lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Feb 2005 10:32:31 +0100 From: Stian Øvrevåge <sovrevage@...il.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: The ultimate solution to phising The ultimate solution to phising Stian Ovrevage - 2005 <stian.ovrevage@...il.com> Phising is becomming one of the big problems in the beginning of the 21 century. Phising is the act of pretending to be someone else while trying to extract sensitive information from innocent users. Much like a famous european football player was lured into admitting that he did not like his current team. Believing he spoke to a manager on another team, his very private oppinion was broadcasted to thousands of radio-listeners. This shows how easily people can be convinced. I believe that if I were to call up 50 costumers of my local bank. Ask for their Visa card number, pin and expiration date. That I (hopefully) would not get any responses. This is the mentality computer users has to adopt. Anyway, that is enough for an introduction, lets cut to the chase. 1. The solution to phising? With firm believe of a world of forgiveness, and awareness of the risk of total ridicule, I propose my solution to phising: Stop clicking _any_ hyperlinks, going somewhere? _Type_ the address into the addressbar of your browser. Don't use your favorites. And never ever click on hyperlinks recieved in e-mails! /* No-click actually only applies to external sources, but the whole problem with phising is that the average user cannot decide whether XYZ is an trusted or untrusted source, no matter how legitimate it might look. So allowing for a mental loophole of this rule will prove fatal */ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists