Full Disclosure mailing list archives
Re: simple phishing fix
From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Tue, 29 Jul 2008 15:49:37 -0400 (EDT)
On Tue, July 29, 2008 2:31 pm, Glenn.Everhart () chase com wrote:
You might eliminate phishing but there are occasionally messages from people at these institutions also. This sort of thing is in essence allowing phishers a denial of service attack against anyone they choose to make themselves a nuisance with. I am not well pleased with any bank authentication I have seen so far personally; seems to me finance-related messages should be authenticated both ways and preferably a confirming authentication to demonstrate the subject agrees with the transaction should be done before such are accepted. That kind of thing would be hard to spoof and if done right pretty useless to someone who could record entire transactions. As for email, judge by its content. This posting for example will do nothing to your money, sells you nothing. Nor does it ask any information of you. If it were spoofed it would be harmless. Glenn Everhart
But it is from Chase.... and nothing good comes from Chase ;-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: simple phishing fix, (continued)
- Re: simple phishing fix Nick FitzGerald (Jul 30)
- Re: simple phishing fix Peter Besenbruch (Jul 30)
- Re: simple phishing fix Robert Holgstad (Jul 30)
- Re: simple phishing fix blah (Jul 30)
- Re: simple phishing fix Exibar (Jul 30)
- Re: simple phishing fix Dragos Ruiu (Jul 30)
- Re: simple phishing fix Exibar (Jul 30)
- Re: simple phishing fix Dragos Ruiu (Jul 30)
- Re: [inbox] Re: simple phishing fix Exibar (Jul 30)
- Re: simple phishing fix Randal T. Rioux (Jul 29)
- Re: simple phishing fix Peter Besenbruch (Jul 29)