Security Basics mailing list archives
Re: Anti-Phishing with digital watermarking
From: "Ryan Greenier" <rgreenier () gmail com>
Date: Tue, 30 Sep 2008 13:22:44 -0400
I'd HIGHLY disagree with it being closer to 100% unreliable than reliable. Most of the phishing attacks against institutions that my company provides service for are copy/paste type deals leaving all kinds of other info on there that is unrelated to what the attackers are trying to accomplish (such as stats, etc). Shoot, they even leave the javascript in there that determines the user's browsing experience. Those alone could be triggers if programmed differently/watched. I agree it's not really a quote unquote security measure and you should have other safe guards in place, but if it succeeds even 1% of the time in notifying you before users start being victimized, it's worth the hour or so it takes you to implement IMHO. - Ryan On Mon, Sep 29, 2008 at 19:06, Ansgar Wiechers <bugtraq () planetcobalt net> wrote:
On 2008-09-30 Razi Shaban wrote:Which, of course, is totally unreliable (and thus utterly pointless as a security measure), because you make way too much assumptions (client has JavaScript enabled, phisher doesn't check the used website for phone- home code, phisher uses the original website in the first place, ...).So because it is not 100% reliable, we shouldn't use it?I'd say it's closer to 100% unreliable than to 100% reliable. But even if it isn't, how do you calculate the chances? You just have too many variables. You noticed the word "security" in this mailinglist's name? What makes you think a measure of questionable reliability could possibly count as a security measure? Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html
Current thread:
- Re: Anti-Phishing with digital watermarking, (continued)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
- Re: Anti-Phishing with digital watermarking Ron (Sep 26)
- Re: Anti-Phishing with digital watermarking Umil (Sep 26)
- RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 29)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 29)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
- Re: Anti-Phishing with digital watermarking Ryan Greenier (Sep 30)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)