WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Proposal to anti-phishing

From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Sun, 16 Jan 2005 18:03:07 +1100


-----Original Message-----
From: Rogan Dawes [mailto:discard () dawes za net] 
Sent: Saturday, 15 January 2005 3:05 AM
To: Rafael San Miguel
Cc: webappsec () securityfocus com; Enrique.Diez () dvc es
Subject: Re: Proposal to anti-phishing


[snip]

Please take a look at the thread that starts
http://seclists.org/lists/webappsec/2004/Oct-Dec/0291.html

and especially <http://seclists.org/lists/webappsec/2004/Oct-Dec/0347.html>
where I explain why I believe SSL client certificates are really the 
only practical solution to preventing phishing.

[snip]
Well, there may be one other good option to stop phishing.
If emails could be positively identified as coming from a customer's bank,
then they could ignore those that don't authenticate as spam/phishing/fraud.

Then if your bank doesn't provide this capability, you may decide to change
to a bank that does provide authenticated, secured email comunications with
its customers.

Ltal
Previous By Date Next
Previous By Thread Next

Current thread: