lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 19 Aug 2005 23:47:31 +0200
From: Bjorn Borg <bjorn.brg@...il.com>
To: Mads Rasmussen <mads@...ncs.com.br>
Cc: Grupo de Trabalho em Segurança de Redes <gts-l@....registro.br>,
	andre.ludwig@...il.com, andre.correa@...ox.com,
	docbook.xml@...il.com, osegal@...chfire.com,
	bugtraq@...urityfocus.com, focus-virus@...urityfocus.com,
	honeypots@...urityfocus.com, security-basics@...urityfocus.com,
	security-management@...urityfocus.com, webappsec@...urityfocus.com
Subject: Re: [Fwd: anti-phishing implementation]


Hi everybody,

Thanks for your replies!!!

I have tried to find information from Netcraft, Earthlink's website,
but no fraud link database is available there. Anti-Phishing Working
Group has a nice archive but not sufficient
(http://www.antiphishing.org/phishing_archive.html).

My intention, unlike Netcraft, Earthlink toolbar, is to make the tool
stand-alone as an anti-virus utility. It would capture packets at IP
layer and filter HTTP, POP3 packets to analyze phishing
vulnerabilities so that the tool can work no matter browsers or mail
clients users are using. By working at lower layer, it may have
abilitiy to detect pharming attacks for later works. People,
suggestions, please?
 
Here are other tools I have gone over: 
www.callingid.com
www.phishing.net

Bruce Schneier's blog:
http://www.schneier.com/cgi-bin/search/search.pl?Terms=phishing&Realm=blog

Best Regards,

Bjorn
MSc. student in Information and Communication System Security
DSV Department, KTH, Stockholm, Sweden
Mobile: +46 762 07 3465
bjorn.brg@...il.com

On 8/19/05, Mads Rasmussen <mads@...ncs.com.br> wrote:
> 
> Could anyone from the list help Bjorn with his thesis?
> 
> Request a confirmation from him before sending information, must
> identify whether he is a Phd student from the postulated university or not.
> 
> Regards,
> 
> Mads
> 
> -------- Original Message --------
> Subject:        anti-phishing implementation
> Date:   Fri, 19 Aug 2005 15:29:52 +0200
> From:   Bjorn Borg <bjorn.brg@...il.com>
> To:     bugtraq@...urityfocus.com, focus-virus@...urityfocus.com,
> focus-ms@...urityfocus.com, honeypots@...urityfocus.com,
> pen-test@...urityfocus.com, security-basics@...urityfocus.com,
> security-management@...urityfocus.com, forensics@...urityfocus.com,
> webappsec@...urityfocus.com, secureshell@...urityfocus.com
> 
> 
> 
> Hi everyone,
> 
> I just started to develop an anti-phishing tool for my thesis.
> 
> The tool should have two tasks. First one is to detect and prevent
> known attacks from web-based and POP3 emails. Second is to analyze
> emails' content to identify unknown phishing email and spoofed link.
> 
> To make the first task work, I need a full database of known phishing
> emails, links. Anybody know where I can get this database?
> 
> I really appreciate any suggestion about how to make this tool work, sources,...
> 
> Many thanks,
> 
> Bjorn
> Kungliga Tekniska Hogskolan, Stockholm, Sweden
> 
> 
> --
> Mads Rasmussen
> Security Consultant
> Open Communications Security
> +55 11 3345 2525
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ