lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0603311022420.2116@dione>
Date: Fri Mar 31 09:24:56 2006
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Subject: [HV-PAPER] Anti-Phishing Tips You Should Not
	Follow

On Fri, 31 Mar 2006, Jasper Bryant-Greene wrote:

>> Just as most of the phishing sites already do.
> Really? I thought they somehow magically knew enough about you to sign
> you in properly and display all the correct details ;)

No, but the reasonable practice would be not to alert the customer (and
have him possibly, say, panic and call the bank in question) - but rather,
display something along the lines of "Thank you for successfully verifying
your Frob Mutual account data. Bye."

/mz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ