| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44914FD7.30813.64B4B8FC@nick.virus-l.demon.co.uk> Date: Thu Jun 15 01:18:47 2006 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Phishing and Spammers Michael Weinert to Cardoso: > > A simple SQL query can delete all records from the same IP/machine, if > > the counter is above 2. You think most (some?) spammers use SQL servers to store their stolen identity data? I've only ever seen scripted Email, other folks' formmail and plain text file on the hosting server... > Ha, you think phisher are that smart? I for myself hit the button > only once with fake credentials from my dynamic IP. > If everybody does it... Well... Well, more phishers will implement LUHN checks and other more advanced forms of sanity checking we already occasionally see to weed out the fakers. The truly dumb phishers will lose out for a while, then someone smarter who'd rather not get caught for phishing-type fraud will make a kit that does the smart stuff the smart phishers have been doing for a while and make a bundle selling this kit to the dumb phishers who want to get back into the business... Ohhh, and I believe there are already commercial operations that offer distributed, automated fake form-stuffing (among other things) as part of their "anti-phishing" services (and some of them may have filed patents on (variations of) this idea). Regards, Nick FitzGerald
Powered by blists - more mailing lists