| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jul 2008 15:49:37 -0400 (EDT) From: "Randal T. Rioux" <randy@...cyonlabs.com> To: Glenn.Everhart@...se.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: simple phishing fix On Tue, July 29, 2008 2:31 pm, Glenn.Everhart@...se.com wrote: > You might eliminate phishing but there are occasionally messages from > people at these institutions also. This sort of thing is in essence > allowing phishers a denial of service attack against anyone they choose > to make themselves a nuisance with. > > I am not well pleased with any bank authentication I have seen so far > personally; seems to me finance-related messages should be authenticated > both ways and preferably a confirming authentication to demonstrate the > subject agrees with the transaction should be done before such are > accepted. That kind of thing would be hard to spoof and if done right > pretty useless to someone who could record entire transactions. > > As for email, judge by its content. This posting for example will do > nothing to your money, sells you nothing. Nor does it ask any information > of you. If it were spoofed it would be harmless. > > Glenn Everhart > But it is from Chase.... and nothing good comes from Chase ;-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists