WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Smells like a phish, is a fish?

From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Thu, 27 Oct 2005 10:34:45 +0200

Hi

But email is sent over an unencrypted link, thus any body could get hold of the link, and by entering it, get access to 
the web site's details (the account).

Something should always be kept secret, when sending logon information via email.

So I don't think it is mitigating phishing, but possibly rather a way to track their responses to the email.

Or am I understanding your statement incorrectly?

Regards
  Anton

-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf () breach com]
Sent: 27 October 2005 10:15
To: Andrew van der Stock; webappsec () securityfocus com
Subject: RE: Smells like a phish, is a fish?

...
provide you with a key in the e-mail, rather than asking for a login
might actually be a way to mitigate phishing.

Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
Previous By Date Next
Previous By Thread Next

Current thread: