US Banks: Training the next generation of phishing victims

Peter Gutmann pgut001 at
Thu Oct 13 02:32:07 EDT 2005

Sidney Markowitz <sidney at> writes:

>It looks like they are all getting their web sites from the same Hack-In-A-

My original comment on that was "Looks like they got their security
certification from the same cornflakes packet" :-).  An anonymous contributor
sent in the following comment:

-- Snip --

A possible reason that you are seeing similar, in some cases almost the same,
language at those different companies web sites is that they may very well
have outsourced their website design and/or management to the same company.
Which also exmplains the similar approach to security.

Back in the late 1990s when I was consulting, I saw brokerage firms doing the
same thing.  There were companies specializing in providing "online trading"
who basically put together a web site with the brokerage firm's logo on the
front, but the web sites were owned, managed and located at the "online
trading" company.

One such company that I know of was using Bourne-shell (horrors) for their cgi

-- Snip --

> gives me a warning about a certificate that expired
>over a year ago, then when I accept it redirects me to the unsecured

In addition, trying gives you the cert for  For any phishers reading this, looks like and (and their corresponding
certs) are still available...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list