[Dshield] Improvements in Phishing takedown needed

Gadi Evron ge at linuxbox.org
Sat Dec 15 18:31:34 GMT 2007 

On Sat, 15 Dec 2007, John Mulkerin wrote:
> My FI (and my members) has just gone through the ringer with another
> bout of Phishing. Over 50 different web sites were used to collect the
> information.  We of course, take them down as quickly as we know them.
> From what I can see, we have good processes and companies in place to
> take down the collection web sites collecting the compromised
> information but we ignore the sites generating the phish.  In our most
> recent attack, of the 50 or so different phish emails, they primarily
> came from 3 email servers all within the USA, yet I could not get one of
> the ISPs to do anything for days and in 1 case two weeks.  Law
> enforcement was no help.
>
> If we are serious about phishing we need to do more.   We need to
> develop better Phish black lists and processes to take down phish
> generators.   We need to get ISPs to cooperate and take down BOTH phish
> generators and collection sites much more quickly than they do now.
>
> Am I missing something or am I just naive?

In today's world Internet security means three things:
1. How much of a target are you?
2. How weel you cooperate with others?
3. Who did you drink beer with?

The Internet is not safe, doing business on the Internet means taking that 
into account, for financial institutions that also means not competing on 
security, calculating your risk assessment based on what happens to 
others as well and not educating clients to trust email by sending it.

There are many things that can be done, but for now, I'd 
suggest the best thing you can do is finding the right people who can 
help YOU rather than the Internet, and buy them beer.
Internet security groups vetting is difficult, but can be side-stepped 
very easily when beer is put into the equation. (half joking)

If you care about future improvements on this to the net itself, fel free 
to drop me a note off-list identifying yourself. :)

 	Gadi.


> John
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans.  http://www.sans.org/info/15826
>

More information about the list mailing list