Bill Goodrich :
Just as al_langevin pointed out, with Windows Server 2008 there is no Services for Macintosh anymore. It's gone, not available....
Replying to an old topic that I'm currently facing with my CEO (who is on a Mac). Our servers are primarily Windows Servers, office is about...
Sure, that makes perfect sense. Pay wrong-doers money and thank them for breaching your security and pointing out your flaws, that would surely...
I think he's referring specifically to Android apps, as Apple do regulate their App Store, but Google seem to let any old crap onto the Android store!
Keep the crap apps out?! How will they compete with Android and Apple's claim to fame of having so many life changing apps?
I wonder if the media...
It has been shown time after time that if there is an author store that sells the songs at even 1$ per song and gives you a high-quality digital...
""As a result of Butyka's alleged conduct, researchers were unable to use the computers for more than two months while NASA removed the malicious...
It simultaneously worries me and uplifts me that a self-proclaimed group of internet activists name themselves after Indian mythical figures....
It's actually far easier to work anonymously on the internet than you think. With tools like Tor bouncing your traffic around the world before...
1000272134 and bluedalmatian
with you both there but then I'm still in 10.04 land (and happy with it)
Interesting article and definitely see your points on the products mentioned. One of the top products for our Help Desk (approximately 20% of all...
Absolutely - this should obviously not be handled my isp - but handled by their hosting operator.
What's been suggested here is that my isp police...
Looks like a great phone. I don't notice any deficiencies in WP7. used IOS before, that's pretty good. I don't spend much time in Apps, all i need...
Now with the help of these apps you are always synced with MS outlook while on the move. Just download apps like xobni or outlookreflex and get...
Your details are wrong. The version currently being made is the one with 2 USB ports, 256MB RAM and a network port. This is the Model B.
The...
The thing that has been puzzling me for quite a while is how Anonymous can remain anonymous whilst not only being active on the Internet but also...
If what Semantec is saying is rue, that is even worse and shows a complete disregard for thier users.
If what Anonymous claims is true and the...
Didn't seem particularly biased to me either. Oh though you might have mentioned some other competitors with free search and email services...
James - exactly as much as anyone paid you for your comment; I don't feel that I need to say that I'm independant and unbiased, but just for you...
Once they realise symantec are willing to pay real money, they will simply keep extorting, unless of course symantec/authorities can use the...
Talkback
Having examined a number of phishing pages, they pretty much all refer to the original page graphics on the genuine bank web site. Presumably therefore, the banks web site will have logs of the referring pages for the graphics files, so therefore the addresses of all the current phishing pages.
Why can they not use this info to get these pages shut down!? I made this suggestion to my own bank a while ago and didn't even get an acknowledgment of the mail, let alone an actual response .. and this was after resending the message and asking for an acknowledgment .. several times.
The fact that they are not doing the log file tracing, or even bothering to be polite to their customers about the subject, means to me that they're not really that bothered about OUR security, as long as THEY don't have to stump up for anything and can keep investing in packages of dodgy US mortgages while claiming 7 digit bonuses.
RSA's apparent claim that Ireland's banks have somehow evaded the scourge of phishing attacks until the last few weeks is demonstrably ill-informed.
Envisional and other Internet intelligence companies have tracked repeated assaults targeting customers of Bank of Ireland, in particular, since early 2005.
These attacks have used the full range of tried and tested approaches, from the "Security Upgrade Notification" and "Your account has been suspended" gambits to a cynical invitation to "Secure your account against fraudsters".
Perhaps the Irish aren't all that lucky, after all.
-- Ian Shircore, Envisional/NetNames
I agree that tracing image leeching (where the phishing sites are linking to images on the real site) would help banks to get some phishing sites closed down. I am not too shocked at the banks lack of response. Unless the message gets to the right people it is likely to be not understood and ignored. They should do better.
This would only be a temporary fix though as the phishing sites will start downloading the images and re-hosting it themselves. However, it would me more work for them and may shut down a lot of sites until they figure out what is going on.
I agree that they can indeed upload the images to the same host as the base page and that this would defeat the measures. It would also make the phishing code load on the host server that much bigger and potentially more noticeable. However, if the banks were to instrument the images on their home pages such that if they are requested by a requester that isn't on their own site, it sends an alarm to the Phishing team. The only people that would know that an alarm had been tripped would be the security folks at the bank. The phishers wouldn't know if they had been sussed by a customer who raised the alarm, or by the bank themselves.
Phishers are not stupid and although there is no way for them to know a bank has started using this technique it wouldn't take them too long to figure it out either by reading posts like this or from seeing how quick their sites are getting shut down.
Just like a trojan writer can't know what an anti-virus/firewall developer will do next to combat them they can see the success rate of their apps and adapt them and work out what they need to change. Phishers will do the same.
Fortunately they are not a threat to the tech savvy as following a few simple rules will help you avoid falling for phishing attacks such as checking for http<strong>s</strong> in the address bar and that the URL is correct etc. I personally never follow a link to a login page from an email if it involves finances. I will type the domain in manually so I am sure I have gone to the correct site.
Phishers target the naive so I agree the banks should be doing more to help those ones - either by educating them about phishing or by actively searching for phishing sites and getting them taken down. It is foolish not to use every tool they can to help this includes working with browser developers so that their anti-phishing methods are followed up by getting the sites closed and not just flagged. And as the previous poster said checking logs to catch image leechers running Phishing sites.
If the bank is too lazy or under resourced to get phishing sites shut down at very least they can take steps to protect images so that cannot be leeched onto anysite like flickr does.
Phishers are not stupid and although there is no way for them to know a bank has started using this technique it wouldn't take them too long to figure it out either by reading posts like this or from seeing how quick their sites are getting shut down.
Just like a trojan writer can't know what an anti-virus/firewall developer will do next to combat them they can see the success rate of their apps and adapt them and work out what they need to change. Phishers will do the same.
Fortunately they are not a threat to the tech savvy as following a few simple rules will help you avoid falling for phishing attacks such as checking for http<strong>s</strong> in the address bar and that the URL is correct etc. I personally never follow a link to a login page from an email if it involves finances. I will type the domain in manually so I am sure I have gone to the correct site.
Phishers target the naive so I agree the banks should be doing more to help those ones - either by educating them about phishing or by actively searching for phishing sites and getting them taken down. It is foolish not to use every tool they can to help this includes working with browser developers so that their anti-phishing methods are followed up by getting the sites closed and not just flagged. And as the previous poster said checking logs to catch image leechers running Phishing sites.
If the bank is too lazy or under resourced to get phishing sites shut down at very least they can take steps to protect images so that cannot be leeched onto anysite like flickr does.
I think banks need to be proactive in tackling phishing and work along side the authorities to try to trace and prosecute phishers. Until there are definite consequences and a real interest from the banks and Authorities it will only continue to flourish.