[36748] in bugtraq
Re[2]: New whitepaper "The Phishing Guide"
daemon@ATHENA.MIT.EDU (Karsten Heidrich)
Wed Sep 29 17:05:03 2004
Date: Sun, 26 Sep 2004 16:35:13 +0200
From: Karsten Heidrich <karsten@heidrich-da.de>
Reply-To: Karsten Heidrich <karsten@heidrich-da.de>
Message-ID: <40140614.20040926163513@heidrich-da.de>
To: Aleksandar Milivojevic <amilivojevic@pbl.ca>
Cc: bugtraq@securityfocus.com
In-Reply-To: <4152E43F.5050509@pbl.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----------AA9518247FB3D4"
This is a cryptographically signed message in MIME format.
------------AA9518247FB3D4
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
All,
it is true that many problems in the Phishing area would be eliminated
by using e.g. S/MIME or other trusted signature mechanisms.
That is only provided customers and the casual internet user know how
to work with it. I strongly doubt that much will change for at least
the next 5 to 7 years. The knowledge of the users has to change; and
that - unfortunately - is a slow and winding path.
Just imagine your grandmother trying to verify S/MIME or PGP. Have
fun.
Thursday, September 23, 2004, 4:57:03 PM, you wrote:
AM> Gunter Ollmann (NGS) wrote:
AM> [snip]
>> While the Phishers
>> develop evermore sophisticated attack vectors, businesses flounder to
>> protect their customers' personal data and look to external experts for
>> improving email security. Customers too have become wary of "official"
>> email, and organisations struggle to install confidence in their
>> communications.
AM> Sometimes it's unbelivable how long it takes organizations to discover
AM> that email can be signed. Especially nowdays when all major mail=20
AM> readers have support for at least S/MIME (and the really good ones have
AM> support for at least PGP ;-) ).
--=20
Regards
Karsten
------------AA9518247FB3D4
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIFDAYJKoZIhvcNAQcCoIIE/TCCBPkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
A10wggNZMIICwqADAgECAg8A6zwAAAAC5uV4+z+zEiAwDQYJKoZIhvcNAQEEBQAwgbwxCzAJ
BgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQK
EzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIw
IAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0
aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wNDA1MDMyMDMyNDhaFw0wNTA2MTMyMDMyNDha
ME8xCzAJBgNVBAYTAkRFMRkwFwYDVQQDExBLYXJzdGVuIEhlaWRyaWNoMSUwIwYJKoZIhvcN
AQkBFhZrYXJzdGVuQGhlaWRyaWNoLWRhLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDBVUid8oxzWOlOH6GcL3lpqUIJlumwbxJc9aQHWhU+YFUDA4usUpjZJ2KsxEfQFYY2BjJR
gJW/5xEjQ0xBeWTZ6mK+dsMKsnl5aaUhb/YJHLQnKnr8yi6Z4cgjnETnXxaYoWcCUMY8rtg3
8vvj3c1rKbiPfNpq47QgGtJqCmR62QIDAQABo4HIMIHFMAwGA1UdEwEB/wQCMAAwDgYDVR0P
AQH/BAQDAgXgMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2d1
aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIBAwRQFk5odHRwczovL3d3
dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kvRUIzQzAwMDAwMDAyRTZF
NTc4RkIzRkIzMTIyMD8wDQYJKoZIhvcNAQEEBQADgYEAGZ7IQlj6e98FqZKiTPMUNAo46lbC
s3W63MLjbMzfErZsbz6F29IMh+iEd9M9mJ9EEQ1TTCi8b1l41qcnIZSbxv7Ayy+qVIlKrrL0
tfxrnVbmKYOUphV8a+L5HetFtB2y0GB6FtWVPVVa8ltPv24e0dBBAvcYKFPNfDe4p5mMTfQx
ggF3MIIBcwIBATCB0DCBvDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNV
BAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBE
YXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0Ex
KTAnBgkqhkiG9w0BCQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlAg8A6zwAAAAC5uV4
+z+zEiAwCQYFKw4DAhoFADANBgkqhkiG9w0BAQEFAASBgDSe7vfc1/GRrR8BjW3dvRAfsL8q
rriVkMOULOKqkXf1+ycsRUFBsSDZzvGjLCPdm3MrnbQiyInka6sZEnRxklHpHw+QRrHy7pAs
iU4l9bBXnuAVOmXOtP8qRujdaCphQ2m2ZpS1aIYpwocPXG7u5q3QS2GjjjfoC/ILzlep9lav
------------AA9518247FB3D4--
