Comments on: טכניקת פישינג חדשה - New phishing technique

By: סשה

סשה — Sat, 05 Apr 2008 14:41:54 +0000

Does web forgery detection work as a browser plugin? Why can’t it warn before or disable submitting forms from local HTML to remote servers? True, the *current* anti-phishing schemes won’t work against it, but the scammers are always 0 or more steps ahead, almost by definition.

By: עמרי

עמרי — Sat, 05 Apr 2008 07:25:35 +0000

You can prevent it if with an AV, but not all users have an AV.
I was referring to web forgery detection, which does not work in this situation.

By: סשה

סשה — Sat, 05 Apr 2008 05:12:08 +0000

Why can’t you prevent the user from opening a local HTML file (by filtering out HTML attachments)? Local HTML files get additional security priveleges (or at least are in a differente “security zone” in IE) and should be treated by any attachment-scanning software as a security risk. There is even no problem to just strip out submittable forms and Javascript from the HTML.