[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] what if phishing went away?

From: RSnake <rsnake@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] what if phishing went away?
Date: Wed, 26 Jul 2006 10:51:55 -0700 (PDT)


Ah, sorry, that wasn't clear.  Yes, DoSing is possible, depending on
what their network architecture looks like.  Certain types of floods can
be absorbed (a la TopLayer, MaZu, and the like...).  Certain attacks can
be dealt with by having an architecture that can easily switch
locations.  In the end, that's only a concern assuming the blacklists
work from the server in real-time, rather than polling a list once every
10 minutes or so.

If the server comes under attack that would only affect the user for
future phishing sites, not current ones that are already in their
blacklist.  So yes, that could prove to be a problem if you aren't
talking layered security.  Really, the browser should only be one of at
minimum three different layers.  The others are email, and network
content filters.  They are a ways off, but defense in depth would help
mitigate any single point of failure.

P2P is an interesting idea, but then you'd probably have to go to a less
commercial blacklist. That could work if you take the Cloudmark path,
where users get higher ranked for reporting better phishing sites,
etc...

On Wed, 26 Jul 2006, Brian Eaton wrote:

On 7/26/06, RSnake <rsnake@xxxxxxxxxxxx> wrote:

Instead of spamming the list, I wrote my thoughts (reactions to the
comments made here) on the blog:
http://ha.ckers.org/blog/20060726/phishing-domainkeys-laundering-oh-my/


Interesting notes on the blog.  One comment on this:

DoSing the lists wouldn't work, they all go through a vetting process as to who can actually submit them


DoSing the lists by submitting valid sites isn't a bad idea, but
wasn't the attack vector I was talking about.  I was actually talking
about about DoSing the servers responsible for pushing the blacklists
out to clients.  I haven't played with this stuff at all, but from
reading descriptions of how the IE 7 phishing filter works it sounds
like there need to be central servers that are publishing the
blacklist.  If those servers aren't available, the blacklist can't be
used.

Blue Security, RIP.

Maybe somebody should build a P2P network for the blacklist distribution?

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

-R

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] what if phishing went away?
  - From: Brian Eaton

References:
- RE: [WEB SECURITY] what if phishing went away?
  - From: Matt Fisher
- RE: [WEB SECURITY] what if phishing went away?
  - From: Andre Maisonneuve
- RE: [WEB SECURITY] what if phishing went away?
  - From: RSnake
- Re: [WEB SECURITY] what if phishing went away?
  - From: Brian Eaton

Prev by Date: [WEB SECURITY] HttpOnly and Firefox
Next by Date: Re: [WEB SECURITY] what if phishing went away?
Previous by thread: Re: [WEB SECURITY] what if phishing went away?
Next by thread: Re: [WEB SECURITY] what if phishing went away?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site