Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Article - A solution to phishing

from [Joseph Miller] Network Security [Permanent Link]
Subject: Re: Article - A solution to phishing
Date: Thu, 25 Nov 2004 23:48:20 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael, I have to give you kudos for working on a solution.  However, I have 
to say that you solution stinks.  We definitely need more creativity and 
ideas to fix this and I think that you have been creative but not worked with 
the reality of the situation. Users will fight for simplicity, even if it 
exposes them to losing thousands of dollars.  And as you said, the emails 
would not be encrypted.  Any sysadmin or hacker who could break into a 
vulnerable email server has access to the emails and those passwords.  
Obviously, it would not be long before the hacker would be stopped, but he 
doesn't have to get but one account if he knows which one, right?  Each 
website may choose its own method of password creation, even though you 
specifically stated that they should choose good passwords, they might choose 
a crappy incremental scheme anyways and circumvent the whole process.  There 
are simply too many steps, each of which could fail and be disastrous.  But 
keep thinking, one day we will have a half-solution to the problem.  I don't 
believe that it can ever be completely fixed.  99.9% of humans live by 
perception, and that is what phishing thrives on.

- -Joseph Miller

On Monday 22 November 2004 10:40 pm, Michael Silk wrote:

Hi,

    Just a quick little article about a login system that, should (i
think :)), prevent phishing attempts on your site.


http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm
l

    Have a look at it and let me know what you think ... and apologies
to anyone if an idea like this is already out there :)

-- Michael


**********************************************************************
This email message and accompanying data may contain information that is
confidential and/or subject to legal privilege. If you are not the intended
recipient, you are notified that any use, dissemination, distribution or
copying of this message or data is prohibited. If you have received this
email message in error, please notify us immediately and erase all copies
of this message and attachments.

This email is for your convenience only, you should not rely on any
information contained herein for contractual or legal purposes. You should
only rely on information and/or instructions in writing and on company
letterhead signed by authorised persons.
**********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBprWXmXZROF+EADURAmqhAJ43mQxv3dTmsQZz6fgoSL8m1INdLwCeOOgi
Tgjx+UKNzYWN406YQwEC+HE=
=N++X
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Article - A solution to phishing, ZedGama3
Next by Date:  ActiveX controls within an Intranet Environment, Marian Fitzgerald
Previous by Thread:  Re: Article - A solution to phishing, ZedGama3
Next by Thread:  Re: Article - A solution to phishing, Peter Conrad
Indexes:  [Date] [Thread] [Top] [All Lists]