lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49CC2D62.4090401@linuxbox.org>
Date: Fri, 27 Mar 2009 02:35:30 +0100
From: Gadi Evron <ge@...uxbox.org>
To: "M.B.Jr." <marcio.barbado@...il.com>
Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk
Subject: Re: phishing attacks against ISPs (also with
 Google translations)

M.B.Jr. wrote:
> Dear Gadi,
> 
> 
> On Wed, Mar 25, 2009 at 9:40 AM, Gadi Evron <ge@...uxbox.org> wrote:
>> While we have seen ISP phishing and Hebrew phishing before, these
>> attacks started when Google added translation into Hebrew.
> 
> 
> How exactly did you establish such a certain connection between
> Google's Hebrew translation service's debut and these phishing attacks
> you're referring to?
> 
> If you're going to provide us with dates, please point out trustable
> probative sources.


Dear Mr. M.B.Jr.,

While I cannot show conclusive evidence between the two concurrent 
events, the causality in this case seems pretty obvious for the 
following reasons:

	1. The two (phishing and translation module) occurred at around
	the same time frame.

	2. Previously, this was not happening.

	3. The imperfect Hebrew looks like a machine translation.

	4. In fact, the only new element I can discern being added to
	the game was the new Google module.

Google is not at fault, they provide a valuable and good service. 
Criminals abuse the same tools we use.

I concede that it is not outside the realm of possibility some crappy 
Hebrew translator suddenly started working with the phishing gangs, but 
it doesn't seem likely.

Conversely, do note I did not state it was Google's translation engine 
that was abused, but rather asked if others see this as well and can 
confirm. I say it now, it is the most likely conclusion.

I'd be happy if someone has other ideas to help us reach a better 
conclusion?

	Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ