| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40140614.20040926163513@heidrich-da.de>
Date: Sun, 26 Sep 2004 16:35:13 +0200
From: Karsten Heidrich <karsten@...drich-da.de>
To: Aleksandar Milivojevic <amilivojevic@....ca>
Cc: bugtraq@...urityfocus.com
Subject: Re[2]: New whitepaper "The Phishing Guide"
All,
it is true that many problems in the Phishing area would be eliminated
by using e.g. S/MIME or other trusted signature mechanisms.
That is only provided customers and the casual internet user know how
to work with it. I strongly doubt that much will change for at least
the next 5 to 7 years. The knowledge of the users has to change; and
that - unfortunately - is a slow and winding path.
Just imagine your grandmother trying to verify S/MIME or PGP. Have
fun.
Thursday, September 23, 2004, 4:57:03 PM, you wrote:
AM> Gunter Ollmann (NGS) wrote:
AM> [snip]
>> While the Phishers
>> develop evermore sophisticated attack vectors, businesses flounder to
>> protect their customers' personal data and look to external experts for
>> improving email security. Customers too have become wary of "official"
>> email, and organisations struggle to install confidence in their
>> communications.
AM> Sometimes it's unbelivable how long it takes organizations to discover
AM> that email can be signed. Especially nowdays when all major mail
AM> readers have support for at least S/MIME (and the really good ones have
AM> support for at least PGP ;-) ).
--
Regards
Karsten
Download attachment "smime.p7s" of type "application/pkcs7-signature" (1296 bytes)
Powered by blists - more mailing lists