[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New whitepaper "The Phishing Guide"

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: New whitepaper "The Phishing Guide"
From: Aleksandar Milivojevic <amilivojevic@xxxxxx>
Date: Mon, 27 Sep 2004 10:39:27 -0500

Seth Arnold wrote:

http://www.internetnews.com/dev-news/article.php/721571

Even the best-known X.509 Certification Agency has made screwups
regarding one of the best-known publicly traded corporations. How hard
do you think it would be to get certificates for something that sounds
plausibly like a bank? Credit card company?

I totally agree with what you (and others) wrote. Most of the current registrars fall from the sky some time ago, telling us that they are "trusted" entities (yeah right). Even without that incident you mentioned, would you trust company whose bussiness practices include hijacking of DNS name space (scandal with wildcard .com and .net entries) or sending deceptive domain renewals via mail? Probably not.

My point was that currently corporations are not even attempting to use the tools they have available. It is more important to them that message is nicely HTML formated, than putting even basic security precausins (such as signing with x509 certificate).

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

Prev by Date: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Next by Date: iDEFENSE Security Advisory 09.30.04 - Samba Arbitrary File Access Vulnerability
Previous by thread: iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability
Next by thread: iDEFENSE Security Advisory 09.30.04 - Samba Arbitrary File Access Vulnerability
Index(es):
- Date
- Thread