lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <bf68260705021401326ec6dbad@mail.gmail.com>
Date: Mon, 14 Feb 2005 10:32:31 +0100
From: Stian Øvrevåge <sovrevage@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: The ultimate solution to phising


     The ultimate solution to phising
          Stian Ovrevage - 2005
        <stian.ovrevage@...il.com>

Phising  is becomming one of the big problems in
the beginning of the  21 century. Phising is the
act  of  pretending  to be  someone  else  while
trying  to  extract sensitive  information  from
innocent  users.  Much  like a  famous  european
football  player was lured  into  admitting that
he  did not  like  his  current team.  Believing
he  spoke  to a  manager  on another  team,  his
very   private  oppinion   was  broadcasted   to
thousands  of  radio-listeners. This  shows  how
easily people can be convinced.

I  believe  that  if  I   were  to  call  up  50
costumers of my local bank. Ask for
their Visa card number, pin and expiration date.
That I (hopefully) would  not get any responses.
This  is the  mentality  computer  users has  to
adopt. Anyway, that is enough for an 
introduction, lets cut to the chase.


1. The solution to phising?

With  firm believe  of a  world of  forgiveness,
and  awareness of  the risk  of total  ridicule,
I propose my solution to phising:

Stop clicking _any_ hyperlinks, going somewhere?
_Type_  the  address  into   the  addressbar  of
your   browser.   Don't  use   your   favorites.
And never ever click on  hyperlinks recieved in 
e-mails!

/*  No-click actually only  applies  to external
sources, but  the whole problem  with phising
is that  the average user cannot  decide whether
XYZ is an trusted or untrusted source, no matter
how legitimate it might look. So allowing for a
mental loophole of this rule will prove fatal */
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ