'[Full-disclosure] n3td3v group slams RSA for encouraging illegal'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] n3td3v group slams RSA for encouraging illegal
From:       n3td3v <n3td3v () gmail ! com>
Date:       2006-03-31 23:53:27
Message-ID: 3a166c090603311553s2df56855pf34bc15bddd4f264 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Round-up:

"But do you remmeber back to the Make love not spam saga? Yeah, the big
players tried to "attack" the bad guys and look were they ended up. You, by
attacking anything, forwhatever reason, with the same method as the
attacker, could land you in jail. While with your attack you may lock up
phishers in coordination with banks, the phishers lawyers could also claim
by law, that the anti-phishing site was also breaking the law by flooding a
database, even if the database is malicious or otherwise legitmate."

"With this in mind, are the RSA say its OK to DDoS fake login pages that the

public think are phishing sites with fake information to take the phishing
sites down? Or maybe the RSA didn't think too far into it before making
their "illegal tactics" public. I guess nobody in the industry learned from
makelovenotspam.com and the whole Lycos affair."

"Well, Chris, it looks to me by the RSA publishing this information that
they
are encouraging anyone with a botnet to send thousands of bogus queries to a

web form, which would crash a mail server or database, which belonged to a
company, that the phishers had previously hacked and the company was
previously unaware was being used in a phishing attempt. So now it seems the

RSA are sending out information about their activities, which could
infulence scriptkids/ hackers etc who own large bot nets to attack anything
they see as a "phish". Although, just by individuals of the public sending a

single query per user to a phish login form, could cause the same affect as
a malicious users bot network."

The above is in response to
http://news.com.com/2100-1029-6056317.html?tag=tb

[Attachment #5 (text/html)]

<div>Round-up:</div>
<div>&nbsp;</div>
<div>&quot;But do you remmeber back to the Make love not spam saga? Yeah, the big <br>players \
tried to &quot;attack&quot; the bad guys and look were they ended up. You, by <br>attacking \
anything, forwhatever reason, with the same method as the  <br>attacker, could land you in \
jail. While with your attack you may lock up <br>phishers in coordination with banks, the \
phishers lawyers could also claim <br>by law, that the anti-phishing site was also breaking the \
law by flooding a  <br>database, even if the database is malicious or otherwise \
legitmate.&quot;</div> <div>&nbsp;</div>
<div>&quot;With this in mind, are the RSA say its OK to DDoS fake login pages that the \
<br>public think are phishing sites with fake information to take the phishing <br>sites down? \
Or maybe the RSA didn't think too far into it before making  <br>their &quot;illegal \
tactics&quot; public. I guess nobody in the industry learned from <br><a \
href="http://makelovenotspam.com">makelovenotspam.com</a> and the whole Lycos \
affair.&quot;</div> <div>&nbsp;</div>
<div>&quot;Well, Chris, it looks to me by the RSA publishing this information that they <br>are \
encouraging anyone with a botnet to send thousands of bogus queries to a <br>web form, which \
would crash a mail server or database, which belonged to a  <br>company, that the phishers had \
previously hacked and the company was <br>previously unaware was being used in a phishing \
attempt. So now it seems the <br>RSA are sending out information about their activities, which \
could  <br>infulence scriptkids/ hackers etc who own large bot nets to attack anything <br>they \
see as a &quot;phish&quot;. Although, just by individuals of the public sending a <br>single \
query per user to a phish login form, could cause the same affect as  <br>a malicious users bot \
network.&quot;</div> <div>&nbsp;</div>
<div>The above is in&nbsp;response to <a \
href="http://news.com.com/2100-1029-6056317.html?tag=tb">http://news.com.com/2100-1029-6056317.html?tag=tb</a></div>
 <div>&nbsp;</div>
<div>&nbsp;</div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic