Edward B. Dreger wrote:
Ughh. Some "security" products cause more trouble than they
solve. Norton Internet Security is obnoxious enough to "filter
ads" by nuking graphics based on pixel dimensions. (After having
to alter some sites to get around this, we have a much harder
time recommending Symantec products...)
Filtering images based on size is comparable to filtering specific TCP or UDP ports. Both are based on arbitary numbers which have use which suffers from the blocking.
Pete
I disagree - this is a good idea, and it REALLY DO WORKS (have been tested
on hackers, with great success).
Moreover, it is not a problem to catch this fishers/phishers... issue 1,000
special credit cards, send their data to this site, and trace who and how
will use them. Or just intersect traffic and log all cards posted to this
site (and thace them).
Nothing too complicated for any law enforcment agency...
Just watching and saying _ohhm, one more phishing_ is the worst idea - to
fight anything, you must always be active. Active side always win (it is
only a matter of time, how long it takes to win), so if you just looking and
using passive defense, you will be biten (early or later). Hackers and
Phishers do not make any difference vs other fightings.
I received a few messages as well, one with US Bank, which I don't
have an account with, and they both had images attached. The image
was displayed, without any external connection.
As far as fighting abuse with abuse, it's not *always* a bad idea. If
the databases are filled with bad entries, it will be too costly to
sort through valid data. Other people will cease to purchase
information from the phisher because of unreliable data, or less will
be paid. Either way, there will be less money in the particular
method and less of an incentive. It will not stop phishing totally,
but why make it easier? If you've got some extra time to write
something, then go for it.
As far as legal concerns, there is no law against lying to someone
that is trying to steal from you.
-b