[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Mitm new?
From:       Nick Owen <nowen () wikidsystems ! com>
Date:       2006-08-18 15:47:51
Message-ID: 44E5E127.6020407 () wikidsystems ! com
[Download RAW message or body]

Jeff Robertson wrote:
> Why are man-in-the-middle phishing sites suddenly talked about as a
> "new" threat, as if there was rocket science involved?
> 
> For instance
> http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs
> _2factor_1.html
> 
> These things are basically proxies, which are as old as the web. Why
> does it surprise anyone to see these combined with phishing? (Then
> again, I still haven't figured out why phishing as we know it didn't
> "take off" circa 1994)
> 
> Jeff Robertson

Perhaps:  new regulation + vendor marketing + need to sell ads + old
attacks = news? :).

I think that the escalating sophistication of attacks is of interest,
even if predictable.  The lack of detail in reporting and discussion of
suitable preventive measures, etc is another story, vis-a-vis about
blogging vs. reporting.

nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]