lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Mar 31 19:20:13 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: RSA HAVE CRACKED PHISHING, NO SERIOUSLY 

On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:

> Check out this article, and I really did spill my hard earned Starbucks
> right down my front when I looked at this article:
> http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1

Given that you allegedly posted that particular response, I take it you spilled
your Starbucks in shock that somebody would claim to be you?

The original article is at http://news.com.com/2100-1029-6056317.html?tag=tb

In any case, it's clear that the person who posted that response has *no idea*
how most bank's anti-fraud systems work.

First off, the phishers *can't* just run through all the data they've gotten
in just a few seconds, unless they distributed the work across a bunch of botnet
zombies - hits for more than a few dozen different accounts from the same IP
in the same timespan are suspicious at the very least.

Secondly, the phishers can currently usually be sure that the victims have
given them reasonably good data (unless the victim is a dweeb who can't enter
their DoB or account number correctly).  On the other hand, if the phished data
has been polluted by 90% bad data, then only 1 of 10 attempted transactions
will succeed - and the fact that they're trying lots of different bad data will
again hopefully trigger an alert.  If you only succeed every 10th time, and you
get locked out after 3 attempts with different bad data, it's going to take you
a lot longer to figure out which ones are good and which ones are bad....



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060331/d73a0255/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ