lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1ca1c1410807300858o38069502k7ca848404460800b@mail.gmail.com>
Date: Wed, 30 Jul 2008 08:58:30 -0700
From: "Aaron Turner" <synfinatic@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Recall: simple phishing fix

On Wed, Jul 30, 2008 at 7:29 AM,  <Glenn.Everhart@...se.com> wrote:
> The sender would like to recall the message, "[Full-disclosure] simple phishing fix".

You mean this email?  Seriously, people need to learn that the that
the recall feature in Exchange doesn't work.  I don't read every email
in my inbox, but you can be sure I read every email that someone asks
to recall!


---------------------------------------------------------
from	Glenn.Everhart@...se.com
to	prb@...a.net,
full-disclosure@...ts.grok.org.uk
date	Tue, Jul 29, 2008 at 11:31 AM
subject	Re: [Full-disclosure] simple phishing fix
mailing list	full-disclosure.lists.grok.org.uk Filter messages from
this mailing list
mailed-by	lists.grok.org.uk
	
	
You might eliminate phishing but there are occasionally messages from people at
these institutions also. This sort of thing is in essence allowing phishers a
denial of service attack against anyone they choose to make themselves
a nuisance
with.

I am not well pleased with any bank authentication I have seen so far
personally;
seems to me finance-related messages should be authenticated both ways
and preferably
a confirming authentication to demonstrate the subject agrees with the
transaction
should be done before such are accepted. That kind of thing would be
hard to spoof
and if done right pretty useless to someone who could record entire
transactions.

As for email, judge by its content. This posting for example will do nothing
to your money, sells you nothing. Nor does it ask any information of you. If it
were spoofed it would be harmless.

Glenn Everhart



-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ