Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Discovering and Stopping Phishing/Scam Attacks

From: Rainer Duffner <rainer () ultra-secure de>
Date: Thu, 28 Apr 2005 21:01:33 +0200
Dave Greer wrote:


Here is a scenario -

Victim connects to Fake.com
Fake.com prompts for username/password
Fake.com connects to Real.com, enters username/password, recieves Third Field
Fake.com presents Third Field to Victim
Victim enters Third Field

That seems like a reasonable scenario




There have already been ebay-fakes that did this.
You couldn't enter fake credentials into their scam-site - it verified if login/password worked. 



cheers,
Rainer

--
===================================================
~     Rainer Duffner - rainer () ultra-secure de     ~
~           Freising - Munich - Germany           ~
~    Unix - Linux - BSD - OpenSource - Security   ~
~  http://www.ultra-secure.de/~rainer/pubkey.pgp  ~
===================================================


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: