Phishing & BotNets
RE: valid problem Nov 10 2005 10:10PM
William Tarkington (William Tarkington openwave com)


-----Original Message-----
From: Jose Nazario [mailto:jose (at) monkey (dot) org [email concealed]]
Sent: Thursday, November 10, 2005 12:08 PM
To: Null, Corey
Cc: Lance James; Stejerean, Cosmin; Saeed Abu Nimeh;
phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: valid problem

On Thu, 10 Nov 2005, Null, Corey wrote:

>> If I want to sign up, how do you know I'm not a phisher?

>several types of these lists, not just for phishing, exist. they're
>usually done by using professional vouchings/introductions, classic
>network of friends and trust. as long as you're smart about gating the
>list and not too eager to grow to be too big, you can manage it
>effectively.

The question is what do you gain from it? Exclusivity granted yes but
you also lose out on being able to inform the masses. If you let anyone
join including the phishers your only informing them of what they will
learn anyway once the technology or policies are deployed.

You'd think that full disclosure is far more dangerous as it actually
posts exploit code on occasion. The most we would do here is simply tell
a phisher he should change his ways which he will do anyway.

________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://infosecdaily.net/
http://www.wormblog.com/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus