Jargons of Info Tech industry
Roedy Green
my_email_is_posted_on_my_website at munged.invalid
Thu Oct 13 01:59:46 EDT 2005
On Thu, 13 Oct 2005 01:32:03 -0400, Mike Meyer <mwm at mired.org> wrote
or quoted :
>That won't prevent phishing, that will just raise the threshhold a
>little. The first hurdle you have to get past is that most mail agents
>want to show a human name, not some random collection of symbols that
>map to a unique address. Even if you do that, most readers aren't
>going to pay attention to said random collection of symbols. Given
>that, there are *lots* of tricks that can be used to disguise the
>signed name, most of which phishers are already using. How many people
>do you think will really notice that mail from "John Bath, PayPal
>Customer Service Representative" (john.barth at paypa1.com) isn't really
>from paypal?
I think it better than you imagine.
First of all Mr. Phish will come in as a new communicant begging an
audience. That is your first big clue. PayPal is already allowed in.
Next if Thawte issues certs, they won't allow Phish names such as
Paypol.com just as now for other certs.
Mr. Phish is coming in on a different account.
Next Mr. Phish had to present his passport etc when he got his Thawte
ID. Now Interpol has a much better handle on putting him in jail.
He can't repudiate his phishing attempt.
--
Canadian Mind Products, Roedy Green.
http://mindprod.com Again taking new Java programming contracts.
More information about the Python-list
mailing list