Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Article - A solution to phishing

from [Damhuis Anton] Network Security [Permanent Link]
Subject: RE: Article - A solution to phishing
Date: Tue, 30 Nov 2004 11:30:42 +0200 

Hi group

I had a look at the passmark web site, and at first it really impressed me, but 
then got thinking, and currently am at the conclusion that it could still be 
spoofed by another web site.

A spoofed site could still retrieve the "real" information from the site that 
is spoofed, as and when the user enters information. Some of it would be (or 
could be) hit and miss, but would become gradually easier.

In a Windows environment I would use the MSXML2.ServerXMLHTTP Object to pass on 
the users information and get responses from the real server.

I liked the idea of the picture that the user knows, in the email and on the 
web site. But surly because the email is unsecured, (in transport and storage), 
the attacked could get the picture and thus display it on the spoofed web site 
for that user.

Possibly for now ,the  attacker would hopefully move to another site that would 
be easier to spoof then one secured by passmark.

Or am I missing something from the presentation?

Regards
  Anton

-----Original Message-----
From: Dave Jevans [mailto:djevans@teros.com]
Sent: 30 November 2004 12:55
To: Michael Silk; webappsec@securityfocus.com; mb@xato.net
Subject: RE: Article - A solution to phishing

Imaged based mutual auth a la passmark can also authenticate the site to
the user.

Confidentiality Warning
=======================

The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Betr.: Fwd: PHP Easter Eggs, Philip Wagenaar
Next by Date:  RE: Article - A solution to phishing, WebAppSecurity [Technicalinfo.net]
Previous by Thread:  Re: Article - A solution to phishing, Rogan Dawes
Next by Thread:  Re: Article - A solution to phishing, Michael Silk
Indexes:  [Date] [Thread] [Top] [All Lists]