[cryptography] wont CA hackers CA pin also? and other musings (Re: PKI "fixes" that don't fix PKI (part III))

Richard Clayton richard at highwayman.com
Sat Sep 10 20:39:46 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <CAMm53wQBoiwzgQLNjqZP7+fSaUv_WESFm3QfWEv8hkYdSSDxpw at mail.gma
il.com>, Andy Steingruebl <andy at steingruebl.com> writes
>On Sat, Sep 10, 2011 at 11:46 AM, Ian G <iang at iang.org> wrote:
>>
>>>  2) Phishing using a similar-looking domain name.
>>
>> Yes. That's the big one in this space. Afaik.
>
>I'd be surprised actually.  

It's moderately common at the moment for World of Warcraft attacks (and
for Habbo, but it's hard to tell what's an attack in that space and what
is an unauthorised clone). For everything else it's rather rare...

>Most phishing sites are mass-compromises
>of other websites, or mass-hosting on funky names/addresses, often
>nothing like the site being phished. 

A huge chunk is on "free webspace"

The criminals learnt long ago that no-one can read URLs so provided it
says www.bankname.com somewhere in the URL (to the left of the domain
name, or to the right of the third /) then it works just fine for them

>Look-alike isn't the dominant
>trend these days, 

It hasn't been dominant in the whole period I've been collecting stats
and writing papers about them -- which is coming up to 5 years now

- -- 
Dr Richard Clayton                         <richard.clayton at cl.cam.ac.uk>
                                  tel: 01223 763570, mobile: 07887 794090
                    Computer Laboratory, University of Cambridge, CB3 0FD

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBTmwDUuINNVchEYfiEQL0IACeI9UqWsVsIsqNgbOJ5idD8ZLGbJIAn1qD
yQ8/G9ygMgy8ih1b/OD/rrTB
=b4Lr
-----END PGP SIGNATURE-----



More information about the cryptography mailing list