The phishers are launching sophisticated attacks on less
known (to the
X.509 CAs) financial institutions...
http://blog.washingtonpost.com
/securityfix/2006/02/the_new_face_of_phishing_1.html
...
This one -- targeting the tiny Mountain America credit
union in Salt
Lake City, Utah
...
Geotrust's cert verification process is largely
automated: when
someone requests a cert for a particular site, the
company sends an
e-mail to the address included in the Web site's
registrar records,
along with a special code that the recipient needs to
phone in to
complete the process.
... [Geotrust] doubted that inserting a human into that
process
would have flagged the account as suspicious.
--
/"\ ASCII RIBBON NOTICE: If
received in error,
\ / CAMPAIGN Victor Duchovni please destroy and
notify
X AGAINST IT Security, sender. Sender does not
waive
/ \ HTML MAIL Morgan Stanley confidentiality or
privilege,
and use is prohibited.
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo metzdowd.com
|