Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Article - A solution to phishing

from [Rogan Dawes] Network Security [Permanent Link]
Subject: Re: Article - A solution to phishing
Date: Wed, 22 Dec 2004 14:16:03 +0100
Joseph Miller wrote: 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 16 December 2004 11:47 am, exon wrote:

Ian wrote:

On 14 Dec 2004 at 13:43, Adam Tuliper wrote:

<snip>

Personally, I like stringing them on and giving them false information
and wasting their time. Its fun, I recommend all of you try it : )


You make have stumbled across a solution
here ;)

Why not code an automated system that fills
in their bogus log in screens with false
information?

There are only a limited number of banking
web sites around so a template could be
created for each.

If enough people join in these phishers
would get swamped with information and
wouldn't know the good from the bad.

Thoughts ? 

This is known to be effective against spammers which use href-links in
email to verify 'live' email-addresses. It's usually highly effective if
you find something that looks like
www.some-site.com/remove_me.asp?m=email@somewhere.org

I used to get around 400 spam emails a day, so I wrote a quick script to
connect to a couple of these urls a couple of million times with
auto-generated email-addresses. Sometime during the second night of
running I kept getting connection refused and spam dropped down to
around 40 / day.

>
> Exon,
> Would you happen to have that script available?  If many people had
> access to this script it could possibly cause DDoS and severely limit
> spammers.  I would, of course, not necessarily recommend this
> particular action because of the legal implications, so I must say,
> "We could use this as a possible threat to illegal spammers".
> Thanks for the info.
>
> - -Joseph
>

Also have a look at http://freshmeat.net/projects/formflood/

About:
Web Form Flooder is a Java console utility that will analyze a Web page, complete any forms present on the page with reasonable data, and submit the data. The utility will also crawl links within the site in order to identify and flood additional forms that may be present.

Regards,

Rogan
--
Rogan Dawes

*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications", Scovetta, Michael V
Next by Date:  RE: (ip validation) Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications", Evans, Arian
Previous by Thread:  Re: Article - A solution to phishing, exon
Next by Thread:  RE: Article - A solution to phishing, Christopher Canova
Indexes:  [Date] [Thread] [Top] [All Lists]