lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0606290709050.30125-100000@linuxbox.org>
Date: Thu Jun 29 15:42:32 2006
From: ge at linuxbox.org (Gadi Evron)
Subject: Are consumers being misled by "phishing"?

YES! (just responding to the subject line. Gather that, eh? Consumers are
misled by phishing! Wow!

> Kiddie flaming mood?

It happens. I will get tired after this post (most likely).

> Its not about being annonying, its about misleading the consumer with
> catch phrases to describe social engineering.

Dude, dudette or dudes.. almost nothing in security is new. Did you know
there was encryption 2000 years ago, or that there were file system
permissions back with mainframes?

Everything is derived from something. ATM frauds, stock running, etc. are
all basically cons, crimes, break-ins, etc.

What do you call a kid stealing your purse?

> > I guess when the annual revenuw from phishing for the mafia gets to 2
> > Billion USD, things get their own names.

> There are a million books on phishing in borders book store, if the
> phishing phrase hadn't been coined, a lot of people wouldn't be
> millionaires right now.

There is 1. Okay, maybe there are a couple I missed, attack me on that.

> They brought in "phishing" in 2003. The actual act of phishing had

Nope, we had 419's a.k.a. Nigerian Scams. Similar? yes.

> create a multi million pound market for each technique of social

Interesting you should say Pound, in the UK the losses from phishing are
significant. Very significant. If the banks feel they can control their
risk by hiring some consultancy to reduce it, well, what's the problem?

> been introduced, websense etc will start honey pot haresting hundreds
> of voice phishing reports, although these attacks have been around for

Someone calling you on the phone and trying to con you? Yep, happens tons.

Show me one phone phishing from years ago and I will eat any hat you like.
Show me more than one and I will eat 2 hats.

What about CC fraud? Surely it's the SAME as phishing, right. Busses are
trucks are basically cars too, right? :)

> > Thing is, I didn't term "Vishing". Wish I did, it's cute and to the
> > point. Let call it a sym link to "Phishing +phone". Let me tell you
> > a short story, though. It's about arguing on the colour of bits.

> Its cute for the multi million dollar corporations. Pretend new
> threat, pretend new technique.

Pretend, you sure use that a lot.

> The multi millions will start harvesting voice phishing reports now in
> their hundreds to create a new sense of attack wave, like they did
> with the original phishing term.

Just one of your repetitions. That kind of TV advertisement haven't worked
since the 1950's.

> All the new "voice phishing for dummies books" will be being printed
> as we speak.

I should write one!

> I can bet, the same time next year, suddenly some clever multi million
> corporate guy will extract another technique from SOCIAL ENGINEERING,

Okay. Hmmm.... so, if I convince an hitchhiker by social engineering to
get in my car and kidnap him.. that not kidnapping, it's social
engineering~!

> > Ever heard of a guy (sorry, group) called n3td3v? :) I didn't
either. Why
> > do people need nicknames?! We all have names right!@

> Do you know what security is? Then you would know why using a nick
> name makes sense. To use the same name thats on your birth

<snip 200 more lines of repetition>

Exactly like I said Vista is not vulnerability free (DUH) and you attacked
me, saying I am wrong, as... Vista is not vulnerability free.
Geez, you have no sense of humour, sarcasm or wit, do you?

> > Well, I suppose we need 10 different users to digg stories with.

> I hate Digg, I only used the site as an example of the confusion being
> posed, where avaerage joe's who you Digg are becoming socially
> engineered into thinking theres a new threat wave, so the multi
> millons can create a new money making market.

Is that why you keep faking digg votes? :)

> > It's like the other guy responding here thought security is all about
> > vulnerabilities, social engineering and some other silly thing. If you
> > really have to simplify, than try and rise above Hacking
Exposed. Security
> > is about Trust.
> > :)

> Yes, trust ... or lack of knowledge by the consumer that trust is
> needed. The problem isn't always trust, its the lack of knowlege that
> trust needs to be applied.

Hmm.. do you know what Trust is? :)

> > Oh, and BTW - I have two tasks for you:
> > 1. Learn to read.
> > 2. Learn to search Google.

> Thats a very cheeky comment there. I guess you want people to think

Nope, it's meant as a way of putting you down as well as general
entertainment for the mailing list. But the reason was that as I actually
responded to you, all it did was waste my time. Misunderstandings and
reading wrongly happen constantly. With you though it's more of a
colour-blindness issue.

> Thanks for playing though.

So, do you know how to read instruction manuals? Trojans, for example,
could be tricky to handle if you use them backwards or as bubble-gums.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ