|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Proposal to anti-phishing
From: Lyal Collins (lyal.collins
key2it.com.au)
Date: Sun Jan 16 2005 - 01:03:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----Original Message-----
From: Rogan Dawes [mailto:discarddawes.za.net]
Sent: Saturday, 15 January 2005 3:05 AM
To: Rafael San Miguel
Cc: webappsecsecurityfocus.com; Enrique.Diezdvc.es
Subject: Re: Proposal to anti-phishing
[snip]
Please take a look at the thread that starts
http://seclists.org/lists/webappsec/2004/Oct-Dec/0291.html
and especially <http://seclists.org/lists/webappsec/2004/Oct-Dec/0347.html>
where I explain why I believe SSL client certificates are really the
only practical solution to preventing phishing.
[snip]
Well, there may be one other good option to stop phishing.
If emails could be positively identified as coming from a customer's bank,
then they could ignore those that don't authenticate as spam/phishing/fraud.
Then if your bank doesn't provide this capability, you may decide to change
to a bank that does provide authenticated, secured email comunications with
its customers.
Ltal
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]