funsec mailing list archives
RE: Nordea Sweden shuts Internet banking due to targeted phishing
From: Josh Daymont <jdaymont () secureworks net>
Date: Wed, 5 Oct 2005 09:54:19 -0400
No need to keep wondering -- the problem will never be "solved." That's not the point as far as the banks see it. No one ever solved traditional check fraud either, they just introduced lots of little hinderances to writing fake checks and fraudulently cashing real checks such that the problem became small enough to be written off as a cost of doing business, and passed on to the consumer either directly or indirectly. It's really tempting and egalitarian of some of us to think that user education will solve this problem; but I'd recommend trying to get people to stop giving out their internet passwords in exchange for a candy bar before seriously attempting to tackle the phishing problem with this strategy. Josh -----Original Message----- From: Blue Boar [mailto:BlueBoar () thievco com] Sent: Tuesday, October 04, 2005 8:32 PM To: Drsolly Cc: funsec () linuxbox org Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing Drsolly wrote:
Banks could fix the phishing problem if they had the incentive. It isn't bad enough yet to make them want to fix it.
I wonder whether it can be solved. The fundamental problem is that people can be tricked into going to a web site that looks like something they use, and putting in their creds. That's set of people A. You can change the legitimate site such that there is something noticably different about the legitimate site that some people can notice and pay attention to. Call this set of people B. How much intersection is there between sets A and B? BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Andreas Östling (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re[2]: Nordea Sweden shuts Internet banking due to targeted phishing Pierre Vandevenne (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)