09:54:45 mail MailScanner[8385]: Found phishing fraud from
mail.yahoo.com claiming to be www.yahoo.com in j5PDsaTH009054
Jun 25 14:13:38 mail MailScanner[10527]: Found phishing fraud from
webserver.osdepym.com.ar claiming to be www.paypal.com in j5PIDRkJ010804

Obviously the Yahoo entry is a false positive, but you can simply add it
to a white list to keep it from being flagged in the future. Once
detected, you can delete the e-mail, neutralize the URL and pass it
through with a warning banner, ignore it, or what ever you want. Pretty
cool stuff.

Just curious if others have run across similar solutions out there and
whether you think they are effective or not.

Cheers,
Chris
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Denial of Service Vulnerability in True North Software, Inc. IA eMailServer Corporate Edition Version: 5.2.2. Build: 1051., Reed Arvin
Next by Date:  Nokia Symbian 60 "BLUETOOTH NICKNAME" Remote Restart, Qnix
Previous by Thread:  Phishing - feature or flaw, Secure Science Corporation Bugtraq
Next by Thread:  Re: Phishing - feature or flaw, David A. Wheeler
Indexes:  [Date] [Thread] [Top] [All Lists]