|
Posted by on May 29, 2005, 9:55 am
If you were Registered and logged in, you could reply and use other advanced thread options
I blogged regarding a concept that financial institutions could employ
to combat phishers. I'd be interested in any critiques, negative or
positive.
http://directorblue.blogspot.com/2005/05/phishing-how-banks-can-fight-back-true.html
Regards, Doug
|
|
Posted by M Trimble on May 29, 2005, 2:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Sun, 29 May 2005 09:55:27 +0000, douglas.ros wrote:
> I blogged regarding a concept that financial institutions could employ to
> combat phishers. I'd be interested in any critiques, negative or
> positive.
>
>
http://directorblue.blogspot.com/2005/05/phishing-how-banks-can-fight-back-true.html
>
> Regards, Doug
Eventually, you have to go to non-encrypted HTML, which is made up of
regular, predictable patterns with a small number variations all based on
one of two words: ´font´ or ´type´. That call
is to be found in only a small number of places. It´s been a while since I
paid any close attention, but I know that number is less than ten. How
long would it take to search all ten of those places for text in the
pattern of ´font´ or ´type´ and build out the context from there? Then
echo that across your second connection (which is called for in the
original concept)?
|
|
Posted by Unruh on May 29, 2005, 5:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I blogged regarding a concept that financial institutions could employ
>to combat phishers. I'd be interested in any critiques, negative or
>positive.
The font face "protection" is irrelevant. No customer is going to be
bothered that the relevant info is in a different typeface. That just looks
like emphasis calling attention to crucial data.
Giving out info on the customer (cheque number) to anyone who calls in as
that customer, without any authentication would be irresponsible on the
part of the bank.
Finally, the customers will not care if the phishing page does not look
exactly like the BofA page. Things change far far too often for customers
to constantly track whether the change is legitimate or not. Remember that
phishers are catching the less knowledgeable and observant segment of the
population anyway.
>http://directorblue.blogspot.com/2005/05/phishing-how-banks-can-fight-back-true.html
>Regards, Doug
|
|
Posted by douglas.ross@gmail.com on June 1, 2005, 6:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
screenshots. It revolves around making the phisher solve a
captcha-like problem:
http://directorblue.blogspot.com/2005/06/making-phishers-solve-captcha-problem.html
Regards, Doug
|
| Similar Threads | Posted | | typical approach for encryption using keys? | June 27, 2007, 6:20 am |
| Request. Newsgroup FAQ. TIA | March 11, 2005, 3:51 am |
| CBCP information request | December 21, 2004, 9:25 pm |
| Making DNS request to the Internet | May 19, 2006, 10:36 pm |
| Request for input from someone who has hired or managed an ex-hacker | January 25, 2005, 5:39 pm |
| Info request - Penetration Testing tools list | May 19, 2005, 8:47 pm |
| ICMP Type 8 Echo Request packet security concerns | October 11, 2005, 5:39 am |
| Request for help with a hacker project, or simple question answer sought | August 5, 2006, 10:00 am |
|
XML site map