[121555] in cryptography@c2.net mail archive
Re: [Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Apr 24 17:57:35 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: arshad.noor@strongauth.com, cryptography@metzdowd.com,
dev-tech-crypto@lists.mozilla.org, ekmi@lists.oasis-open.org,
pki-tc@lists.oasis-open.org, ST-ISC@MAIL.ABANET.ORG
In-Reply-To: <480E43F6.4080802@strongauth.com>
Date: Thu, 24 Apr 2008 23:00:30 +1200
Arshad Noor <arshad.noor@strongauth.com> writes:
>This may be the first phishing e-mail I've seen that uses
>a message related to digital certificates for attacking the
>client; I am not a customer of Comerica.
>
>Has anyone else seen this before?
These have been around for awhile, I'm not on my home machine at the moment or
I'd post a link to a blog analysis of this sort of thing. Although it's
impossible to tell due to the lack of figures from either side (PKI phishing
vs. client cert use) it may well be that there's more use of PKI to attack
bank clients than to defend them.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
