From: Tom Stowell (jtsdeforest.k12.wi.us)
Date: Thu Oct 27 2005 - 13:26:38 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings,

You say "email is sent over an unencrypted link". I say, why?

I would put forth that phishing is going to be a problem until there is a secure, open, widely deployed standard for source-authentication of email.

S/MIME, for example. Maybe businesses should start signing messages, and teach their customers to not trust ones that don't have the "golden padlock."

Tom

Tom Stowell
Network Administrator
DeForest Area School District
520 E. Holum St.
DeForest, WI 53532
Fax: (608)-842-6545
Voice: (608)-842-6500
Email: <jtsdeforest.k12.wi.us>

console, n. [From latin consolatio(n) "comfort, spiritual solace."] A device for displaying or printing condolances or obituaries for the operator.
            -- Stan Kelly-Bootle, The Computer Contradictionary.

>>> "Damhuis Anton" <DamhuisAaforbes.co.za> 10/27/2005 03:34:45 >>>

Hi

But email is sent over an unencrypted link, thus any body could get hold of the link, and by entering it, get access to the web site's details (the account).

Something should always be kept secret, when sending logon information via email.

So I don't think it is mitigating phishing, but possibly rather a way to track their responses to the email.

Or am I understanding your statement incorrectly?

Regards
  Anton

-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezafbreach.com]
Sent: 27 October 2005 10:15
To: Andrew van der Stock; webappsecsecurityfocus.com
Subject: RE: Smells like a phish, is a fish?

...
provide you with a key in the e-mail, rather than asking for a login
might actually be a way to mitigate phishing.

Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]