[WEB SECURITY] what if phishing went away?

RSnake rsnake at shocking.com
Wed Jul 26 13:51:55 EDT 2006


Ah, sorry, that wasn't clear.  Yes, DoSing is possible, depending on
what their network architecture looks like.  Certain types of floods can
be absorbed (a la TopLayer, MaZu, and the like...).  Certain attacks can
be dealt with by having an architecture that can easily switch
locations.  In the end, that's only a concern assuming the blacklists
work from the server in real-time, rather than polling a list once every
10 minutes or so.

If the server comes under attack that would only affect the user for
future phishing sites, not current ones that are already in their
blacklist.  So yes, that could prove to be a problem if you aren't
talking layered security.  Really, the browser should only be one of at
minimum three different layers.  The others are email, and network
content filters.  They are a ways off, but defense in depth would help
mitigate any single point of failure.

P2P is an interesting idea, but then you'd probably have to go to a less
commercial blacklist. That could work if you take the Cloudmark path,
where users get higher ranked for reporting better phishing sites,
etc...

On Wed, 26 Jul 2006, Brian Eaton wrote:

> On 7/26/06, RSnake <rsnake at shocking.com> wrote:
>> Instead of spamming the list, I wrote my thoughts (reactions to the
>> comments made here) on the blog:
>> 
>> http://ha.ckers.org/blog/20060726/phishing-domainkeys-laundering-oh-my/
>
> Interesting notes on the blog.  One comment on this:
>
>> DoSing the lists wouldn't work, they all go through a vetting process as to 
>> who
>> can actually submit them
>
> DoSing the lists by submitting valid sites isn't a bad idea, but
> wasn't the attack vector I was talking about.  I was actually talking
> about about DoSing the servers responsible for pushing the blacklists
> out to clients.  I haven't played with this stuff at all, but from
> reading descriptions of how the IE 7 phishing filter works it sounds
> like there need to be central servers that are publishing the
> blacklist.  If those servers aren't available, the blacklist can't be
> used.
>
> Blue Security, RIP.
>
> Maybe somebody should build a P2P network for the blacklist distribution?
>
> Regards,
> Brian
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>


-R

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list