RE: Anti-Phishing with digital watermarking

["Matt Flynn" <mflynn () netvision com>]

This only works if the Phishing site is passing through the content of the
original site (like some Man-In-The-Middle attacks).  

It's very easy to just re-build the HTML of a site so that you're not
passing the code through.  I have to think that anyone that can spoof
another site knows to test their new fake site.  When they see that the
javascript blows up, they'll just remove or fix it.

I don't see that as much of a solution, but interesting nonetheless.  I
considered doing something like that when my blog content was being stolen
via RSS feeds (a more pracitcal use of that approach).



Matthew Flynn
Director of Marketing & Strategy
NetVision
732 769 2351 o
732 616 8749 m
801 770 3808 f
mflynn () netvision com


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Alcides
Sent: Friday, September 26, 2008 8:04 AM
To: security-basics () securityfocus com alc
Subject: Anti-Phishing with digital watermarking

Hi All,

Recently came across some interesting text while reading about anti-phishing
techniques, that can be implemented server-side.
-----------------<snip>------------------------------------
If we insert something like obfuscated java-script in the original website
[which alerts us when run under any URL other than the authentic] we can get
alerted against these attacks.
-----------------<snip>------------------------------------

Wish to know more on the subjects. May be few sample codes. Googled around
quite a lot but it looks tough to find anything closer to practical
possibilities.
Any help, links, pointers including free/ commercial options all welcome.

Thanks a lot.

Cheers!