FW: Need some help: IDEAS, Inc.
Hannigan, Martin
hannigan at verisign.com
Sun Sep 4 04:40:16 UTC 2005
> > > this is NOT a good solution, since a successful phish attack
> > > in this case
> > > would look exactly like the official red cross web site.
> >
> > How's that one work?
>
> One form of DirectNIC's redirection, which the phisher was
> supposedly using
> (I didn't check myself), uses a <FRAMESET> to hide the
> redirect inside a
> frame, thereby not showing the real address in the browser
> without deeper
> inspection.
Understood. If it's being pointed at redcross.org, a known
good guy site, that wouldn't be a problem, would it? It seems
that if the scammer is removed from the operation, it's not really
a problem anymore.
I'm interested because I think there could be value in a page(s)
on an SP that says "This site terminated due to fraudulent activity"
and pointers to how to not be sucked into these things.
> Personally, I'd prefer registrar lock myself, as that keeps
> the distinction
> between scam and non-scam clear.
Registrar lock is preferred on my part. The redirect idea was
creative.
-M<
More information about the NANOG
mailing list