lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <003f01c5a548$a34a6fc0$6600a8c0@kpllaptop>
Date: Sat, 20 Aug 2005 15:33:04 +1000
From: "Lyal Collins" <lyal.collins@...2it.com.au>
To: "'Bjorn Borg'" <bjorn.brg@...il.com>,
	<bugtraq@...urityfocus.com>, <focus-virus@...urityfocus.com>,
	<focus-ms@...urityfocus.com>, <honeypots@...urityfocus.com>,
	<pen-test@...urityfocus.com>, <security-basics@...urityfocus.com>,
	<security-management@...urityfocus.com>,
	<forensics@...urityfocus.com>, <webappsec@...urityfocus.com>,
	<secureshell@...urityfocus.com>
Subject: RE: anti-phishing implementation


There is another strategy that the industry has almost totally ignored -
allow the recipient to verify the sender's identity.  Not verifed -> delete
the email.
This does not mean S/MIME, PGP or added email headers etc, but may also use
those techniques as well.
It means the sender and recipient can trust each other that the email they
send each other, and thus can treat all other email as suspect.
In the distributed internet, this would probably be best implemented in
selected gateways that authenticate senders, so the trust is
gateway-recipient, rather than the more complex sender-recipient, sicne the
former scenario has less trust paths than the latter.

This needs no databases, and no arms race of trying to keep up with spammers
tools.

Lyal



-----Original Message-----
From: Bjorn Borg [mailto:bjorn.brg@...il.com] 
Sent: Friday, 19 August 2005 11:30 PM
To: bugtraq@...urityfocus.com; focus-virus@...urityfocus.com;
focus-ms@...urityfocus.com; honeypots@...urityfocus.com;
pen-test@...urityfocus.com; security-basics@...urityfocus.com;
security-management@...urityfocus.com; forensics@...urityfocus.com;
webappsec@...urityfocus.com; secureshell@...urityfocus.com
Subject: anti-phishing implementation


Hi everyone,

I just started to develop an anti-phishing tool for my thesis.

The tool should have two tasks. First one is to detect and prevent known
attacks from web-based and POP3 emails. Second is to analyze emails' content
to identify unknown phishing email and spoofed link.

To make the first task work, I need a full database of known phishing
emails, links. Anybody know where I can get this database?

I really appreciate any suggestion about how to make this tool work,
sources,...

Many thanks,

Bjorn
Kungliga Tekniska Hogskolan, Stockholm, Sweden



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ