lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Apr 2005 22:51:21 +0200
From: Lode Vermeiren <lode@...u.cx>
To: bugtraq@...urityfocus.com, incidents@...urityfocus.com,
	Randy <rho@...net.edu>
Subject: Re: Discovering and Stopping Phishing/Scam Attacks


On Tue, 26 Apr 2005 steven@...ebug.org wrote:
> > As we have all noticed, there has increase in the number of phishing/scam
> > attempts via e-mail that appear to be legitimate.  Most of

> > and e-mails do not host their own images.  From what I have seen, more
> > often than not, these e-mails and websites link directly to images hosted
> > by the legitimate website.

> > Since they are linking to the images hosted on the site they are cloning
> > -- the banking/e-commerce website could just rename their images on
> > their own webpage every so often (and update their webpages accordingly).

Op di, 26-04-2005 te 13:13 -0700, schreef Randy:
> Seems like a maintenance nightmare waiting to happen.
> 
> ~randy

Renaming the files would indeed be a maintenance nightmare, but I don't
see a reason why the webserver hosting the image can't do a referrer
check, and only serve the real images if they are being loaded from the
real domain. In all other cases they could return a "THIS IS A FAKE
PAGE" image, or perhaps even some shock site[1]

Lode

[1] please don't follow any of the links on
http://en.wikipedia.org/wiki/Shock_site
You have been warned.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ