ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?]

2003-12-22 07:57:02
from [frederic . l] [Permanent Link] 
The only solution is to stop distributing this type of information via email.

Microsoft had a similar issue this autumn with a group sending emails as 
"Microsoft Security Bulletin" and Microsoft sent the following note to all MCPs:

"STAY ALERT: MICROSOFT NEVER DISTRIBUTES SOFTWARE VIA E-MAIL


From time to time, malicious individuals circulate e-mail messages that 
purport to be a Microsoft Security Bulletin or patch. These messages might 
contain (or link to) an executable file that contains a virus. Visit TechNet 
and learn to look for clues that e-mail messages are not bona fide security 
bulletins or patches.


http://go.microsoft.com/?linkid=262639";

Frederic
MCP,  IT Project+, i-Net+, CIWA, A+
member of: CompTIA-ITPRO, HDI, IETF
------------------------------------------------------
http://fredsfastcram.netfirms.com
------------------------------------------------------
 
  ----- Original Message ----- 
  From: Parry Aftab 
  To: 'Masataka Ohta' ; 'Franck Martin' 
  Cc: ietf(_at_)ietf(_dot_)org 
  Sent: Sunday, December 21, 2003 11:26 AM
  Subject: RE: [Fwd: [isdf] need help from the ietf list...can someone post 
this for me? or allow me to post directly?]


  What do you suggest short of an absolute guarantee?
  How do I advise consumers to tell the difference between legitimate
  e-mails with embedded links and the phished ones using spoofed sites?
  I am concerned that this could seriously undermine the use of e-mail and
  websites for e-commerce and financial transactions.

  Thanks,
  Parry

  -----Original Message-----
  From: Masataka Ohta 
[mailto:mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp] 
  Sent: Sunday, December 21, 2003 12:06 AM
  To: Franck Martin
  Cc: ietf(_at_)ietf(_dot_)org; parry(_at_)aftab(_dot_)com
  Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
  post this for me? or allow me to post directly?]

  Franck Martin (Parry Aftab);

  > Now IE has a bug that allows them to mask the real site more easily,
  by
  > showing the spoofed site in the navigation bar.
   
  > Do any of the IETF members have suggestions for easy ways of
  confirming
  > that the site you just linked to is really the site you wanted to
  > access?

  As  you know, an easy way is to just believe Microsoft and its
  products.

  If you are asking a way guaranteed to work, answers depend on
  how much guarantee you need.

  It should be noted that nothing gives absolute guarantee.

  It should also be noted that PKIs are not so useful, as their
  typical guarantee is mere "money back guarantee" form CAs.

  Masataka Ohta
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?], Mark Smith
Next by Date:  Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?], shogunx
Previous by Thread:  Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?], Masataka Ohta
Next by Thread:  Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?], shogunx
Indexes:  [Date] [Thread] [Top] [All Lists]