WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mitm new?

From: Nick Owen <nowen () wikidsystems com>
Date: Fri, 18 Aug 2006 11:47:51 -0400
Jeff Robertson wrote:

Why are man-in-the-middle phishing sites suddenly talked about as a
"new" threat, as if there was rocket science involved?

For instance
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs
_2factor_1.html

These things are basically proxies, which are as old as the web. Why
does it surprise anyone to see these combined with phishing? (Then
again, I still haven't figured out why phishing as we know it didn't
"take off" circa 1994)

Jeff Robertson


Perhaps:  new regulation + vendor marketing + need to sell ads + old
attacks = news? :).

I think that the escalating sophistication of attacks is of interest,
even if predictable.  The lack of detail in reporting and discussion of
suitable preventive measures, etc is another story, vis-a-vis about
blogging vs. reporting.

nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: