lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Mar 31 23:46:11 2006
From: steven at lovebug.org (Steven)
Subject: Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY

Well I think they took a pretty neat and somewhat unique approach to the 
whole thing.  I don't think the claim to have thought of some groundbreaking 
perfect solution to stop phishers.  However, they are combing through over a 
billion e-mails a day and looking for a phishing sites.  They've tied 
themselves into some top vendors and are working to get the sites shut down. 
They are actually making calls and sending e-mails that have been translated 
appropriately.  On top of that they are flooding the sites with bogus 
information.  How exactly they are doing that.. I don't know.  Are they 
using different sessions and IP addresses for each bogus request they send? 
Are they typing in gibberish or stuff that appears completely legit?  As 
many of us know, credit card numbers can instantly be checked to see if they 
are even a valid number before you even go through the process of verifying 
expiration, zip code, cvv, or anything else.  Is this company actually 
taking credit card numbers that could potentiallity be legit account numbers 
and inserting them?  If not then it would be only take seconds to sort 
through hundreds of fake and real account numbers.

Anyway -- I am not sure how they are doing everything, but they are taking a 
better approach than many.  Maybe some of the boneheads lurking about this 
mailing list and reply back and let us know if they've been thwarted by this 
company in any way. :-)

Steven

----- Original Message ----- 
From: "ducki3" <duckie37@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, March 31, 2006 5:04 PM
Subject: [Full-disclosure] Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY


> In any case, it's clear that the person who posted that response has *no
> idea*
> how most bank's anti-fraud systems work.
>
> First off, the phishers *can't* just run through all the data they've
> gotten
> in just a few seconds, unless they distributed the work across a bunch of
> botnet
> zombies - hits for more than a few dozen different accounts from the same
> IP
> in the same timespan are suspicious at the very least.
>
> Secondly, the phishers can currently usually be sure that the victims have
> given them reasonably good data (unless the victim is a dweeb who can't
> enter
> their DoB or account number correctly).  On the other hand, if the phished
> data
> has been polluted by 90% bad data, then only 1 of 10 attempted
> transactions
> will succeed - and the fact that they're trying lots of different bad data
> will
> again hopefully trigger an alert.  If you only succeed every 10th time,
> and you
> get locked out after 3 attempts with different bad data, it's going to
> take you
> a lot longer to figure out which ones are good and which ones are bad....


Consider that some of these fake accounts could also be used as Honey keys.
They would of course have to work in conjunction with the banks /
sites to utilize this.

It would be rather difficult for a phisher to sort through thousands
of Id's when IP addresses keep getting shut off based on a Honey Key.

You would have to own a lot of BOTs and a lot of patience.


Duck

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ