Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Is this a valid solution for Phishing attacks?
Posted by: stuhasic
Date: February 05, 2010 06:41PM

I had an idea last night about preventing phishing logins that is so simple I don't know why it hadn't been thought of before. I wrote a brief article to explain it and I'd appreciate any feedback on the feasibility of it. Maybe it can be blown out of the water in seconds, but maybe it has some merit.

Let me know your thoughts either at the article or here. Thanks.

http://paralleldivergence.com/2010/02/05/stop-phishing-websites-and-users-working-together



Edited 1 time(s). Last edit at 02/05/2010 06:42PM by stuhasic.

Options: ReplyQuote
Re: Is this a valid solution for Phishing attacks?
Posted by: SW
Date: February 05, 2010 08:19PM

You can find a proxy for any country you like.
Option to restrict IP range might work.

Options: ReplyQuote
Re: Is this a valid solution for Phishing attacks?
Posted by: stuhasic
Date: February 05, 2010 09:23PM

Thanks SW. Do you think it's a worthwhile account profile addition and logon restriction that web service providers could/should implement?

Options: ReplyQuote
Re: Is this a valid solution for Phishing attacks?
Posted by: rvdh
Date: February 14, 2010 05:32PM

It's been done. And filtering on country it doesn't work. It only impairs usability, adding no value whatsoever against phishing.

More common is IP restriction which does work. You may allow users to added multiple IP's in their account for example, and restrict on those. I've made a couple of apps that restricts on the IP they signed up with, with a request form if they change provider.

Options: ReplyQuote
Re: Is this a valid solution for Phishing attacks?
Posted by: Gareth Heyes
Date: February 15, 2010 03:16AM

IMO you only need to block "the first click" therefore if we can identify it then most attacks can be prevented including phishing.

http://www.thespanner.co.uk/2010/02/04/the-safety-net/

The idea is that you have a meta tag for sites like facebook <meta name="identify" content="Social Network" /> then any clicks from it are in a sandboxed safety net which is more restrictive based on what identify tag you use. So clicking from a social network doesn't send cookies to the external site or maybe form input isn't allowed, or from a RSS reader identify tag iframes are disabled etc. Blocking the first click allows us to block most attacks without breaking the core functionality of the web.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.