funsec mailing list archives
RE: Should phishing termination be only in the real of thefor-profit?
From: "Avery Buffington" <avery.buffington () fxfn com>
Date: Fri, 14 Dec 2007 17:48:48 -0600
I actually think that you should only visit those sites from a secure isolated VM/VLAN running FF and NoScript (unless you want to get infect for analysis purposes, then do it from ff or ie in a private vlan, but I digress.
For exploring the phish, this has always worked well for me: $ alias curl='curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"' $ curl -v http://evil.phish.site It's not pretty, but it lets me see what I need to see. If I really want to see the rendered page, I use Opera under linux. I'm not convinced that malware drops and phish go hand in hand, but better safe then sorry.
On to my point: Putting in swearwords is stupid. If you are going to try and piss off phishers, but in semi-legitimate information so that they have to spend the time finding out which cards are real or not.
I know quite a few average users that think giving bogus data or insults to phish forms pollutes the dataset so it's harder for phishers to glean real data. I disagree because I doubt phishers are manually going thru the data. -avery _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Should phishing termination be only in the real of the for-profit? Alex Eckelberry (Dec 14)
- RE: Should phishing termination be only in the real of thefor-profit? Alex Eckelberry (Dec 14)
- Re: Should phishing termination be only in the real of the for-profit? Dude VanWinkle (Dec 14)
- RE: Should phishing termination be only in the real of the for-profit? Alex Eckelberry (Dec 14)
- RE: Should phishing termination be only in the real of thefor-profit? Avery Buffington (Dec 14)