[ml] Fwd: New whitepaper "The Phishing Guide"

Salve a tutti segnalo un .pdf segnalato su bugtraq su social
engineering /furto di identita' et similari che ha scaturito un (imo)
bel thread. Da notare 2 commenti intelligenti seguiti all'annuncio del
pdf:
"Sometimes it's unbelivable how long it takes organizations to discover
that email can be signed.  Especially nowdays when all major mail
readers have support for at least S/MIME (and the really good ones have
support for at least PGP ;-) )." by Aleksandar Milivojevic 
"the real problem isn't technical, it's educational.  Most users
sophisticated enough to download a public key, verify the fingerprint, and
install it on their keyring aren't going to be fooled by phishing attacks
anyway." by Dehner, Benjamin T.

Inutile far notare che il cossidetto "Phishing" non e' altro che una
sottoparte del social engineering o penetration testing a seconda
della finalita' di chi lo utilizza :D

ps: x chi non sapesse cos'e' il phishing questo sito in italiano ne da
una definizione e ne spiega alcune tipologie, anche se x l'italia uno
dei migliori doc sul s.e. ancora attuali (nonostante sia del 2002)
rimane quello di Andrea "Pila" Ghirardini che si trova al vecchio sito
dei blackhats http://www.blackhats.it/it/papers/social_engineering.pdf

Koba sega se non ti sembra interessante/attinente alla lista ^^

Ciauz

-=N0bodY88=-
Spippolatori & Olografix Member
"E' più facile amare una donna che farsi amare da lei. " Proverbio Cinese

---------- Forwarded message ----------
From: Gunter Ollmann (NGS) <gunter@xxxxxxxxxxxxxxx>
Date: Wed, 22 Sep 2004 17:38:29 +0100
Subject: New whitepaper "The Phishing Guide"
To: bugtraq@xxxxxxxxxxxxxxxxx

Hi List,

I'd like to point out that NGS have just released a new whitepaper.  The
whitepaper "The Phishing Guide" can be downloaded from:
http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf

Abstract

Phishing is the new 21st century crime. The global media runs stories on an
almost daily basis covering the latest organisation to have their customers
targeted and how many victims succumbed to the attack. While the Phishers
develop evermore sophisticated attack vectors, businesses flounder to
protect their customers' personal data and look to external experts for
improving email security. Customers too have become wary of "official"
email, and organisations struggle to install confidence in their
communications.
While various governments and industry groups battle their way in preventing
Spam, organisations can in the meantime take a proactive approach in
combating the phishing threat. By understanding the tools and techniques
used by professional criminals, and analysing flaws in their own perimeter
security or applications, organisations can prevent many of the most popular
and successful phishing attack vectors.
This paper covers the technologies and security flaws Phishers exploit to
conduct their attacks, and provides detailed vendor-neutral advice on what
organisations can do to prevent future attacks. Security professionals and
customers can use this comprehensive analysis to arm themselves against the
next phishing scam to reach their in-tray.

The official press release can be found on:
http://www.nextgenss.com/pressrel.htm

Cheers,

Gunter
------------------------------------------------------
G u n t e r   O l l m a n n,            MSc(Hons), BSc
Professional Services Director

Next  Generation  Security  Software  Ltd.
First Floor, 52 Throwley Way  Tel: +44 (0)208 401 0070
Sutton, Surrey, SM1 4BF, UK   Fax: +44 (0)208 401 0076
http://www.nextgenss.com
------------------------------------------------------