ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Fwd: [isdf] need help from the ietf list...can someone postthis for me? or allow me to post directly?]

2003-12-25 21:36:09
from [Parry Aftab] [Permanent Link] 
What do you mean about having a site not download?

-----Original Message-----
From: Tom Petch [mailto:nwnetworks(_at_)dial(_dot_)pipex(_dot_)com] 
Sent: Monday, December 22, 2003 1:04 PM
To: Mark Smith
Cc: parry(_at_)aftab(_dot_)com; franck(_at_)sopac(_dot_)org; 
ietf(_at_)ietf(_dot_)org
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
postthis for me? or allow me to post directly?]

Banks do make it extraordinarily easy for their sites to be spoofed by
allowing all their html, .gif etc to appear in my Temporary Internet
Folder
without even me having to lift a finger.

You can make web sites which don't download - time for banks to learn
about
this.

Tom Petch, Consultant

-----Original Message-----
From: Mark Smith 
<ipv6(_at_)c753173126e0bc8b057a22829880cf26(_dot_)nosense(_dot_)org>
To: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu 
<Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>
Cc: parry(_at_)aftab(_dot_)com <parry(_at_)aftab(_dot_)com>; 
franck(_at_)sopac(_dot_)org
<franck(_at_)sopac(_dot_)org>;
ietf(_at_)ietf(_dot_)org <ietf(_at_)ietf(_dot_)org>
Date: 22 December 2003 13:37
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
postthis for me? or allow me to post directly?]



I've heard of one recently where the actual page was from the

legitimate
bank web site, but the dialog box window asking for username and
password
detail was the spoofed component. Everythink, including HTTPS locks,
URLs
etc displayed would have looked, and actually were legitimate.



On Sun, 21 Dec 2003 20:05:02 -0500
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:


On Sun, 21 Dec 2003 18:40:57 EST, Parry Aftab said:

It's a spoof, phished e-mail. No such credit card. I just confirmed

with

the powers that be in PayPal/eBay. The scams are good enough to

confuse

even ietf members. See the problem? How can someone tell this was a
phishing expedition?


Damned good one, they even got their URL into PayPal's FAQ:

https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782

Either this is a whole new level of phishing, or the left hand

doesn't
know

what the right hand is doing.  You tell me.


We need some tech guidance?


Yes, PayPal apparently needs some. guidance in getting their info

pages

to correspond to their policy - see the above URL, see the mail I

quoted,

and then see this URL:

https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=56413

Also might want to have another chat with your powers that be, they
seem to be out of touch with what their company and their business
partners over at Providian are actually doing.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Propose some information retrieval protocols for Internet, wang liang
Next by Date:  RE: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?], Parry Aftab
Previous by Thread:  Re: [Fwd: [isdf] need help from the ietf list...can someone postthis for me? or allow me to post directly?], Tom Petch
Next by Thread:  Re: [Fwd: [isdf] need help from the ietf list...can someone postthis for me? or allow me to post directly?], Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]