SecurityFocus

RE: Amazon phishing scam on Yahoo servers Feb 22 2006 07:02AM
Geoff Vass (geoff cadzow com au) (4 replies)

Re: Amazon phishing scam on Yahoo servers Feb 24 2006 10:14AM
Vincent Archer (archer frmug org)

Re: Amazon phishing scam on Yahoo servers Feb 24 2006 09:02AM
Stefan Kelm (stefan kelm secorvo de)

> Surely someone, somewhere, has to take some responsibility for allowing
> domains to be created which are clearly and obviously bogus. Who could
> possibly have a reason to register paypal-unlocking.net?

The problem is, there's no such thing as a domain which is,
or which is not "clearly and obviously bogus". There won't
be internationally applicable rules (i.e., blacklists and
whitelists) that describe the "validity" of domain names.
What if there actually exists a company called paypal
unlocking (TM) somewhere in the remote outskirts of a tasmanian
village? We simply can't build security mechanisms which rely
on domain names. That has been, and still is, the
major problem with protocols like SSL/TLS which are
otherwise technically sound.

Cheers,

Stefan.

-------------------------------------------------------
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe

Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm (at) secorvo (dot) de [email concealed], http://www.secorvo.de/
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

[ reply ]

Re: Amazon phishing scam on Yahoo servers Feb 23 2006 09:23PM
Elizabeth Zwicky (zwicky greatcircle com)

RE: Amazon phishing scam on Yahoo servers Feb 23 2006 04:41AM
Paul Laudanski (zx castlecops com)