lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Apr 2005 17:16:53 -0400
From: <matt.neeley@...ilyfeaturedproducts.com>
To: <bugtraq@...urityfocus.com>, <incidents@...urityfocus.com>
Subject: RE: Discovering and Stopping Phishing/Scam Attacks


Even if you don't get your web host to do it themselves if you use PHP you
can easily make simple scripts that perform the same function.  I'd imagine
you could do the same with ASP. net if you use that instead.

-----Original Message-----
From: Lode Vermeiren [mailto:lode@...u.cx]
Sent: Tuesday, April 26, 2005 3:51 PM
To: bugtraq@...urityfocus.com; incidents@...urityfocus.com; Randy
Subject: Re: Discovering and Stopping Phishing/Scam Attacks


On Tue, 26 Apr 2005 steven@...ebug.org wrote:
> > As we have all noticed, there has increase in the number of
phishing/scam
> > attempts via e-mail that appear to be legitimate.  Most of

> > and e-mails do not host their own images.  From what I have seen, more
> > often than not, these e-mails and websites link directly to images
hosted
> > by the legitimate website.

> > Since they are linking to the images hosted on the site they are cloning
> > -- the banking/e-commerce website could just rename their images on
> > their own webpage every so often (and update their webpages
accordingly).

Op di, 26-04-2005 te 13:13 -0700, schreef Randy:
> Seems like a maintenance nightmare waiting to happen.
>
> ~randy

Renaming the files would indeed be a maintenance nightmare, but I don't
see a reason why the webserver hosting the image can't do a referrer
check, and only serve the real images if they are being loaded from the
real domain. In all other cases they could return a "THIS IS A FAKE
PAGE" image, or perhaps even some shock site[1]

Lode

[1] please don't follow any of the links on
http://en.wikipedia.org/wiki/Shock_site
You have been warned.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ