[73243] in North American Network Operators' Group
Re: Phishing (Was Re: WashingtonPost computer security stories)
daemon@ATHENA.MIT.EDU (Tim Wilde)
Tue Aug 17 09:08:24 2004
Date: Tue, 17 Aug 2004 09:06:30 -0400 (EDT)
From: Tim Wilde <twilde@dyndns.org>
To: Eric Kuhnke <eric@fnordsystems.com>
Cc: nanog@merit.edu
In-Reply-To: <412200FB.1020209@fnordsystems.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 17 Aug 2004, Eric Kuhnke wrote:
> It's a 1 line rule with mod_rewrite and apache to block
> nonexistant or off-site http referers attempting to display
> GIF/JPG/PNG images... Sometimes I wonder why Citibank,
> Paypal and others don't do this. It would cut down on the
> displayed authenticity level of many basic phishes.
Because many (broken) browsers/proxies/"firewalls"/etc block or forge
referrer headers "for security" and they'd quadruple their tech support
load with all their idiot customers using Norton Internet Security or
other similar products calling in saying "why don't I get any images on
the site? waah!" This simply isn't an option in the real world.
--
Tim Wilde
twilde@dyndns.org
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/
