[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C6AF3ECACA6E9A46A2CB2FABCDCB35C40CE9AF01@swilnts810.wil.fusa.com>
Date: Tue, 29 Jul 2008 14:31:38 -0400
From: <Glenn.Everhart@...se.com>
To: <prb@...a.net>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: simple phishing fix
You might eliminate phishing but there are occasionally messages from people at
these institutions also. This sort of thing is in essence allowing phishers a
denial of service attack against anyone they choose to make themselves a nuisance
with.
I am not well pleased with any bank authentication I have seen so far personally;
seems to me finance-related messages should be authenticated both ways and preferably
a confirming authentication to demonstrate the subject agrees with the transaction
should be done before such are accepted. That kind of thing would be hard to spoof
and if done right pretty useless to someone who could record entire transactions.
As for email, judge by its content. This posting for example will do nothing
to your money, sells you nothing. Nor does it ask any information of you. If it
were spoofed it would be harmless.
Glenn Everhart
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Peter
Besenbruch
Sent: Tuesday, July 29, 2008 2:04 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] simple phishing fix
On Monday 28 July 2008 20:55:10 Stian Øvrevåge wrote:
> You mention phising, but I think quite a few points from the
> why-your-spam-solution-wont-work-list are relevant:
>
> "(x) Mailing lists and other legitimate email uses would be affected
If we stick with the narrowly focused problem of bank phishing spam, I doubt
mailing lists would be affected. Yes, stuart, the original poster, spoke
of "deny all" tactics, but he certainly wasn't implementing anything like
that in practice. At least, I couldn't see it.
> (x) It will stop spam for two weeks and then we'll be stuck with it
Yes, you would need to add a new filter from time to time. This would work on
your own e-mail account, but I would see problems generalizing to more
people.
> (x) Users of email will not put up with it
On the other hand, it sounded like the original poster wanted to share lists,
so that anyone who wanted to could tweak theirs. People sharing such lists
would "put up with it."
> (x) Ideas similar to yours are easy to come up with, yet none have ever
> been shown practical
I get my share of phishing spam, and most involve about a dozen domains, or
less. These domains have remained relatively stable over the last two years.
Paypal still dominates. So yes, a list of the common banking sites might
reduce the annoyance factor.
> (x) Whitelists suck"
They do indeed.
> http://craphound.com/spamsolutions.txt
>
> 1. Your filter will never be complete, there are too many
> banks/institutions (with ever-changing domains etc).
See above.
> 2. Banks/institutions actually sends legitimate mail.
Yes, but I would not do business with a bank that did. Phishing spam has
eliminated e-mail as a viable means of communication between banks and their
customers. My bank doesn't know my e-mail address, and I don't bank on-line
(but that's a whole other kettle of fish).
> 3. Phishers will find ways to get around the filters, either by
> registering similar domain-names or by numerous browser/MTA tricks.
> 4. Users likely to fall for a phish is not very likely to even know
> what a filter is.
What we are talking about here is the sharing of filter material on a small
list of people who can spot a phish from a mile off. Full Disclosure isn't
big enough to change the habits of spammers.
That said, I haven't made use of any filters specifically to weed out phishing
spam. I use Kmail and Bogofilter, and they have caught almost every phishing
spam I have received in the last year. Such spam was one of the firsts things
that the Bayesian based Bogofilter learned to flag reliably. Bogofilter flags
a far greater variety of spam reliably than flagging domains in the "from"
field could ever hope to accomplish.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists