'Re: [Full-disclosure] Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Re: RSA HAVE CRACKED PHISHING, NO SERIOUSLY
From:       n3td3v <n3td3v () gmail ! com>
Date:       2006-03-31 23:22:22
Message-ID: 3a166c090603311522g76bb83c3xd537560c382c0e04 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Well, Chris, it looks to me by the RSA publishing this information that the=
y
are encouraging anyone with a botnet to send thousands of bogus queries to =
a
web form, which would crash a mail server or database, which belonged to a
company, that the phishers had previously hacked and the company was
previously unaware was being used in a phishing attempt. So now it seems th=
e
RSA are sending out information about their activities, which could
infulence scriptkids/ hackers etc who own large bot nets to attack anything
they see as a "phish". Although, just by individuals of the public sending =
a
single query per user to a phish login form, could cause the same affect as
a malicious users bot network.

On 4/1/06, Chris Umphress <umphress@gmail.com> wrote:
>
> On 3/31/06, n3td3v <n3td3v@gmail.com> wrote:
> > With this in mind, are the RSA say its OK to DDoS fake login pages that
> the
> > public think are phishing sites with fake information to take the
> phishing
> > sites down? Or maybe the RSA didn't think too far into it before making
> > their "illegal tactics" public. I guess nobody in the industry learned
> from
> > makelovenotspam.com and the whole Lycos affair.
> >
> > On 3/31/06, n3td3v <n3td3v@gmail.com> wrote:
> > >
> > > But do you remmeber back to the Make love not spam saga? Yeah, the bi=
g
>
> So.... why repeat yourself 15 minutes later? And personally, I like
> the fate that one spammer in Russia met a few months ago....
>
> --
> Chris Umphress <http://daga.dyndns.org/>
>

[Attachment #5 (text/html)]

Well, Chris, it looks to me by the RSA publishing this information that they are encouraging \
anyone with a botnet to send thousands of bogus queries to a web form, which would crash a mail \
server or database, which belonged to a company, that the phishers had previously hacked and \
the company was previously unaware was being used in a phishing attempt. So now it seems the \
RSA are sending out information about their activities, which could infulence scriptkids/ \
hackers etc who own large bot nets to attack anything they see as a &quot;phish&quot;. \
Although, just by individuals of the public sending a single query per user to a phish login \
form, could cause the same affect as a malicious users bot network. <br><br>
<div><span class="gmail_quote">On 4/1/06, <b class="gmail_sendername">Chris Umphress</b> &lt;<a \
href="mailto:umphress@gmail.com">umphress@gmail.com</a>&gt; wrote:</span> <blockquote \
class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px \
solid">On 3/31/06, n3td3v &lt;<a href="mailto:n3td3v@gmail.com">n3td3v@gmail.com</a>&gt; \
wrote:<br>&gt; With this in mind, are the RSA say its OK to DDoS fake login pages that the \
<br>&gt; public think are phishing sites with fake information to take the phishing<br>&gt; \
sites down? Or maybe the RSA didn't think too far into it before making<br>&gt; their \
&quot;illegal tactics&quot; public. I guess nobody in the industry learned from <br>&gt; <a \
href="http://makelovenotspam.com">makelovenotspam.com</a> and the whole Lycos \
affair.<br>&gt;<br>&gt; On 3/31/06, n3td3v &lt;<a \
href="mailto:n3td3v@gmail.com">n3td3v@gmail.com</a>&gt; wrote:<br>&gt; &gt;<br>&gt; &gt; But do \
you remmeber back to the Make love not spam saga? Yeah, the big <br><br>So.... why repeat \
yourself 15 minutes later? And personally, I like<br>the fate that one spammer in Russia met a \
few months ago....<br><br>--<br>Chris Umphress &lt;<a \
href="http://daga.dyndns.org/">http://daga.dyndns.org/ </a>&gt;<br></blockquote></div><br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic