Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Article - A solution to phishing

from [Joseph Miller] Network Security [Permanent Link]
Subject: Re: Article - A solution to phishing
Date: Mon, 20 Dec 2004 08:51:50 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exon,
Would you happen to have that script available?  If many people had access to 
this script it could possibly cause DDoS and severely limit spammers.  I 
would, of course, not necessarily recommend this particular action because of 
the legal implications, so I must say, "We could use this as a possible 
threat to illegal spammers".  Thanks for the info.

- -Joseph

On Thursday 16 December 2004 11:47 am, exon wrote:

Ian wrote:

On 14 Dec 2004 at 13:43, Adam Tuliper wrote:

<snip>


Personally, I like stringing them on and giving them false information
and wasting their time. Its fun, I recommend all of you try it : )


You make have stumbled across a solution
here ;)

Why not code an automated system that fills
in their bogus log in screens with false
information?

There are only a limited number of banking
web sites around so a template could be
created for each.

If enough people join in these phishers
would get swamped with information and
wouldn't know the good from the bad.

Thoughts ?


This is known to be effective against spammers which use href-links in
email to verify 'live' email-addresses. It's usually highly effective if
you find something that looks like
www.some-site.com/remove_me.asp?m=email@somewhere.org

I used to get around 400 spam emails a day, so I wrote a quick script to
connect to a couple of these urls a couple of million times with
auto-generated email-addresses. Sometime during the second night of
running I kept getting connection refused and spam dropped down to
around 40 / day.

Another anti-mischief act was when some organisation (can't remember
which) found out the IRL address of a spammer who had used their
mail-server and signed him up for every free hard-copy snailmail ads and
catalogues they could find. As it turned out, the spammer received some
four tons of advertising papers and leaflets through his mailbox in a
week, effectively causing a DoS on his own apartment. Retaliation can be
so fun. ;)

/exon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBxtj4mXZROF+EADURAvNeAJ9oWsMhp3sep2nPSRNeJ3meaT7sEgCghoTH
0yrvOqZjlb8SfrDyf7yc75c=
=JwXW
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [in] Warning about accessing / attacking phising and spoofing sites, Curt Purdy
Next by Date:  Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications", Shade
Previous by Thread:  Re: Article - A solution to phishing, exon
Next by Thread:  Re: Article - A solution to phishing, exon
Indexes:  [Date] [Thread] [Top] [All Lists]