[19976] in cryptography@c2.net mail archive
X.509 Phishing license
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Tue Feb 14 11:45:05 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 14 Feb 2006 00:29:59 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
The phishers are launching sophisticated attacks on less known (to the
X.509 CAs) financial institutions...
http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html
...
This one -- targeting the tiny Mountain America credit union in Salt
Lake City, Utah
...
Geotrust's cert verification process is largely automated: when
someone requests a cert for a particular site, the company sends an
e-mail to the address included in the Web site's registrar records,
along with a special code that the recipient needs to phone in to
complete the process.
... [Geotrust] doubted that inserting a human into that process
would have flagged the account as suspicious.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
