Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 10:24:46 +0200 (CEST)
On Fri, 31 Mar 2006, Jasper Bryant-Greene wrote:
Just as most of the phishing sites already do.Really? I thought they somehow magically knew enough about you to sign
you in properly and display all the correct details ;)
No, but the reasonable practice would be not to alert the customer (and
have him possibly, say, panic and call the bank in question) - but rather,
display something along the lines of "Thank you for successfully verifying
your Frob Mutual account data. Bye."
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: vuln
- Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: michaelslists
- Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: Michal Zalewski
- Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: Marcos Agüero
- Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- From: Jasper Bryant-Greene
- [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- Prev by Date: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- Next by Date: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- Previous by thread: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- Next by thread: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
- Index(es):
