WebApp Sec mailing list archives
RE: Phishing
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Thu, 13 May 2004 10:55:05 +0100
This is the most workable of all ideas I think, it would certainly draw peoples attention to the fact that the submission was a little bit iffy. Whether this would then prompt them not to continue or indeed whether the message could be clearer in its explantation of what is going on is less likely. It may also be that as authentication on a URL is possibly an advanced feature, it could be off by default, and explicitly turned on by the user who understands what the resultant addresses look like and would therefore be better educated to spot things like this. Protecting the user with default config is possibly the way to go with this. However, as without Outlook, I'd occasionally like override this. For example, to open the Word doc that my colleague has sent from across the room and not be told it can't ever be done. Ian -----Original Message----- From: Rogan Dawes [mailto:discard () dawes za net] Sent: Thu 13/05/2004 07:42 To: Griffiths, Ian Cc: webappsec () securityfocus com Subject: Re: Phishing "You have clicked a link to 'nefarious.fraud.net', with username 'secure.bank.com' and password '********'. Do you want to continue? Ask me next time (x)" I guess this could be a password dialogue, with the username and password filled in, similar to the current basic auth password dialogs.
Current thread:
- RE: Phishing Sarah Elan (May 12)
- RE: Phishing Shivangi Nadkarni (May 12)
- RE: Phishing Zoso (May 13)
- <Possible follow-ups>
- RE: Phishing Rohrer, Mark E (May 12)
- RE: Phishing Griffiths, Ian (May 12)
- Re: Phishing Rogan Dawes (May 13)
- RE: Phishing Adam Lydick (May 14)
- Re: Phishing E.Kellinis (May 15)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Michael Silk (May 13)
- Re: Phishing Amit Sharma (May 13)
- Re: Phishing Amit Sharma (May 13)
- RE: Phishing Pete Simpson (May 13)
- RE: Phishing Griffiths, Ian (May 14)
- RE: Phishing Adam Lydick (May 15)
- RE: Phishing Damon McMahon (May 15)
- RE: Phishing Shivangi Nadkarni (May 12)