[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
From: n3td3v <n3td3v () gmail ! com>
Date: 2006-03-31 18:50:47
Message-ID: 3a166c090603311050y14363caaxa97b8ca556773de4 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
It was back in 2001 when programs were written to rotate proxies... this is
never a problem for a phisher. Do you think a phisher would really carry out
a world-wide phishing attack, without knowing everything behind the issue?
The guys are going to have a large amount of data to harvest, for experts to
think for a spit second that that was ever going to be done manually is just
beyond me. And the figure of 300 within a phishers data pool is just
laughable as well, it goes way higher than that.
On 3/31/06, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
>
> On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:
>
> > Check out this article, and I really did spill my hard earned Starbucks
> > right down my front when I looked at this article:
> >
> http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1
>
> Given that you allegedly posted that particular response, I take it you
> spilled
> your Starbucks in shock that somebody would claim to be you?
>
> The original article is at
> http://news.com.com/2100-1029-6056317.html?tag=tb
>
> In any case, it's clear that the person who posted that response has *no
> idea*
> how most bank's anti-fraud systems work.
>
> First off, the phishers *can't* just run through all the data they've
> gotten
> in just a few seconds, unless they distributed the work across a bunch of
> botnet
> zombies - hits for more than a few dozen different accounts from the same
> IP
> in the same timespan are suspicious at the very least.
>
> Secondly, the phishers can currently usually be sure that the victims have
> given them reasonably good data (unless the victim is a dweeb who can't
> enter
> their DoB or account number correctly). On the other hand, if the phished
> data
> has been polluted by 90% bad data, then only 1 of 10 attempted
> transactions
> will succeed - and the fact that they're trying lots of different bad data
> will
> again hopefully trigger an alert. If you only succeed every 10th time,
> and you
> get locked out after 3 attempts with different bad data, it's going to
> take you
> a lot longer to figure out which ones are good and which ones are bad....
>
>
>
>
>
>
[Attachment #5 (text/html)]
It was back in 2001 when programs were written to rotate proxies... this is never a problem for \
a phisher. Do you think a phisher would really carry out a world-wide phishing attack, without \
knowing everything behind the issue? The guys are going to have a large amount of data to \
harvest, for experts to think for a spit second that that was ever going to be done manually is \
just beyond me. And the figure of 300 within a phishers data pool is just laughable as well, it \
goes way higher than that. <br><br>
<div><span class="gmail_quote">On 3/31/06, <b class="gmail_sendername"><a \
href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a></b> <<a \
href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a>> wrote: </span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; \
BORDER-LEFT: #ccc 1px solid">On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:<br><br>> Check \
out this article, and I really did spill my hard earned Starbucks <br>> right down my front \
when I looked at this article:<br>> <a \
href="http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433& \
;start=3D-1">http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1
</a><br><br>Given that you allegedly posted that particular response, I take it you \
spilled<br>your Starbucks in shock that somebody would claim to be you?<br><br>The original \
article is at <a href="http://news.com.com/2100-1029-6056317.html?tag=tb"> \
http://news.com.com/2100-1029-6056317.html?tag=tb</a><br><br>In any case, it's clear that the \
person who posted that response has *no idea*<br>how most bank's anti-fraud systems \
work.<br><br>First off, the phishers *can't* just run through all the data they've gotten \
<br>in just a few seconds, unless they distributed the work across a bunch of botnet<br>zombies \
- hits for more than a few dozen different accounts from the same IP<br>in the same timespan \
are suspicious at the very least. <br><br>Secondly, the phishers can currently usually be sure \
that the victims have<br>given them reasonably good data (unless the victim is a dweeb who \
can't enter<br>their DoB or account number correctly). On the other hand, if the \
phished data <br>has been polluted by 90% bad data, then only 1 of 10 attempted \
transactions<br>will succeed - and the fact that they're trying lots of different bad data \
will<br>again hopefully trigger an alert. If you only succeed every 10th time, and \
you <br>get locked out after 3 attempts with different bad data, it's going to take you<br>a \
lot longer to figure out which ones are good and which ones are \
bad....<br><br><br><br><br><br></blockquote></div><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic