[94332] in North American Network Operators' Group
Re: HTML email, was Re: Phishing and BGP Blackholing
daemon@ATHENA.MIT.EDU (Travis H.)
Fri Jan 19 02:06:21 2007
Date: Fri, 19 Jan 2007 01:04:22 -0600
From: "Travis H." <travis+ml-nanog@subspacefield.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <web-11702512@remus.csulb.edu>
Errors-To: owner-nanog@merit.edu
--3XA6nns4nE4KvaS/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jan 18, 2007 at 07:05:25AM -0800, Matthew Black wrote:
> This presupposes that corporations have a more significant claim
> to domain names than individuals.
Not necessarily; if I am providing login details to a phishing site, I
have probably visited the actual business web site before to create
those credentials in the first place. Were they to use a consistent
naming strategy, for example always using the same suffix, then I have
a simple rule for avoiding [most] phishing sites; validate the suffix.
More generally, authenticating the identity of someone you share a piece
of information (or history) with is a much more tractable problem than
authenticating someone you don't share anything with. That is probably
unsolvable via technical means.
As you point out, there still exists the risk of providing personal
details to the wrong site, but phishing sites so far haven't commonly
focused on gathering details for future identity fraud.
--=20
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
--3XA6nns4nE4KvaS/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRbBtdWQVZZEDJt9HAQIO8xAAqTOs6DY9nNYtdZiVi4U4Wt+MdJF4LKnP
yWa1gs1PMYVjtPwxMp++s460MlLcBFW9SiwJSpcEanDDbUbVBDhFIHX3YlmyuKCc
Z1sSMAO9rpD0nsX7EuOfLAnjnJCdDwzunjDHK8I70K0d5jBq6MSCTwzeK4ZE96B0
ADtC2hPMjBT98rcXym9e0l+use+gZeyeHTOMcAzdy1X/3ANi3WUWFifjinxyYNxZ
VfGxQqr9a2cejj6dRIo+I/G4bH2exe6HJq5OEwNiAHuVbcOKlAsFRKbS8FCGMURa
Im/6QOsIrUMZiYrFPyOWmNII7VVuQ1YfoRU/Hypc08IbCrbvoqUGIuqfb30IQRnA
N8LkMaE9vmg4YGEA1aJ1vEvFmCsU+xYiKUPGvv7s4/1g4VCdpbR8xII43rfInhW7
EkSsZGtWHgjjh+l5qhISz/lKHxHTKsau3VSdKxiM/tHzNGciaKcvEeUCePLF1CqQ
zz2TRGSPkxUPAyPcBh+FIR1bFAAtiJV6poXK3kLY60+0bu14ksgws0VwH+Ga+X4v
1KxVKhIoUA+ZiktgEHLnTzK2Li8idZmZozzC26n2jV1C8qPYuniLy196Z9M/aXP/
YY4ZKbv/m6gpIEGeH+Yz2OnPhRowL7ErO8HQVWgAPNXPPokKZQrV/UsWl39BW1cW
XiBy6+n5Rv8=
=TXMV
-----END PGP SIGNATURE-----
--3XA6nns4nE4KvaS/--
