lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bf6826070807282355l5a4c3185n1040e7b4355ea823@mail.gmail.com>
Date: Tue, 29 Jul 2008 08:55:10 +0200
From: "Stian Øvrevåge" <sovrevage@...il.com>
To: stuart@...erdelix.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: simple phishing fix

On Mon, Jul 28, 2008 at 9:52 AM, lsi <stuart@...erdelix.net> wrote:
> Please post the list of strings you use in your phishing filter.
>
> Or don't you have one?
>
> Seriously dude, if phishing was so simple to fix then why is it "on
> the rise" according to recent news articles?
>
> I mean, if all the admins out there in the world are blocking them,
> when why are they still being sent out by scammers?
>
> Either the admins don't know how to block them, or the scammers don't
> know they are being blocked.
>
> My message can solve both problems.
>
> I seem to recall a time when email-borne viruses were a problem, once
> it was pointed out they were simple to block, they rapidly dropped
> out of fashion.
>
> I would indeed like to repeat that success and save the associated
> electricity, bandwidth and CPU time for something more important,
> such as replying to bone-headed posts in fd, for a start.
>
> Stu
>
> On 28 Jul 2008 at 10:57, Biz Marqee wrote:
>
> Date sent:      Mon, 28 Jul 2008 10:57:06 +1000
> From:   "Biz Marqee" <biz.marqee@...il.com>
> To:     full-disclosure@...ts.grok.org.uk
> Subject:        RE: [Full-disclosure] simple phishing fix
> Copies to:      stuart@...erdelix.net
>
>> Wow, you our are savior.. no, no our e-Hero! Forget patches for software
>> bugs.. This guy can teach us how to set up a mail filter!!
>>
>> Seriously dude.. do you think we care about, or are too inept to set up mail
>> filter rules? Go find another list to contribute to, you are a joke.
>>
>

You mention phising, but I think quite a few points from the
why-your-spam-solution-wont-work-list are relevant:

"(x) Mailing lists and other legitimate email uses would be affected
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it

Specifically, your plan fails to account for

(x) Eternal arms race involved in all filtering approaches

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(x) Blacklists suck
(x) Whitelists suck"

http://craphound.com/spamsolutions.txt

1. Your filter will never be complete, there are too many
banks/institutions (with ever-changing domains etc).
2. Banks/institutions actually sends legitimate mail.
3. Phishers will find ways to get around the filters, either by
registering similar domain-names or by numerous browser/MTA tricks.
4. Users likely to fall for a phish is not very likely to even know
what a filter is.

-- 
Stian Øvrevåge

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ