[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] How would SPF or Sender ID stopped this attack

To: asrg at ietf.org
Subject: Re: [Asrg] How would SPF or Sender ID stopped this attack
From: Seth Breidbart <sethb at panix.com>
Date: Fri, 30 Jul 2004 19:40:26 -0400 (EDT)
In-reply-to: <16650.54734.139542.144312@world.std.com> (message from Barry Shein on Fri, 30 Jul 2004 19:12:14 -0400)
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <019001c47682$bbaed600$3201a8c0@rasta> <7DF9D69B5FC4BB449AEFA3B1CCF7BF3525FFA0@exchange.rdcim.com> <16650.54734.139542.144312@world.std.com>
Sender: asrg-bounces at ietf.org

Barry Shein <bzs at world.std.com> wrote:

> I'd imagine the best that can be done against phishing would be
> something done at the website like you enter a unique username, not
> an acct or anything very interesting to a stranger, and the BANK
> (e.g.)  should come back with a piece of information set up
> previously. So I type in bzs in preparation to actually logging in
> and the website should respond with "HADDOCK" and then I proceed, if
> not, I'm suspicious.

What stops the phisher from passing your input to the bank and its
output back to you (that is, the classis man-in-the-middle attack)?

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] How would SPF or Sender ID stopped this attack
  - From: Barry Shein

References:
- Re: [Asrg] Re: Anti-spam laws do work, FYI. There's proof.
  - From: David Wall
- [Asrg] How would SPF or Sender ID stopped this attack
  - From: Bill McInnis
- Re: [Asrg] How would SPF or Sender ID stopped this attack
  - From: Barry Shein

Prev by Date: RE: [Asrg] How would SPF or Sender ID stopped this attack
Next by Date: Re: [Asrg] Re: Anti-spam laws do work, FYI. There's proof.
Previous by thread: [Asrg] Re: How would SPF or Sender ID stopped this attack
Next by thread: Re: [Asrg] How would SPF or Sender ID stopped this attack
Index(es):
- Date
- Thread