[17375] in cryptography@c2.net mail archive
Hall of Shame of Unprotected Login Sites, and Phishing/Spoofing FAQ
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Tue Jun 7 18:46:18 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 07 Jun 2005 12:25:06 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Reply-To: herzbea@macs.biu.ac.il
To: "'Cryptography'" <cryptography@metzdowd.com>
Many important, sensitive login sites are not protected, making it
easier to steal passwords from naive (and even experienced) users. See
`Hall of Shame` listing such sites at
http://www.cs.biu.ac.il/~herzbea/Shame.html
Examples:
Banks and FIs: PayPal, Chase, SmithBarney (CitiGroup), Bank of
America, TD Waterhouse, Amex, FirstCommand Bank, MidFirst Bank
Security services: MicroSoft Passport, EquiFax, InstantSSL
All sites were warned before being added to the Hall of Shame (few
actually fixed their sites and are therefore not on the page, e.g.
eBay).
A related resource - a FAQ on phishing and spoofing, at
http://www.cs.biu.ac.il/~herzbea/shame/FAQ.htm
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
