Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow

From: Valdis.Kletnieks () vt edu
Date: Fri, 31 Mar 2006 11:56:32 -0500
On Fri, 31 Mar 2006 21:14:58 +1200, Jasper Bryant-Greene said:

Marcos Agüero wrote:

Jasper Bryant-Greene escribió:

Seriously though, it wouldn't be that hard to forward the POST on to the
real bank website, would it?

I think so, but would be very easy to detect. Logs would show lots of
diferent user logging in from the same IP Address.


Phishing scams are public in nature. They aren't trying to avoid 
detection :) and the IP address would of course be spoofed.


http is a TCP connection, so you'd have to get through the 3-packet handshake.
The vast majority of machines now implement RFC1948, so it's not that easy to
do anymore....

(It's doable by somebody with sufficient technical ability - but if you're
*that* good, why you wasting time running a phishing scam?)

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: