funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nordea Sweden shuts Internet banking due to targeted phishing

From: jm () jmason org (Justin Mason)
Date: Wed, 05 Oct 2005 15:31:32 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Florian Weimer writes:

* Justin Mason:


- Adam Shostack's _Preserving the Internet Channel Against Phishers_,
  http://www.homeport.org/~adam/phishing.html , in which he gives
  4 simple steps that *will* fix the problem.


What is the problem?  "Phishing" or online fraud?


Well, yes, that is a key question.   And to quote the message I was
responding to:

Blue Boar writes:

Drsolly wrote:

Banks could fix the phishing problem if they had the incentive. It isn't 
bad enough yet to make them want to fix it.


I wonder whether it can be solved.  The fundamental problem is that 
people can be tricked into going to a web site that looks like something 
they use, and putting in their creds.  That's set of people A.  You can 
change the legitimate site such that there is something noticably 
different about the legitimate site that some people can notice and pay 
attention to.  Call this set of people B.  How much intersection is 
there between sets A and B?


Note: "phishing" ;)

If you want to solve all forms of online fraud, in general, *as well as*
phishing, good on ya.  That'll take a bit longer.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDRFREMJF5cimLx9ARAjYdAJ98Yb9V2ziPslcKmXNCVnEnjaHQDQCfVFOh
ZAEbGIMk3kOTIvuIIjhUpg0=
=qCW6
-----END PGP SIGNATURE-----

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: