funsec mailing list archives
Re: The end of Phishing in sight?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 18 Oct 2005 10:35:50 +1300
Jim Murray wrote:
In this age of bot-riddled machines, will this really raise the bar that much?
Of course not.
I fear we'll see a temporary lull while the phishers adapt followed by a massive wave of 'impossible' fraud when they figure out how to beat the system.
Yep -- temporary probably equals a few weeks. The real art of making such a prediction though is guesstimating at what level of adoption, within each institution, the phishers will "feel the bite" and "be forced" to bite back.
Anyone care to bet how long it'll be till we see the first 'resynchronise your token' trojan being sent out?
Very shortly after the phishers feel the bite... This is the guts of why SPF _and all other weak "sender authentication" schemes_ suck so badly as anti-spam measures -- initial adoption seems to be greatly beneficial because so little current spam is SPF- compliant, but absolutely trivial changes to the masses of spam-bots out there can render them all fully SPF/etc-compliant, making SPF/etc _totally useless_ as anti-spam measures "overnight" (the update cycle of the spambots). Of course, few banking customers will trust the tokens once they are perceived to be broken so the phishers will probably rack up the level of fraud per incident once they start targetting such systems because the value of each catch will be much greater. Then, all the gullible, "too stupid to own a computer" types will go back to visiting the branches in person and the world will be a better place... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The end of Phishing in sight?, (continued)
- Re: The end of Phishing in sight? Chris Buechler (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Message not available
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Chris Buechler (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 18)
- RE: Re[4]: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Dave Dennis (Oct 18)
- Re: The end of Phishing in sight? Craig Webster (Oct 18)
- RE: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- RE: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 17)