Phishing & BotNets
RE: valid problem Nov 10 2005 07:50PM
Null, Corey (Null Corey principal com)
If we had something that wasn't so public, how would we guard the
gates? How do you tell the good guys from the bad?

Corey Null
Principal Financial Group
Desk (515) 235-9045
Cell (515) 771-3855
Fax (866) 736-4764

-----Original Message-----
From: Lance James [mailto:lancej (at) securescience (dot) net [email concealed]]
Sent: Wednesday, November 09, 2005 11:06 PM
To: Stejerean, Cosmin; Lance James; Saeed Abu Nimeh
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: Re: valid problem

I'm not debating info sharing but tracking phishers on a public forum is
not wise.

-----Original Message-----
From: "Stejerean, Cosmin" <cosmin (at) cti.depaul (dot) edu [email concealed]>
Date: Wed, 9 Nov 2005 22:53:17
To:"Lance James" <lancej (at) securescience (dot) net [email concealed]>, "Saeed Abu Nimeh"
<drellman (at) hotmail (dot) com [email concealed]>
Cc:<phishing (at) securityfocus (dot) com [email concealed]>
Subject: RE: valid problem

I think the problem with phishing is not any different that with other
forms of hacking. What about watching the honeypot mailing list?
Wouldn't that benefit a hacker? The same could go for almost any list.
The purpose of the list is to share information, and that information
can be used for good or for evil, however that is no excuse to not share
information.

Cosmin

-----Original Message-----
From: Lance James [mailto:lancej (at) securescience (dot) net [email concealed]]
Sent: Wednesday, November 09, 2005 5:00 PM
To: Saeed Abu Nimeh
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: Re: valid problem

Saeed Abu Nimeh wrote:

> The argument would be similar to all other security public available
> lists. As well they are available to hackers, however, they are
> beneficiary.
> Saeed Abu-Nimeh

Umm, that argument works for security - but when phishers are monitoring
activity for ROI, it's a different issue.

They will see "who's tracking them, who's checking them out, and will
perfect their technique". In security, it's a display of exploits that
may cause trouble, - I think this can not be compared.

>
> Lance James wrote:
>
>> I think there is a valid problem with a "phishing (at) securityfocus (dot) com [email concealed]"
>> list.
>>
>> It's publicly available to everyone - including phishers. Why the
>> hell would anyone post on it?
>>
>
>

--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!

Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
www.securescience.net/amazon/
Have Phishers Stolen your customer's logins? Find out with DIA
https://slam.securescience.com/signup.cgi - it's free!

-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect (at) principal (dot) com [email concealed] and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus