X.509 Phishing license
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Tue Feb 14 00:29:59 EST 2006
The phishers are launching sophisticated attacks on less known (to the
X.509 CAs) financial institutions...
http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html
...
This one -- targeting the tiny Mountain America credit union in Salt
Lake City, Utah
...
Geotrust's cert verification process is largely automated: when
someone requests a cert for a particular site, the company sends an
e-mail to the address included in the Web site's registrar records,
along with a special code that the recipient needs to phone in to
complete the process.
... [Geotrust] doubted that inserting a human into that process
would have flagged the account as suspicious.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list