lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat Apr  1 00:53:35 2006
From: n3td3v at gmail.com (n3td3v)
Subject: n3td3v group slams RSA for encouraging illegal
	anti-phishing tactics

Round-up:

"But do you remmeber back to the Make love not spam saga? Yeah, the big
players tried to "attack" the bad guys and look were they ended up. You, by
attacking anything, forwhatever reason, with the same method as the
attacker, could land you in jail. While with your attack you may lock up
phishers in coordination with banks, the phishers lawyers could also claim
by law, that the anti-phishing site was also breaking the law by flooding a
database, even if the database is malicious or otherwise legitmate."

"With this in mind, are the RSA say its OK to DDoS fake login pages that the

public think are phishing sites with fake information to take the phishing
sites down? Or maybe the RSA didn't think too far into it before making
their "illegal tactics" public. I guess nobody in the industry learned from
makelovenotspam.com and the whole Lycos affair."

"Well, Chris, it looks to me by the RSA publishing this information that
they
are encouraging anyone with a botnet to send thousands of bogus queries to a

web form, which would crash a mail server or database, which belonged to a
company, that the phishers had previously hacked and the company was
previously unaware was being used in a phishing attempt. So now it seems the

RSA are sending out information about their activities, which could
infulence scriptkids/ hackers etc who own large bot nets to attack anything
they see as a "phish". Although, just by individuals of the public sending a

single query per user to a phish login form, could cause the same affect as
a malicious users bot network."

The above is in response to
http://news.com.com/2100-1029-6056317.html?tag=tb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060401/021b9ff1/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ