Re: [Full-Disclosure] HOTMAIL / PASSPORT: phishing expedition
From: morning_wood (se_cur_ity_at_hotmail.com)
To: <firstname.lastname@example.org>, <email@example.com> Date: Thu, 18 Mar 2004 14:26:31 -0800
> buddy<iframe src="http://www.malware.com/pithy.html">
so could this url be considered a "phishing scam" ?
regardless of your implied intent? It does pretend
to be a genuine login, and i am sure you are collecting successfull
attempts to a log ( right? ). Has your "demo" oversteped the bounds
of "security research" into the realm of "collecting confidental
( login / password ) information for purposes of access circumvention" ?
Full-Disclosure - We believe in it.