|
|
BugTraq
New whitepaper "The Phishing Guide" Sep 22 2004 04:38PM Gunter Ollmann (NGS) (gunter ngssoftware com) (1 replies) Re: New whitepaper "The Phishing Guide" Sep 23 2004 02:57PM Aleksandar Milivojevic (amilivojevic pbl ca) (3 replies) Re[2]: New whitepaper "The Phishing Guide" Sep 26 2004 02:35PM Karsten Heidrich (karsten heidrich-da de) Re: New whitepaper "The Phishing Guide" Sep 23 2004 07:21PM Seth Arnold (sarnold immunix com) (2 replies) Re: New whitepaper "The Phishing Guide" Sep 27 2004 06:05PM Greg A. Woods (woods weird com) (1 replies) Re: New whitepaper "The Phishing Guide" Sep 27 2004 03:39PM Aleksandar Milivojevic (amilivojevic pbl ca) |
|
Privacy Statement |
> Gunter Ollmann (NGS) wrote:
>
>>While the Phishers develop evermore sophisticated attack vectors [...]
>>Customers too have become wary of "official" email, and organisations
>>struggle to install confidence in their communications.
>
> Sometimes it's unbelivable how long it takes organizations to discover
> that email can be signed. Especially nowdays when all major mail
> readers have support for at least S/MIME
How does that help in practice? A user fooled by a link to ebay-support.com
is just as likely to accept signed mail from foo (at) ebay-support (dot) com. [email concealed] Not to
mention that the potential profits from phishing could easily finance the
purchase of a forged cert if someone at one of the built-in CA's was
corruptible. Given the several that are based in 3rd world companies (not to
mention recent US corporate scandals) I have no confidence that won't
eventually happen.
-Dan Veditz
[ reply ]