[17820] in cryptography@c2.net mail archive
Re: New Credit Card Scam (fwd)
daemon@ATHENA.MIT.EDU (Lance James)
Tue Jul 12 13:15:41 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 11 Jul 2005 21:31:38 -0700
From: Lance James <lancej@securescience.net>
To: Jason Holt <jason@lunkwill.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <Pine.LNX.4.63.0507120058010.17563@pl2.zayda.com>
Jason Holt wrote:
>
> On Mon, 11 Jul 2005, Lance James wrote:
> [...]
>
>> place to fend off these attacks. Soon phishers will just use the site
>> itself to phish users, pushing away the dependency on tricking the
>> user with a "spoofed" or "mirrored" site.
>
> [...]
>
> You dismiss too much with your "just". They already do attack plenty
> of sites, but they also phish because it has a larger return on
> investment. Security is the process of iteratively strengthening the
> weakest links in the chain.
I'm being misunderstood - Cross-User attack concepts specifically is
what I'm referring to. The straight on attacks on sites are definitely a
processed phase within the many attack vectors they are performing, I'm
just making clear that the businesses need to start working on those
weak links.
-Lance
>
> -J
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
