Phishing & BotNets
valid problem Nov 09 2005 06:59AM
Lance James (lancej securescience net) (2 replies)
Re: valid problem Nov 09 2005 10:43PM
Nick Bilogorskiy (nbilogorskiy fortinet com)
Re: valid problem Nov 09 2005 10:35PM
Saeed Abu Nimeh (drellman hotmail com) (1 replies)
Re: valid problem Nov 09 2005 10:59PM
Lance James (lancej securescience net) (1 replies)
Re: valid problem Nov 09 2005 11:43PM
Byron L. Sonne (blsonne rogers com)
It's always a game of catch up (for both sides), so the more information
that is available to everyone, the more we all benefit. Any truly useful
tool is almost by necessity able to be used for both good and evil.

It's kinda like asking who would use public bathrooms, since someone
could hide in there, jump out and rob you. Definitely a possibility, but
not having them is an even worse option, IMO.

As an example, an even more viable target are mailing lists on which
some people are idiots and have configured their out-of-office replies
to reply to the list. Netsys's Full-Disclosure list is a classic for
this. So, now the whole world knows you're not in the office, they have
you name, email, and no doubt other sundry details gleaned from your
emails. Such as the likelihood that if you have a corporate email
address, and since you're subscribed to the list, you may have some kind
of security position in a company. Excellent social engineering fodder ;)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus