lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44A375EC.6080900@gmail.com>
Date: Thu Jun 29 07:41:03 2006
From: schalulleke at gmail.com (Schanulleke)
Subject: Are consumers being misled by "phishing"?

n3td3v wrote:
> I believe the industry coined up "phishing" to make more money out of
> social engineering. Its obvious now that both are over lapping. Only
> the other day Gadi Evron was trying to coin up a phrase for "voice
> phishing". Why can't we cut to the chase and drop the (ph)rases and
> call it straight forward SOCIAL ENGINEERING.
n3td3v, Phishing, in my opinion, is a form of social engineering.

What I would like to refer to as phishing has as main characteristic 
that is is usually not targeted or targeted at a group (e.g. a bunch of 
yahoo users). Like spam (another form of social engineering?) phishing 
relies on volume to work. It relies on the fact that there is a sucker 
born every minute and it you ask enough people you will encounter the 
sucker. The social engineering that has a higher risk profile for me 
(and the job I have to do) is more targeted and less opportunistic in 
nature. It is a targeted attack against layer 8 of the OSI model, the human.

Phishing also has the nasty property that it exposes an organization to 
a risk that is outside the scope of the organization (the customers). 
The only thing that really helps is to educate the user. Social 
engineering against employees (like against the Yahoo helpdesk) can also 
be solved by training elements under your own control (one hopes).

Anyway my 2 cents for what they are worth.

Schanulleke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ