Security Basics mailing list archives

RE: Anti-Phishing with digital watermarking

From: "Matt Flynn" <mflynn () netvision com>
Date: Fri, 26 Sep 2008 17:48:59 -0400


I can't imagine a scenario where someone would create a fake site and not
look at it at least once in a browser before sending out 1000 emails to
potential victims.

If the obfuscated code did something like check the domain and notify the
site owner without any clear indicators on the page, I think someone
code-copying would be more likely to leave it in and/or not notice it.  If
the obfuscated code also was responsible for some core piece of content or
visible indicator (like a date/time stamp with a logo behind it that might
be otherwise difficult to recreate) the phisher is even more likely to leave
the code alone.

But, if the script were to somehow blow-up the page or indicate that it was
not the real site, it would be caught by the phisher before production,
which makes it's pretty useless.




-----Original Message-----
From: Umil [mailto:umil () hotmail com] 
Sent: Friday, September 26, 2008 5:41 PM
To: Ron; Razi Shaban
Cc: mflynn () netvision com; security-basics () securityfocus com
Subject: Re: Anti-Phishing with digital watermarking

But I don't think would hurt if this is added.  If they remove it, that
"notification" is gone and we are back to other controls we have.  If they
don't remove it, we have something valuable, don't you think?
----- Original Message -----
From: "Ron" <ron () skullsecurity net>
To: "Razi Shaban" <razishaban () gmail com>
Cc: <mflynn () netvision com>; <security-basics () securityfocus com>
Sent: Friday, September 26, 2008 1:04 PM
Subject: Re: Anti-Phishing with digital watermarking

Razi Shaban wrote:

On Fri, Sep 26, 2008 at 10:42 PM, Matt Flynn <mflynn () netvision com>
wrote:
True, but the majority of phishers simply copy the HTML code whole 
from the original site, with very few modifications. I've seen 
phishers who even leave comments in HTML code. Even those who modify 
the HTML usually do not modify the .js files, if you put the 
obfuscation in another .js that is used to run something or another, 
I highly doubt any phishers will notice.

--
Razi Shaban


I disagree; I expect that, if nothing else, the phishers at least 
*look* at the page they copied, at which point they'd notice and remove

it.

Ron

Current thread:

Anti-Phishing with digital watermarking Alcides (Sep 26)
- RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
  - Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
    - Re: Anti-Phishing with digital watermarking Ron (Sep 26)
    - Re: Anti-Phishing with digital watermarking Umil (Sep 26)
    - RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 29)
  - Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 29)
    - Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 29)
    - Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)
    - Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
    - Re: Anti-Phishing with digital watermarking Ryan Greenier (Sep 30)
    - Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
    - Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)
    - Message not available
    - Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)

(Thread continues...)