It seems that only multi-channel synchronous banking level system using
randomly called third party systems may be trustable. Good encryption
protects data once both ends are authenticated, but does not warranty
authentification.
The need is to make that type of service available to everyone. I
[Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
I've heard of one recently where the actual page was from the legitimate
bank web site, but the dialog box window asking for username and
password detail was the spoofed component.
Dean, this is very helpful. Thank you!
Parry
-Original Message-
From: Dean Anderson [mailto:[EMAIL PROTECTED]
Sent: Monday, December 22, 2003 3:20 PM
To: Parry Aftab
Cc: [EMAIL PROTECTED]
Subject: RE: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to
On Sun, 21 Dec 2003, Parry Aftab wrote:
> If not to protect them, how can you verify that s site is not being
> spoofed, technically?
When you connect to a secure website, you can examine the SSL Certificate
for the site, usually by clicking on the "lock" symbol on many browsers.
People should
Aftab
> To: 'Masataka Ohta' ; 'Franck Martin'
> Cc: [EMAIL PROTECTED]
> Sent: Sunday, December 21, 2003 11:26 AM
> Subject: RE: [Fwd: [isdf] need help from the ietf list...can someone post this for
> me? or allow me to post directly?]
>
>
&g
astcram.netfirms.com--
- Original Message -
From:
Parry Aftab
To: 'Masataka Ohta' ; 'Franck Martin'
Cc: [EMAIL PROTECTED]
Sent: Sunday, December 21, 2003 11:26
AM
Subject: RE: [Fwd: [isdf] need help from
the ietf list...can someone post this for me?
I've heard of one recently where the actual page was from the legitimate bank web
site, but the dialog box window asking for username and password detail was the
spoofed component. Everythink, including HTTPS locks, URLs etc displayed would have
looked, and actually were legitimate.
On Sun, 2
m the ietf list...can someone
post this for me? or allow me to post directly?]
On Sun, 21 Dec 2003 18:40:57 EST, Parry Aftab said:
> It's a spoof, phished e-mail. No such credit card. I just confirmed
with
> the powers that be in PayPal/eBay. The scams are good enough to
confuse
> ev
...can someone
post this for me? or allow me to post directly?]
People need to rely on their common sense. This isn't a technical
problem. It is a social engineering problem. Your best bet is to read
Kevin Mitnick's book "The Art of Deception". Of course, there will be
insta
ECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
There are more scary stories at
http://stupidsecurity.com
Some people think publishing stories like these are wrong ... in
security,
ssage-
From: Dean Anderson [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 21, 2003 4:45 PM
To: Mark Smith
Cc: shogunx; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directl
2003 10:30 AM
To: Jeffrey Race
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
You must base your business plan on the fact that your problem has no
solution, technical or otherwise.
[Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
On Sun, 21 Dec 2003 11:32:28 +1200, Franck Martin said:
> For example, you receive an e-mail telling you that there has been a
> security breach at PayPal, and you need to log into t
financial transactions.
Thanks,
Parry
-Original Message-
From: Masataka Ohta [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 21, 2003 12:06 AM
To: Franck Martin
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or
On Mon, 22 Dec 2003 04:33:43 -0500 (EST)
shogunx <[EMAIL PROTECTED]> wrote:
> On Sun, 21 Dec 2003, Dean Anderson wrote:
>
> > People need to rely on their common sense. This isn't a technical
> > problem. It is a social engineering problem. Your best bet is to read
> > Kevin Mitnick's book "The
On Sun, 21 Dec 2003, Dean Anderson wrote:
> People need to rely on their common sense. This isn't a technical
> problem. It is a social engineering problem. Your best bet is to read
> Kevin Mitnick's book "The Art of Deception". Of course, there will be
> instances were banks will send their cust
On Sun, 21 Dec 2003 18:40:57 EST, Parry Aftab said:
> It's a spoof, phished e-mail. No such credit card. I just confirmed with
> the powers that be in PayPal/eBay. The scams are good enough to confuse
> even ietf members. See the problem? How can someone tell this was a
> phishing expedition?
Damn
g you techies
> could help me on hard tech tips :-)
> Parry Aftab
>
> -Original Message-
> From: Dean Anderson [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 21, 2003 4:45 PM
> To: Mark Smith
> Cc: shogunx; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
>
Most scams involve things that the institutions themselves would never do,
such as calling you on the telephone or sending as email to have you
update your confidential finanical information.
The email scams are fundamntally no different from telephone scams or
door-to-door confidence scams, where
Parry Aftab;
What do you suggest short of an absolute guarantee?
Common senses.
How do I advise consumers to tell the difference between legitimate
e-mails with embedded links and the phished ones using spoofed sites?
What if, you go to a branch office of a bank and, in a lobby of the
bank, hand
Franck Martin (Parry Aftab);
Now IE has a bug that allows them to mask the real site more easily, by
showing the spoofed site in the navigation bar.
Do any of the IETF members have suggestions for easy ways of confirming
that the site you just linked to is really the site you wanted to
access?
As
There are more scary stories at
http://stupidsecurity.com
Some people think publishing stories like these are wrong ... in security, it is far
better to learn from other people's mistakes than your own.
btw, [EMAIL PROTECTED] and [EMAIL PROTECTED] won't receive this ... they are rejecting
my
You must base your business plan on the fact that your problem has no
solution, technical or otherwise. Any technical means to restrict
access or identify a host can be defeated by a determined hacker, and
you can be 100% sure that your hackers are more motivated than your
employees.
Even were t
On Sun, 21 Dec 2003 11:32:28 +1200, Franck Martin said:
> For example, you receive an e-mail telling you that there has been a
> security breach at PayPal, and you need to log into the site and correct
> your info, by using the bogus link they provide.
"Some mornings it just doesn't seem worth it
And don't trust emails asking for sensitive information. Verify their requests
independantly via the phone, for example, and just _don't_ use a phone number that is
supplied in the email.
On Sun, 21 Dec 2003 03:26:05 -0500 (EST)
shogunx <[EMAIL PROTECTED]> wrote:
> perhaps the solution is to no
perhaps the solution is to not use insecure microsoft software. or
banking systems.
On 21 Dec 2003, Franck Martin wrote:
> -Forwarded Message-
> From: Parry Aftab <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [isdf] need help from the ietf list...can someone post this for
> me?
-Forwarded Message-
From: Parry Aftab <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?
Date: 20 Dec 2003 16:50:33 -0500
We have been experiencing a huge growth in phishing (e-mails des
27 matches
Mail list logo