Phishing & BotNets
Anti-phishing Toolbars Evaluation Jul 24 2006 09:08AM
Abhishek Kumar (abhishek kumar paladion net) (2 replies)
Re: Anti-phishing Toolbars Evaluation Jul 27 2006 10:42AM
xun dong (xundong cs york ac uk) (3 replies)
RE: Anti-phishing Toolbars Evaluation Jul 28 2006 12:30PM
Abhishek Kumar (abhishek kumar paladion net) (1 replies)
Re: Anti-phishing Toolbars Evaluation Jul 28 2006 06:10PM
Paul Laudanski (paul castlecops com)
IRS phishing attack Jul 27 2006 07:55PM
Pete Herzog (lists isecom org) (1 replies)
Re: IRS phishing attack Jul 28 2006 06:00PM
Paul Laudanski (paul castlecops com)
Re: Anti-phishing Toolbars Evaluation Jul 27 2006 07:22PM
Saeed Abu Nimeh (drellman hotmail com) (1 replies)
Re: Anti-phishing Toolbars Evaluation Jul 27 2006 09:50PM
Paul Laudanski (paul castlecops com)
Re: Anti-phishing Toolbars Evaluation Jul 24 2006 06:05PM
Paul Laudanski (paul castlecops com) (1 replies)
Re: Anti-phishing Toolbars Evaluation Jul 24 2006 06:51PM
Paul Laudanski (paul castlecops com) (1 replies)
RE: Anti-phishing Toolbars Evaluation Jul 25 2006 12:51PM
Abhishek Kumar (abhishek kumar paladion net) (1 replies)
RE: Anti-phishing Toolbars Evaluation Jul 26 2006 02:05AM
Joshua Perrymon (josh perrymon purehacking com)
We perform controlled phishing attacks on our global attacks almost daily. I
can say the IE7 phsihing filter has never detected any of our sites. I'm
guessing this is due to a white-listing approach and all of our attacks are
one-off.

My thoughts on an effective anti-phishing browser solution would also need
to have the ability to be updated. Example- If the company had a widget that
would detect directed phishing attacks.. Then this information could be
disseminated to the toolbar to stop users from visiting the site. This could
also be synced to remote users.

Or is this redundant because it should be done in a content management
solution?

Cheers,

JP

Joshua Perrymon, C.E.H.
Sr. Security Consultant

-----------------------------------------

Pure Hacking - The Leaders In Internet Security

-----Original Message-----
From: Abhishek Kumar [mailto:abhishek.kumar (at) paladion (dot) net [email concealed]]
Sent: Tuesday, 25 July 2006 10:52 PM
To: 'Paul Laudanski'
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: Anti-phishing Toolbars Evaluation

Paul, thanks for pointing out additional toolbars and the list of Phishing
URLs.

It will make my next evaluation of the toolbars more exhaustive.

- Abhishek

-----Original Message-----
From: Paul Laudanski [mailto:paul (at) castlecops (dot) com [email concealed]]
Sent: Tuesday, July 25, 2006 12:22 AM
To: Abhishek Kumar; phishing (at) securityfocus (dot) com [email concealed]
Subject: Re: Anti-phishing Toolbars Evaluation

One of the CastleCops staff kindly reminded me of a review thread that has
been done on this topic as well:

http://www.castlecops.com/postlite107217-phish+toolbars.html

Not exactly up-to-date, but it contains a few pages of discussions
surrounding toolbars.

Paul Laudanski, Microsoft MVP Windows-Security
Phish XML Feed: http://www.castlecops.com/article6619.html
Phish Takedown: http://castlecops.com/pirt
www.CastleCops.com | de.CastleCops.com | wiki.CastleCops.com

----- Original Message -----
From: "Paul Laudanski" <paul (at) castlecops (dot) com [email concealed]>
To: "Abhishek Kumar" <abhishek.kumar (at) paladion (dot) net [email concealed]>;
<phishing (at) securityfocus (dot) com [email concealed]>
Sent: Monday, July 24, 2006 2:05 PM
Subject: Re: Anti-phishing Toolbars Evaluation

> Thank you for your assessment. Its a good start, but to get a better
> profile of the toolbars I'd highly recommend increasing your phish
> sampling size.
>
> You can always use our confirmed/terminated lists:
>
> http://www.castlecops.com/modules.php?name=Fried_Phish&fp=phish
> http://www.castlecops.com/modules.php?name=Fried_Phish&fp=phish&which=
> 6
>
> You may also want to check out some other toolbars like that from
> Firetrust and Compete or Google Firefox Toolbar:
>
> http://toolbar.google.com/firefox/
> http://www.firetrust.com/firetrustsitehound.html
> http://home.compete.com/
>
> Some of these pull the same sources.
>
> Paul Laudanski, Microsoft MVP Windows-Security
> Phish XML Feed: http://www.castlecops.com/article6619.html
> Phish Takedown: http://castlecops.com/pirt
> www.CastleCops.com | de.CastleCops.com | wiki.CastleCops.com
>
> ----- Original Message -----
> From: "Abhishek Kumar" <abhishek.kumar (at) paladion (dot) net [email concealed]>
> To: <phishing (at) securityfocus (dot) com [email concealed]>
> Sent: Monday, July 24, 2006 5:08 AM
> Subject: Anti-phishing Toolbars Evaluation
>
>
>> Hi All,
>>
>> Recently I carried out an evaluation of some of the popular
>> Anti-phishing toolbars. The toolbars were tested on a number of
>> parameters such as, accuracy in detecting phishing URLs, alerting
>> mechanism, detailed analysis of websites, help information provided
>> to users etc. The results obtained from the evaluation can help the
>> users in selecting the right anti-phishing
>> toolbar.
>>
>> You can read the details of the evaluation on my blog on phishing at
>> http://phishtrails.blogspot.com/. All flowers, brickbats and
>> suggestions are welcome.
>>
>> Thanks
>> Abhishek
>>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus