lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Apr  1 06:20:18 2006
From: nekramer at mindtheater.net (Nancy Kramer)
Subject: RSA HAVE CRACKED PHISHING, NO SERIOUSLY 

While I have no idea if what RSA is doing works or not but I have noticed 
the absence of  phishing emails in my in box in the last few days.  I used 
to get maybe half a dozen or more a day since I don't run spam filters. Not 
a one in the last two days.  The Ebay and Paypal emails seemed to stop 
first.  Now even the ones for banks I have never heard of are no longer 
coming in.

There must be a reason for this.  Maybe the phishers decided to take a 
vacation.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 01:20 PM 3/31/2006, Valdis.Kletnieks@...edu wrote:

>On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:
>
> > Check out this article, and I really did spill my hard earned Starbucks
> > right down my front when I looked at this article:
> > 
> http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1
>
>Given that you allegedly posted that particular response, I take it you 
>spilled
>your Starbucks in shock that somebody would claim to be you?
>
>The original article is at http://news.com.com/2100-1029-6056317.html?tag=tb
>
>In any case, it's clear that the person who posted that response has *no idea*
>how most bank's anti-fraud systems work.
>
>First off, the phishers *can't* just run through all the data they've gotten
>in just a few seconds, unless they distributed the work across a bunch of 
>botnet
>zombies - hits for more than a few dozen different accounts from the same IP
>in the same timespan are suspicious at the very least.
>
>Secondly, the phishers can currently usually be sure that the victims have
>given them reasonably good data (unless the victim is a dweeb who can't enter
>their DoB or account number correctly).  On the other hand, if the phished 
>data
>has been polluted by 90% bad data, then only 1 of 10 attempted transactions
>will succeed - and the fact that they're trying lots of different bad data 
>will
>again hopefully trigger an alert.  If you only succeed every 10th time, 
>and you
>get locked out after 3 attempts with different bad data, it's going to 
>take you
>a lot longer to figure out which ones are good and which ones are bad....
>
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>No virus found in this incoming message.
>Checked by AVG Anti-Virus.
>Version: 7.1.385 / Virus Database: 268.3.2/294 - Release Date: 3/27/2006


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.385 / Virus Database: 268.3.4/299 - Release Date: 3/31/2006

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ