Bugtraq mailing list archives
Re: New whitepaper "The Phishing Guide"
From: Seth Arnold <sarnold () immunix com>
Date: Thu, 23 Sep 2004 12:21:40 -0700
On Thu, Sep 23, 2004 at 09:57:03AM -0500, Aleksandar Milivojevic wrote:
Sometimes it's unbelivable how long it takes organizations to discover that email can be signed. Especially nowdays when all major mail readers have support for at least S/MIME (and the really good ones have support for at least PGP ;-) ).
DE09D78D 888D09A3 18C4ED82 DA081DD1 4CE06F00 CC3D9213 23BDC6F9 Methinks PGP is good for talking within friends, but perhaps trusting communications from J. Random Corporation with PGP as your best means of verification is a stretch. The Web Of Trust idea only takes you so far in combating these problems -- I've heard anecdotal evidence that someone has replicated the entire "Web Of Trust" graph with identical uids on keys of EFF members. If one starts the search from the desired key and searches until finding a plausible name, one is doomed. One must return to one's own key -- AND have faith that everyone in the middle played fairly. http://www.internetnews.com/dev-news/article.php/721571 Even the best-known X.509 Certification Agency has made screwups regarding one of the best-known publicly traded corporations. How hard do you think it would be to get certificates for something that sounds plausibly like a bank? Credit card company? Cryptography is good at solving many problems. But it is not a magical problem solver. End users still need to be educated. Your guess is as good as mine if we'll make progress on the "don't give information to people who ask for it" front. :)
Attachment:
_bin
Description:
Current thread:
- New whitepaper "The Phishing Guide" Gunter Ollmann (NGS) (Sep 22)
- Re: New whitepaper "The Phishing Guide" Aleksandar Milivojevic (Sep 23)
- Re: New whitepaper "The Phishing Guide" Seth Arnold (Sep 24)
- Re: New whitepaper "The Phishing Guide" Aleksandar Milivojevic (Sep 27)
- Re: New whitepaper "The Phishing Guide" Greg A. Woods (Sep 27)
- Re: New whitepaper "The Phishing Guide" Crispin Cowan (Sep 28)
- Re: New whitepaper "The Phishing Guide" Seth Arnold (Sep 24)
- Re: New whitepaper "The Phishing Guide" Daniel Veditz (Sep 26)
- Re: New whitepaper "The Phishing Guide" Chip Andrews (Sep 27)
- Re: New whitepaper "The Phishing Guide" Philip Stoev (Sep 29)
- Re: New whitepaper "The Phishing Guide" Juraj Bednar (Sep 28)
- Re: New whitepaper "The Phishing Guide" Brian Dessent (Sep 28)
- Re: New whitepaper "The Phishing Guide" Aleksandar Milivojevic (Sep 23)
- Re[2]: New whitepaper "The Phishing Guide" Karsten Heidrich (Sep 28)
- <Possible follow-ups>
- RE: New whitepaper "The Phishing Guide" Dehner, Benjamin T. (Sep 25)