Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- From: n3td3v <n3td3v@xxxxxxxxx>
- Date: Fri, 31 Mar 2006 19:50:47 +0100
It was back in 2001 when programs were written to rotate proxies... this is
never a problem for a phisher. Do you think a phisher would really carry out
a world-wide phishing attack, without knowing everything behind the issue?
The guys are going to have a large amount of data to harvest, for experts to
think for a spit second that that was ever going to be done manually is just
beyond me. And the figure of 300 within a phishers data pool is just
laughable as well, it goes way higher than that.
On 3/31/06, Valdis.Kletnieks@xxxxxx <Valdis.Kletnieks@xxxxxx> wrote:
_______________________________________________
On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:
Check out this article, and I really did spill my hard earned Starbuckshttp://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1
right down my front when I looked at this article:
Given that you allegedly posted that particular response, I take it you
spilled
your Starbucks in shock that somebody would claim to be you?
The original article is at
http://news.com.com/2100-1029-6056317.html?tag=tb
In any case, it's clear that the person who posted that response has *no
idea*
how most bank's anti-fraud systems work.
First off, the phishers *can't* just run through all the data they've
gotten
in just a few seconds, unless they distributed the work across a bunch of
botnet
zombies - hits for more than a few dozen different accounts from the same
IP
in the same timespan are suspicious at the very least.
Secondly, the phishers can currently usually be sure that the victims have
given them reasonably good data (unless the victim is a dweeb who can't
enter
their DoB or account number correctly). On the other hand, if the phished
data
has been polluted by 90% bad data, then only 1 of 10 attempted
transactions
will succeed - and the fact that they're trying lots of different bad data
will
again hopefully trigger an alert. If you only succeed every 10th time,
and you
get locked out after 3 attempts with different bad data, it's going to
take you
a lot longer to figure out which ones are good and which ones are bad....
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- From: n3td3v
- Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- From: Valdis . Kletnieks
- [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- Prev by Date: [Full-disclosure] Buffer-overflow and in-game crash in Zdaemon 1.08.01
- Next by Date: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should NotFollow
- Previous by thread: Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- Next by thread: [Full-disclosure] Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY
- Index(es):
