Re: [Full-disclosure] simple phishing fix
- From: "Randal T. Rioux" <randy@xxxxxxxxxxxxxxx>
- Date: Tue, 29 Jul 2008 15:49:37 -0400 (EDT)
On Tue, July 29, 2008 2:31 pm, Glenn.Everhart@xxxxxxxxx wrote:
You might eliminate phishing but there are occasionally messages from
people at these institutions also. This sort of thing is in essence
allowing phishers a denial of service attack against anyone they choose
to make themselves a nuisance with.
I am not well pleased with any bank authentication I have seen so far
personally; seems to me finance-related messages should be authenticated
both ways and preferably a confirming authentication to demonstrate the
subject agrees with the transaction should be done before such are
accepted. That kind of thing would be hard to spoof and if done right
pretty useless to someone who could record entire transactions.
As for email, judge by its content. This posting for example will do
nothing to your money, sells you nothing. Nor does it ask any information
of you. If it were spoofed it would be harmless.
Glenn Everhart
But it is from Chase.... and nothing good comes from Chase ;-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] simple phishing fix
- From: Glenn.Everhart
- Re: [Full-disclosure] simple phishing fix
- Prev by Date: Re: [Full-disclosure] simple phishing fix
- Next by Date: [Full-disclosure] Remote Cisco IOS FTP server exploit
- Previous by thread: Re: [Full-disclosure] simple phishing fix
- Next by thread: Re: [Full-disclosure] simple phishing fix
- Index(es):
Relevant Pages
|
